last executing test programs: 35.244500629s ago: executing program 1 (id=497): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BSSID={0xa}]}, 0x28}}, 0x0) 35.041249365s ago: executing program 1 (id=501): semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000580)=""/4096) 34.920271275s ago: executing program 1 (id=502): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x10b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a, 0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000680)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@binder={0x73622a85, 0x1000, 0x1}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000040)={0x0, 0x18, 0x30}}}], 0x50, 0x0, &(0x7f0000000740)="9ae68e78ebb36e6b71d7e2c83feab4f9c2376fcbb8c706d15408b474ac86dc6a052faf0a7245d2f4eb352c96f5e94759c41adfce315aed2ab34a303b828578dd9b727248fbf7ff8271257f749ced6c1f"}) 34.838501982s ago: executing program 1 (id=504): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000000)='./file0/../file0\x00', 0x1) 34.696038093s ago: executing program 1 (id=506): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x20) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xfd, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 34.383516838s ago: executing program 1 (id=511): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e4"], 0xcfa4) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="17000000"], 0x50) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)=':', 0x1, 0x4c880, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 34.048822516s ago: executing program 32 (id=511): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e4"], 0xcfa4) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="17000000"], 0x50) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)=':', 0x1, 0x4c880, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 8.380870745s ago: executing program 4 (id=673): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xea100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000001c0)={0x1, 0x0, [{0x40000004, 0x0, 0x5, 0x7, 0xff}]}) 8.091311258s ago: executing program 4 (id=675): syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@mb_optimize_scan}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x4}}]}, 0x1, 0x50f, &(0x7f0000000140)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0hQWt1km8bVT1AOUCQqgSokeQtiHxRlHsOIqd0oQ9pGeuSFTiBEf+AG5IPSFx5ILgxqUckPgRgRokDoNmPMk6WbuJNokdxZ+PNJr35s36+32bnffWL4lfACPrdkTsR8RERLwbEbP59UJ+xFudI73vk4NHK4cHj1YKkSTv/LOQtafXouvPpG7lr1mOiO9/O+JHhSfjtnb3Npbr9dp2Xp9vN7bmW7t799Yby2u1tdpmtbq0uLTwxv3Xq5fW15caE3npix//Yf9rP0nTmsmvdPfjMnW6XjqOkxqPiO9eRbAhGMv7MzHsRHgqxYh4PiJezp7/2RjLvpoAwE2WJLORzHbXAYCbrpitgRWKlXwtYCaKxUqls4b3QkwX681W++7D5s7mametbC5KxYfr9dpCvlY4F6VCWl/Myo/r1VP1+xHxXET8bHIqq1dWmvXVYf7HBwBG2K1T8/9/JjvzPwBww5WHnQAAMHDmfwAYPeZ/ABg95n8AGD2d+X9q2GkAAAPk/T8AjB7zPwCMlO+9/XZ6JIf551+vvre7s9F8795qrbVRaeysVFaa21uVtWZzLfvMnsZZr1dvNrcWX4ud9+e+vtVqz7d29x40mjub7QfZ53o/qJWyu/YH0DMAoJ/nXvroz4V0Rn5zKjuiay+H0lAzA65acdgJAEMzNuwEgKGx2xeMrgu8x7c8ADdEjy16j/3+W0lS7vULQkmSJFebFnCF7nzO+j+Mqq71fz8FDCPG+j+MLuv/MLqSpHDePf/jvDcCANebNX6gz/f/n8/Pv86/OfDD1dN3fHiVWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD1drT/byXfC3wmisVKJeKZiJiLUuHher22EBHPRsSfJkuTaX1xyDkDABdV/Fsh3//rzuyrMyeaXrx1XJyIiB//4p2fv7/cbm//MWKi8K/Jo+vtD/Pr1cFnDwCc7Wiezs5db+Q/OXi0cnQMMp+/fzMiyp34hwcTcXgcfzzGs3M5ShEx/e9CXu8odK1dXMT+BxHx2V79L8RMtgbS2fn0dPw09jMDjV88Eb+YtXXO6d/FZy4hFxg1H6Xjz1u9nr9i3M7OvZ//cjZCXVw+/qUvtXKYjYGP4x+Nf2N9xr/b543x2u++0ylNPdn2QcTnxyOOYh92jT9H8Qt94r96+sX6DIh/+cKLL/fLLfllxJ3oHb871ny7sTXf2t27t95YXqut1Tar1aXFpYU37r9enc/WqOf7zwb/ePPus/3a0v5P94lfPqP/X+4b8aRf/e/dH3zpU+J/9ZVe8YvxwqfET+fEr5wz/vL0b8r92tL4q336f9bX/+4543/8170ntg0HAIantbu3sVyv17b7Fn47ffY9CgoDKaT/ZK9BGj0L3xhUrIno3fTTVzrP9KmmJHmqWCfHicfvHC9j1Q24Do4f+oj477CTAQAAAAAAAAAAAAAAehrEbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcXP8PAAD//9140jY=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) read$alg(r4, &(0x7f0000000000)=""/35, 0x23) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8000c61) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) 6.889935445s ago: executing program 4 (id=679): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40) ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448f0, &(0x7f00000000c0)="dcd60f1f9f62da1df4d9") r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.018956075s ago: executing program 4 (id=687): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000210005022bbd7000fcdbcf240500"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x24000010) 4.892251766s ago: executing program 4 (id=689): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000440)={@val={0x8, 0xf8}, @val={0x1, 0x0, 0x6, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x3a, 0x16, 0x66, 0x0, 0xb, 0x2, 0x0, @private=0xa010101, @broadcast}, "3297"}}, 0x24) 4.654450695s ago: executing program 5 (id=692): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket(0x200000000000011, 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(0xffffffffffffffff, 0xc0405668, &(0x7f00000003c0)={0xa, 0x100, 0x0, {0x80000004, 0x1, 0x2, 0x7}}) socket$packet(0x11, 0x3, 0x300) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f00000000c0)=0x2f5, 0x4) socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$kcm(0x10, 0x2, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, 0x0) r1 = syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000040)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a", 0x23}], 0x1}, 0x4) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073797a3100000000080041007369770014003300626f6e6430"], 0x38}, 0x1, 0x0, 0x0, 0x8801}, 0x20000000) 4.264279896s ago: executing program 4 (id=693): openat$binderfs(0xffffffffffffff9c, 0x0, 0x1002, 0x0) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_clone(0x52022180, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) 4.199833322s ago: executing program 3 (id=694): ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmstat\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000004180)='/proc/vmstat\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') read$eventfd(r2, &(0x7f0000000080), 0x8) 4.09439902s ago: executing program 3 (id=696): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x30a) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 4.066758702s ago: executing program 2 (id=697): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50) r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000300)={0x0, 0x0, 0x80000}) close(r0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) close_range(r1, 0xffffffffffffffff, 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x13) dup(0xffffffffffffffff) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) mount$binderfs(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=0000000']) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0xbe7, 0x8, 0x5, 0x9, 0x2, 0x3, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0x400, 0x2, 0x4, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x7e, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x0, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0x1, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x0, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1fe, 0x1, 0x7fff, 0x3, 0x1cb, 0x1, 0x4, 0x6, 0x38, 0x2, 0x9, 0x95, 0x8000, 0x5, 0x1, 0x300004, 0x1000, 0xfffff801, 0xd8], [0x2, 0x1, 0x4ffff, 0x6, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x2, 0x2, 0x400, 0x8001, 0xffffff80, 0x7, 0xa, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x803, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x7, 0x45, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x4, 0x10000, 0x20000001, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0xfff, 0x2007c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0xa5, 0x7, 0x400004, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x5, 0x103, 0x80000004, 0x7777, 0x1001, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaf1, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x3, 0x8001, 0x7fff, 0xffd, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r7 = dup(r6) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) 3.97621811s ago: executing program 0 (id=698): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108) r2 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0xfe, @remote}}}, 0x108) r3 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40800}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) r4 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0xec, r4, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_BEARER={0x5c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x4, @loopback}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, '\x00', 0x20}}}}}]}, @TIPC_NLA_LINK={0x34, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x44014}, 0x818) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.72583561s ago: executing program 5 (id=699): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS2(r1, 0x4068aea3, &(0x7f00000000c0)={0xd5, 0x0, 0x7c}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000080)="0f01390ff2f63e0fa10f01c966b80a00000066ba000000000f300f79d80f232d0f01c966b9024d564b0f32350280660f38dfec", 0x33}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.159919365s ago: executing program 0 (id=700): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000480)={0x4, 0x5, 0x5}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000004, 0x12, 0xffffffffffffffff, 0xa0e52000) 3.152693506s ago: executing program 2 (id=701): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000380)='\f', 0x1, 0xcd4e8ec47367e7d3, &(0x7f0000000000)={0xa, 0x4e21, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x100}, 0x1c) mount$bpf(0x0, 0x0, 0x0, 0x400408, &(0x7f0000000cc0)=ANY=[@ANYBLOB='ui']) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000005c000000000000000f00e035200000000f22e0"], 0x5c}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="010000e9ffff4f000000000000000f080f0866ba2100b0db000000ef450f22c2"], 0x296}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000480)={0x0, 0x0, @pic={0x2, 0x7, 0x0, 0x5, 0x7f, 0x2, 0xf3, 0x3, 0x3, 0x8, 0x8, 0x9, 0x12, 0x0, 0xde, 0xff}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.089444961s ago: executing program 5 (id=702): mount$binderfs(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=000000000000000']) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x80000004, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x3, 0x5, 0x2, 0x9, 0x4, 0x5, 0x0, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1001c, 0x6, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x5, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x2, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1af6, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x6, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff6, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000fc0)=ANY=[], 0x44}], 0x1, 0x0, 0x0, 0x10004800}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x16, 0xf3, 0x0, 0x7fffffffffffe, 0xe07e, 0x8, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 2.951943722s ago: executing program 0 (id=703): mkdir(&(0x7f0000000000)='./file0\x00', 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) chdir(&(0x7f0000000100)='./file0\x00') read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 2.865985729s ago: executing program 2 (id=704): openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x101400, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.73419159s ago: executing program 0 (id=705): r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 2.559852014s ago: executing program 2 (id=706): munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0xf132, 0xffffffffffffffff, 0x0) 2.466093382s ago: executing program 2 (id=707): openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x404000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) writev(r1, &(0x7f0000000840)=[{0x0}], 0x1) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prctl$PR_SET_KEEPCAPS(0x59616d61, 0x1ffffffffffffff) madvise(&(0x7f000018a000/0x2000)=nil, 0x2000, 0x12) close(r0) 2.168262776s ago: executing program 3 (id=708): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bind$802154_raw(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000240)=@gcm_256={{0x304}, "1615211d18d9f717", "0350dac0552469771defd9a0ca6315217926732467253bd90b23d43cb6b07b2a", "fddec243", "b329d7ef622e5a21"}, 0x38) r3 = openat$cgroup_ro(r1, &(0x7f0000000440)='cpu.stat\x00', 0x275a, 0x0) sendfile(r2, r3, 0x0, 0xe74e) close_range(r0, 0xffffffffffffffff, 0x0) 1.923916265s ago: executing program 3 (id=709): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffd}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg(r0, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000240)=""/121, 0x79}], 0x1}, 0x6}], 0x1, 0x40003020, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 1.809792024s ago: executing program 5 (id=710): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000080)="470f23fc6541fc48b8e7320000000000000f23d80f21f80f23e1f8f30f1edd0f2221c74c24022063800000002c24f30f556797c483fd005b02ea6426470f01cf65666466430f3833af00580000", 0x4d}], 0x1, 0x3e, 0x0, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) r4 = syz_open_dev$hiddev(0x0, 0x0, 0x0) ioctl$HIDIOCGUSAGE(r4, 0xc018480b, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4) 1.148040278s ago: executing program 5 (id=711): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)) 1.057997625s ago: executing program 2 (id=712): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50) r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000300)={0x0, 0x0, 0x80000}) close(r0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) close_range(r1, 0xffffffffffffffff, 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x13) dup(0xffffffffffffffff) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) mount$binderfs(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=0000000']) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0xbe7, 0x8, 0x5, 0x9, 0x2, 0x3, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0x400, 0x2, 0x4, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x7e, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x0, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0x1, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x0, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1fe, 0x1, 0x7fff, 0x3, 0x1cb, 0x1, 0x4, 0x6, 0x38, 0x2, 0x9, 0x95, 0x8000, 0x5, 0x1, 0x300004, 0x1000, 0xfffff801, 0xd8], [0x2, 0x1, 0x4ffff, 0x6, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x2, 0x2, 0x400, 0x8001, 0xffffff80, 0x7, 0xa, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x803, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x7, 0x45, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x4, 0x10000, 0x20000001, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0xfff, 0x2007c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0xa5, 0x7, 0x400004, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x5, 0x103, 0x80000004, 0x7777, 0x1001, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaf1, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x3, 0x8001, 0x7fff, 0xffd, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r7 = dup(r6) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) 823.510824ms ago: executing program 3 (id=713): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x800, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)={0x14, 0x1b, 0x9, 0x2, 0x21dfdbff, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x24000810}, 0x4810) openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f000014f000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0x14, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 687.969285ms ago: executing program 5 (id=714): syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@mb_optimize_scan}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x4}}]}, 0x1, 0x50f, &(0x7f0000000140)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0hQWt1km8bVT1AOUCQqgSokeQtiHxRlHsOIqd0oQ9pGeuSFTiBEf+AG5IPSFx5ILgxqUckPgRgRokDoNmPMk6WbuJNokdxZ+PNJr35s36+32bnffWL4lfACPrdkTsR8RERLwbEbP59UJ+xFudI73vk4NHK4cHj1YKkSTv/LOQtafXouvPpG7lr1mOiO9/O+JHhSfjtnb3Npbr9dp2Xp9vN7bmW7t799Yby2u1tdpmtbq0uLTwxv3Xq5fW15caE3npix//Yf9rP0nTmsmvdPfjMnW6XjqOkxqPiO9eRbAhGMv7MzHsRHgqxYh4PiJezp7/2RjLvpoAwE2WJLORzHbXAYCbrpitgRWKlXwtYCaKxUqls4b3QkwX681W++7D5s7mametbC5KxYfr9dpCvlY4F6VCWl/Myo/r1VP1+xHxXET8bHIqq1dWmvXVYf7HBwBG2K1T8/9/JjvzPwBww5WHnQAAMHDmfwAYPeZ/ABg95n8AGD2d+X9q2GkAAAPk/T8AjB7zPwCMlO+9/XZ6JIf551+vvre7s9F8795qrbVRaeysVFaa21uVtWZzLfvMnsZZr1dvNrcWX4ud9+e+vtVqz7d29x40mjub7QfZ53o/qJWyu/YH0DMAoJ/nXvroz4V0Rn5zKjuiay+H0lAzA65acdgJAEMzNuwEgKGx2xeMrgu8x7c8ADdEjy16j/3+W0lS7vULQkmSJFebFnCF7nzO+j+Mqq71fz8FDCPG+j+MLuv/MLqSpHDePf/jvDcCANebNX6gz/f/n8/Pv86/OfDD1dN3fHiVWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD1drT/byXfC3wmisVKJeKZiJiLUuHher22EBHPRsSfJkuTaX1xyDkDABdV/Fsh3//rzuyrMyeaXrx1XJyIiB//4p2fv7/cbm//MWKi8K/Jo+vtD/Pr1cFnDwCc7Wiezs5db+Q/OXi0cnQMMp+/fzMiyp34hwcTcXgcfzzGs3M5ShEx/e9CXu8odK1dXMT+BxHx2V79L8RMtgbS2fn0dPw09jMDjV88Eb+YtXXO6d/FZy4hFxg1H6Xjz1u9nr9i3M7OvZ//cjZCXVw+/qUvtXKYjYGP4x+Nf2N9xr/b543x2u++0ylNPdn2QcTnxyOOYh92jT9H8Qt94r96+sX6DIh/+cKLL/fLLfllxJ3oHb871ny7sTXf2t27t95YXqut1Tar1aXFpYU37r9enc/WqOf7zwb/ePPus/3a0v5P94lfPqP/X+4b8aRf/e/dH3zpU+J/9ZVe8YvxwqfET+fEr5wz/vL0b8r92tL4q336f9bX/+4543/8170ntg0HAIantbu3sVyv17b7Fn47ffY9CgoDKaT/ZK9BGj0L3xhUrIno3fTTVzrP9KmmJHmqWCfHicfvHC9j1Q24Do4f+oj477CTAQAAAAAAAAAAAAAAehrEbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcXP8PAAD//9140jY=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) read$alg(r4, 0x0, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8000c61) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) 542.012306ms ago: executing program 0 (id=715): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f0000000b00)={'syz1\x00', {0xf8, 0x100, 0x8, 0x3}, 0x20, [0x8000003, 0x4, 0x80, 0x143b4048, 0x5, 0x7, 0xa, 0x3000000, 0xea1, 0x0, 0x589f, 0x1000, 0x1e, 0x81, 0x0, 0xffffff80, 0x1, 0x2, 0x1000, 0x3, 0x40000000, 0xfffffff9, 0x2, 0xc, 0x3, 0x394d, 0x9, 0x0, 0x5, 0x53987b9e, 0xc, 0x0, 0x0, 0x2, 0x0, 0x3, 0x8, 0xffffce2d, 0x2, 0x8, 0x5, 0x1004, 0x1, 0x81, 0xfffffff8, 0x4, 0x40, 0x7ff, 0x7c2c0bf, 0x5, 0x5, 0x3, 0x8001, 0x1, 0xc2000000, 0xa560, 0xfffff801, 0x8, 0xd809, 0x395, 0x9, 0x8, 0x1, 0x5], [0x76, 0x100, 0x1, 0x7, 0x0, 0x8e8, 0x5, 0xe, 0xfffffffe, 0x4, 0xb16, 0x2, 0x9061, 0x8, 0x8, 0x5, 0xb3f, 0x3, 0x7, 0x4c, 0xff, 0x4557, 0x1, 0x8, 0x7, 0x5d01, 0x5, 0x3, 0x7, 0x4, 0x5, 0x9115, 0x3, 0x7, 0xda0f, 0xac, 0x9, 0xc, 0x2, 0x400, 0x4, 0x2, 0x3, 0x8, 0xd, 0x8e6, 0x1, 0x7, 0x200, 0xd4a, 0x10, 0x8, 0xf1c, 0x8, 0x27, 0x6, 0x9, 0x5, 0x6, 0x8, 0x0, 0x1, 0x7f, 0x5], [0x1, 0x2, 0x9, 0x872d, 0xfffffffb, 0x75cb, 0x4b, 0x1000, 0x3, 0x1, 0x0, 0x4, 0x9, 0x3a7d, 0x3, 0x1000, 0x2, 0x7, 0x0, 0xfff, 0x22, 0x6, 0x7, 0x432c, 0x20000, 0xd, 0x3, 0x1020, 0x4, 0x2, 0x9, 0x100, 0x1, 0x5, 0x8001, 0x4, 0x1, 0x7f, 0xffff2840, 0x1e0000, 0x8000, 0x80000001, 0x5, 0x3, 0x3, 0x9, 0x4, 0x7, 0x7, 0x0, 0x1, 0x2, 0xd4b, 0x2a, 0x3, 0x9, 0x9, 0x22f, 0x7, 0x80, 0x400, 0x2, 0x3, 0x5], [0xef, 0x8000000, 0xfffffffe, 0x8001, 0x4da1, 0x4, 0x1000, 0x200, 0x7, 0x80, 0x8, 0x6, 0x3, 0x80000001, 0x4, 0x0, 0x10c5, 0x324, 0x0, 0x3, 0xcf, 0x8, 0x9, 0x3, 0x40009b33, 0x1, 0x4, 0x3b, 0x2, 0x37fe, 0xff6f, 0x9, 0x0, 0xc, 0x0, 0x3, 0x8, 0x3, 0x7ffffeff, 0x2, 0xff, 0x74, 0x8, 0xc3f, 0x6, 0x7, 0x9, 0x7ff, 0x7, 0x5, 0x4, 0x5, 0xdc, 0x8, 0x7ff, 0x6, 0xdbe3bca, 0x9, 0x8000, 0x93e7, 0xad7, 0x2, 0x3, 0x1ff]}, 0x45c) socket$inet6(0xa, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000680)={'syz1\x00', {0x3ff, 0x5, 0x0, 0x4}, 0x20, [0x8, 0x8, 0x7, 0x8e, 0x1e69, 0x3, 0x3, 0x10, 0x7f, 0x7d, 0xa, 0xffffffff, 0x7, 0x81, 0x4, 0xc, 0x9, 0x8, 0x9, 0x401, 0x3, 0x80, 0x10, 0x10000, 0x4ab, 0x200, 0x80bb, 0x3, 0x6, 0xfffffffb, 0x1002, 0x3, 0x6, 0x5, 0x20000007, 0x34, 0x7, 0x2, 0x3d4e23a4, 0x9, 0x5, 0x8, 0x9, 0x0, 0x73060f7a, 0xffffffff, 0x494f5a75, 0x2, 0x100, 0x93fc, 0x9, 0xa, 0xb, 0x7ff7ffff, 0x8, 0x2, 0x1000001, 0x20000000, 0x1, 0x2, 0x1, 0x2, 0x4, 0x8001], [0x433, 0xe, 0xfffffffe, 0x659, 0xffffffff, 0x6, 0x401, 0x5, 0x101, 0x3, 0x8, 0x8, 0x6, 0x4a9, 0x6, 0x10000, 0x7f, 0x2, 0x99d0, 0x404, 0x200, 0x1, 0xa2e, 0x9, 0xffff95a0, 0x3, 0x4, 0x4, 0x0, 0xcb6, 0x6, 0x9, 0x9, 0x9, 0x7, 0x0, 0x4, 0x29800000, 0x6, 0xa, 0x23, 0xe756, 0xffff934e, 0x6, 0xc, 0x2d, 0x7, 0x45, 0x80, 0x4, 0x80, 0xa4c, 0xffffff0e, 0x1, 0x1000, 0xff, 0x67ac, 0x171680f8, 0x3, 0x6, 0x754b, 0x9, 0xffffffff, 0x5], [0x7a9, 0xfffffffe, 0x7fffffff, 0x2430, 0x220, 0x9, 0x7, 0xc0d, 0x5, 0x2b, 0xfff, 0x2, 0x7, 0x42b2, 0x7, 0x5, 0x4c, 0x7, 0x5, 0x101, 0x6, 0x4, 0x1, 0x101, 0x9, 0x1, 0x7f, 0x1, 0x3, 0xd0, 0x0, 0xfffffffa, 0x9, 0x8, 0x100, 0x6, 0x7, 0x1004, 0x5, 0x9, 0x8001, 0x4, 0x0, 0x8, 0x3fd, 0x8, 0x80000001, 0xe29, 0x6, 0x7, 0x7fff, 0xe0000004, 0x101, 0x3, 0x5, 0x6d4, 0xb, 0x9, 0x7, 0x9, 0xc, 0xc, 0x9, 0x4000000c], [0xfffff001, 0xc3c7, 0x3ff, 0x2, 0x2, 0x4, 0x6, 0x2, 0x5, 0x8, 0x3ff, 0x7, 0x5, 0xfffffff8, 0xe65, 0xe25, 0xffffb705, 0x8, 0x5db45c26, 0x80, 0xa14, 0x1, 0x80, 0xfbf, 0xf, 0x5, 0x4, 0x2, 0x3e5fc7b7, 0x20000002, 0x780, 0xc, 0x8, 0x9, 0x8, 0x101, 0x2, 0x7, 0x2, 0xa328, 0x7ff, 0x0, 0x8, 0x8000, 0x80000001, 0xffffffff, 0x0, 0x4, 0x2, 0x70e8, 0x1, 0x3, 0x7, 0x2, 0x207, 0x3, 0x104, 0x0, 0x10000700, 0x2, 0x80, 0xf, 0xa]}, 0x45c) 491.347061ms ago: executing program 3 (id=716): syz_io_uring_setup(0x906, &(0x7f0000000f40)={0x0, 0xc8ea, 0x0, 0x3, 0x1a8}, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f00007be000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, 0x0}], 0x1, 0x2c, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000000)={0x0, 0x0, &(0x7f00007cf000/0x2000)=nil}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0) 0s ago: executing program 0 (id=717): r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write(r3, &(0x7f0000000680)='N', 0x1) splice(r3, &(0x7f0000000040), r2, 0x0, 0x800000000ff, 0x0) kernel console output (not intermixed with test programs): k becomes ready [ 76.400752][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.415394][ T4183] device veth1_vlan entered promiscuous mode [ 76.428529][ T4184] device veth0_vlan entered promiscuous mode [ 76.446716][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.455499][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.464986][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.472834][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.482986][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.492499][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.500764][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.509794][ T4185] device veth1_vlan entered promiscuous mode [ 76.536182][ T4184] device veth1_vlan entered promiscuous mode [ 76.545209][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.555099][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.565793][ T4182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.581116][ T4181] device veth0_macvtap entered promiscuous mode [ 76.600053][ T4183] device veth0_macvtap entered promiscuous mode [ 76.615520][ T4181] device veth1_macvtap entered promiscuous mode [ 76.650255][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.660756][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.669843][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.681205][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.699337][ T4185] device veth0_macvtap entered promiscuous mode [ 76.713549][ T4183] device veth1_macvtap entered promiscuous mode [ 76.731621][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.740347][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.755587][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.768061][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.780832][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.822948][ T4185] device veth1_macvtap entered promiscuous mode [ 76.847246][ T4184] device veth0_macvtap entered promiscuous mode [ 76.864965][ T4181] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.884373][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.896782][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.910503][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.919664][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.929926][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.939389][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.948959][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.958330][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.968416][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.978147][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.987485][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.006718][ T4181] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.020077][ T4181] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.035718][ T4181] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.045372][ T4181] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.054850][ T4181] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.067725][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.078063][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.088810][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.099674][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.112276][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.124138][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.136591][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.147090][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.163687][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.176384][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.184849][ T4250] Bluetooth: hci1: command 0x040f tx timeout [ 77.191631][ T4250] Bluetooth: hci3: command 0x040f tx timeout [ 77.192756][ T4184] device veth1_macvtap entered promiscuous mode [ 77.197819][ T4250] Bluetooth: hci0: command 0x040f tx timeout [ 77.210953][ T4250] Bluetooth: hci4: command 0x040f tx timeout [ 77.239252][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.247694][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.258822][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.269697][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.279061][ T4250] Bluetooth: hci2: command 0x040f tx timeout [ 77.280119][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.296817][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.308004][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.319018][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.330142][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.343824][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.354223][ T4183] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.364102][ T4183] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.373416][ T4183] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.382522][ T4183] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.408001][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.417227][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.439525][ T4185] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.449457][ T4185] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.459362][ T4185] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.468683][ T4185] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.487752][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.498972][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.509476][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.521768][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.532282][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.543417][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.556092][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.565622][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 77.576123][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.587141][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.596440][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.629652][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.640983][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.651747][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.663138][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.674838][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.686702][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.698761][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.711326][ T4184] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.720465][ T4184] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.729243][ T4184] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.738472][ T4184] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.771657][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.780685][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.810396][ T4182] device veth0_vlan entered promiscuous mode [ 77.850071][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.859285][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.868413][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.876809][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.917683][ T4182] device veth1_vlan entered promiscuous mode [ 77.990978][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.016910][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.050215][ T4182] device veth0_macvtap entered promiscuous mode [ 78.058607][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.069510][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.073084][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.084780][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.085699][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.102543][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.110738][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.120303][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.129475][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.155816][ T4182] device veth1_macvtap entered promiscuous mode [ 78.163485][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.172517][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.208815][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.220303][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.235235][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.246192][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.256606][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.268059][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.278536][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.289166][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.300786][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.309060][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 78.317381][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.326891][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.336518][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.348451][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.370097][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.384442][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.393623][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.405403][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.418327][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.429097][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.440084][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.450137][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.461561][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.473220][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.501644][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 78.510464][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.520145][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.534648][ T4269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.544609][ T4182] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.554238][ T4182] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.557275][ T4269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.567199][ T4182] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.580143][ T4182] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.599879][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 78.641571][ T4269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.649917][ T4269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.677624][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 78.762761][ T4269] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.775293][ T4269] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.797230][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.809534][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.812535][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.834179][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 78.871362][ T4269] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.879600][ T4269] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.957763][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.003914][ T4269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.053645][ T4269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.154312][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.212416][ T4302] loop1: detected capacity change from 0 to 8192 [ 79.264824][ T4250] Bluetooth: hci4: command 0x0419 tx timeout [ 79.271335][ T4250] Bluetooth: hci0: command 0x0419 tx timeout [ 79.331403][ T4250] Bluetooth: hci3: command 0x0419 tx timeout [ 79.336906][ T4302] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 79.365057][ T4250] Bluetooth: hci1: command 0x0419 tx timeout [ 79.395308][ T4250] Bluetooth: hci2: command 0x0419 tx timeout [ 79.432109][ T4314] loop3: detected capacity change from 0 to 16 [ 79.496740][ T4314] erofs: (device loop3): mounted with root inode @ nid 36. [ 79.594941][ T4321] loop0: detected capacity change from 0 to 512 [ 79.605913][ T4320] loop2: detected capacity change from 0 to 1024 [ 79.688623][ T4323] loop4: detected capacity change from 0 to 2048 [ 79.816897][ T4320] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 79.843656][ T4321] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,nobarrier,noload,,errors=continue. Quota mode: writeback. [ 79.853440][ T4329] netlink: 'syz.3.13': attribute type 13 has an invalid length. [ 79.866181][ T4323] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 79.867499][ T4329] netlink: 'syz.3.13': attribute type 17 has an invalid length. [ 79.897689][ T4321] ext4 filesystem being mounted at /2/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 79.920914][ T4323] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.935468][ T4333] loop1: detected capacity change from 0 to 164 [ 79.992777][ T4323] fs-verity: sha512 using implementation "sha512-avx2" [ 80.037399][ T4321] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.10: bg 0: block 145: padding at end of block bitmap is not set [ 80.083973][ T4333] Unable to read rock-ridge attributes [ 80.161299][ T4321] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 80.213273][ T4323] syz.4.12 (4323) used greatest stack depth: 21032 bytes left [ 80.322821][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 80.497199][ T4329] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 80.546123][ T4343] loop2: detected capacity change from 0 to 7 [ 80.559555][ T4345] loop0: detected capacity change from 0 to 128 [ 80.581428][ T4343] Dev loop2: unable to read RDB block 7 [ 80.594959][ T4339] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode 802.3ad(4) [ 80.620023][ T4347] loop4: detected capacity change from 0 to 512 [ 80.630647][ T4343] loop2: unable to read partition table [ 80.666420][ T4343] loop2: partition table beyond EOD, truncated [ 80.691846][ T4343] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 80.742652][ T4347] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 80.754808][ T4347] System zones: 1-12 [ 80.760840][ T4347] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.18: Directory hole found for htree index block 0 [ 80.814947][ T4347] EXT4-fs (loop4): Remounting filesystem read-only [ 80.840227][ T4353] loop3: detected capacity change from 0 to 128 [ 80.845883][ T4347] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117 [ 80.942345][ T4347] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.18: Directory hole found for htree index block 0 [ 80.964408][ T4353] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 80.977228][ T4347] EXT4-fs (loop4): Remounting filesystem read-only [ 80.987503][ T4347] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 80.999927][ T4347] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=Jdebug,jqfmt=vfsold,noquota,bsdgroups,usrjquota="nojournal_checksum,errors=remount-ro,,. Quota mode: writeback. [ 81.027967][ T4353] ext4 filesystem being mounted at /3/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 81.048076][ T4359] loop2: detected capacity change from 0 to 7 [ 81.060655][ T4347] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.18: Directory hole found for htree index block 0 [ 81.079181][ T4308] Dev loop2: unable to read RDB block 7 [ 81.085923][ T4308] loop2: unable to read partition table [ 81.095442][ T4308] loop2: partition table beyond EOD, truncated [ 81.110842][ T4359] Dev loop2: unable to read RDB block 7 [ 81.118763][ T4359] loop2: unable to read partition table [ 81.126958][ T4347] EXT4-fs (loop4): Remounting filesystem read-only [ 81.136456][ T4359] loop2: partition table beyond EOD, truncated [ 81.143840][ T4362] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.18: Directory hole found for htree index block 0 [ 81.162156][ T4353] fscrypt (loop3, inode 12): Unsupported encryption flags (0x83) [ 81.175769][ T4359] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 81.196740][ T4362] EXT4-fs (loop4): Remounting filesystem read-only [ 81.265430][ T4364] loop0: detected capacity change from 0 to 128 [ 81.418762][ T26] audit: type=1804 audit(1756488816.771:2): pid=4364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.24" name="/newroot/5/bus/bus" dev="loop0" ino=1048592 res=1 errno=0 [ 81.534083][ T26] audit: type=1804 audit(1756488816.891:3): pid=4374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.24" name="/newroot/5/bus/bus" dev="loop0" ino=1048592 res=1 errno=0 [ 81.752233][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 81.892464][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 81.993627][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 82.003729][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 82.301425][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #108!!! [ 82.311546][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 82.321082][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 82.330151][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 82.339231][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 82.348291][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 82.665278][ T144] attempt to access beyond end of device [ 82.665278][ T144] loop0: rw=1, want=1041, limit=128 [ 82.719898][ T4389] device syzkaller0 entered promiscuous mode [ 82.745918][ T4387] loop2: detected capacity change from 0 to 1024 [ 82.808754][ T4387] EXT4-fs (loop2): Ignoring removed bh option [ 82.898953][ T4387] EXT4-fs (loop2): mounted filesystem without journal. Opts: nojournal_checksum,nombcache,barrier,norecovery,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,usrquota,noauto_da_alloc,bh,init_itable,,errors=continue. Quota mode: writeback. [ 82.967405][ T4392] netlink: 'syz.0.33': attribute type 1 has an invalid length. [ 82.994905][ T4395] device ip6erspan0 entered promiscuous mode [ 83.104650][ T4373] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 84.077856][ T26] audit: type=1800 audit(1756488819.431:4): pid=4410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.38" name="/" dev="fuse" ino=1 res=0 errno=0 [ 84.449307][ T4431] capability: warning: `syz.1.42' uses deprecated v2 capabilities in a way that may be insecure [ 84.986391][ T4430] loop3: detected capacity change from 0 to 1024 [ 85.150833][ T4430] ======================================================= [ 85.150833][ T4430] WARNING: The mand mount option has been deprecated and [ 85.150833][ T4430] and is ignored by this kernel. Remove the mand [ 85.150833][ T4430] option from the mount to silence this warning. [ 85.150833][ T4430] ======================================================= [ 85.411384][ T4430] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 85.422466][ T4430] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.477543][ T4430] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 85.497025][ T4430] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 28 [ 85.515029][ T4430] EXT4-fs (loop3): This should not happen!! Data will be lost [ 85.515029][ T4430] [ 85.618105][ T4430] EXT4-fs (loop3): Total free blocks count 0 [ 85.637719][ T4430] EXT4-fs (loop3): Free/Dirty block details [ 85.638911][ T4449] loop1: detected capacity change from 0 to 764 [ 85.702821][ T4430] EXT4-fs (loop3): free_blocks=4293918720 [ 85.717589][ T4430] EXT4-fs (loop3): dirty_blocks=16 [ 85.757779][ T4449] Symlink component flag not implemented [ 85.770189][ T4430] EXT4-fs (loop3): Block reservation details [ 85.777088][ T4430] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 85.792366][ T4449] Symlink component flag not implemented (7) [ 86.715432][ T4463] syz.1.53 sent an empty control message without MSG_MORE. [ 87.089857][ T26] audit: type=1326 audit(1756488822.441:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 87.998482][ T13] cfg80211: failed to load regulatory.db [ 89.315654][ T4477] loop4: detected capacity change from 0 to 512 [ 89.387656][ T26] audit: type=1326 audit(1756488822.481:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 89.620840][ T4477] EXT4-fs (loop4): Ignoring removed nobh option [ 89.713510][ T4477] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 89.797853][ T26] audit: type=1326 audit(1756488822.481:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 90.049554][ T4477] EXT4-fs: failed to create workqueue [ 90.153355][ T4477] EXT4-fs (loop4): mount failed [ 90.227980][ T26] audit: type=1326 audit(1756488822.481:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 90.494831][ T4485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.59'. [ 92.178976][ T26] audit: type=1326 audit(1756488822.481:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 92.202174][ T26] audit: type=1326 audit(1756488822.481:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 92.270393][ T4492] loop0: detected capacity change from 0 to 512 [ 92.283017][ T26] audit: type=1326 audit(1756488822.481:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 92.307715][ T26] audit: type=1326 audit(1756488822.481:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 92.332721][ T26] audit: type=1326 audit(1756488822.491:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 92.376682][ T26] audit: type=1326 audit(1756488822.491:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 92.430806][ T26] audit: type=1326 audit(1756488822.491:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 92.452953][ T4492] EXT4-fs (loop0): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 92.453077][ T4492] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.488841][ T26] audit: type=1326 audit(1756488822.491:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 92.511245][ T26] audit: type=1326 audit(1756488822.491:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 92.535720][ T26] audit: type=1326 audit(1756488822.491:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4473 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 93.424168][ T4518] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 94.104019][ T4521] kvm: pic: non byte read [ 94.522339][ T4521] kvm: pic: non byte read [ 96.328063][ T4542] fuse: Bad value for 'fd' [ 96.532665][ T4549] loop1: detected capacity change from 0 to 764 [ 97.136955][ T4549] rock: directory entry would overflow storage [ 97.283467][ T4549] rock: sig=0x4654, size=5, remaining=4 [ 97.295858][ T4549] isofs: Unable to find the ".." directory for NFS. [ 98.912928][ T4575] loop3: detected capacity change from 0 to 16 [ 99.290676][ T4582] loop1: detected capacity change from 0 to 512 [ 99.368517][ T4586] fuse: Bad value for 'fd' [ 99.419702][ T4588] loop3: detected capacity change from 0 to 2048 [ 99.488272][ T4582] EXT4-fs (loop1): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 99.539630][ T4582] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.602735][ T3560] loop3: p4 < > [ 99.645592][ T4588] loop3: p4 < > [ 100.519773][ T3560] loop3: p4 < > [ 100.568845][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 100.776073][ T4609] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 100.811018][ T4609] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 101.898822][ T4634] fuse: Bad value for 'fd' [ 102.177824][ T4639] loop3: detected capacity change from 0 to 1024 [ 102.493344][ T4639] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 102.830843][ T4337] udevd[4337]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 102.896397][ T4639] EXT4-fs (loop3): mounted filesystem without journal. Opts: mblk_io_submit,min_batch_time=0x0000000000000001,usrjquota=,,errors=continue. Quota mode: none. [ 103.113876][ T4652] loop0: detected capacity change from 0 to 128 [ 103.206942][ T4337] udevd[4337]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 103.270700][ T4652] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 103.371250][ T4652] ext4 filesystem being mounted at /22/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 103.456452][ T4337] udevd[4337]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 103.927671][ T4652] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #2: comm syz.0.112: No space for directory leaf checksum. Please run e2fsck -D. [ 104.221532][ T4652] EXT4-fs error (device loop0): __ext4_find_entry:1696: inode #2: comm syz.0.112: checksumming directory block 0 [ 104.308965][ T4677] fuse: Bad value for 'fd' [ 104.371452][ T4652] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #2: comm syz.0.112: No space for directory leaf checksum. Please run e2fsck -D. [ 104.442207][ T4652] EXT4-fs error (device loop0): __ext4_find_entry:1696: inode #2: comm syz.0.112: checksumming directory block 0 [ 104.491550][ T4680] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #2: comm syz.0.112: No space for directory leaf checksum. Please run e2fsck -D. [ 104.540823][ T4680] EXT4-fs error (device loop0): __ext4_find_entry:1696: inode #2: comm syz.0.112: checksumming directory block 0 [ 104.580231][ T4688] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #2: comm syz.0.112: No space for directory leaf checksum. Please run e2fsck -D. [ 104.803043][ T26] kauditd_printk_skb: 84 callbacks suppressed [ 104.803063][ T26] audit: type=1326 audit(1756488840.161:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4683 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc7a691be9 code=0x7ffc0000 [ 105.992964][ T4688] EXT4-fs error (device loop0): __ext4_find_entry:1696: inode #2: comm syz.0.112: checksumming directory block 0 [ 106.020616][ T4692] netlink: 28 bytes leftover after parsing attributes in process `syz.1.122'. [ 106.270773][ T4680] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #2: comm syz.0.112: No space for directory leaf checksum. Please run e2fsck -D. [ 106.453177][ T26] audit: type=1326 audit(1756488840.191:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4683 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc7a691be9 code=0x7ffc0000 [ 106.589472][ T4680] EXT4-fs error (device loop0): __ext4_find_entry:1696: inode #2: comm syz.0.112: checksumming directory block 0 [ 106.602142][ T26] audit: type=1326 audit(1756488841.341:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4683 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdc7a691be9 code=0x7ffc0000 [ 106.624770][ T26] audit: type=1326 audit(1756488841.341:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4683 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc7a691be9 code=0x7ffc0000 [ 106.648114][ T26] audit: type=1326 audit(1756488841.341:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4683 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fdc7a691be9 code=0x7ffc0000 [ 106.672996][ T4652] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #2: comm syz.0.112: No space for directory leaf checksum. Please run e2fsck -D. [ 106.763458][ T4688] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:406: inode #2: comm syz.0.112: No space for directory leaf checksum. Please run e2fsck -D. [ 106.832029][ T4688] EXT4-fs error (device loop0): __ext4_find_entry:1696: inode #2: comm syz.0.112: checksumming directory block 0 [ 106.854801][ T26] audit: type=1326 audit(1756488841.341:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4683 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc7a691be9 code=0x7ffc0000 [ 106.924485][ T4713] loop4: detected capacity change from 0 to 128 [ 106.932524][ T4652] EXT4-fs error (device loop0): __ext4_find_entry:1696: inode #2: comm syz.0.112: checksumming directory block 0 [ 106.948701][ T26] audit: type=1326 audit(1756488841.341:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4683 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc7a691be9 code=0x7ffc0000 [ 107.067792][ T4713] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 107.080079][ T26] audit: type=1326 audit(1756488841.341:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4683 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fdc7a691be9 code=0x7ffc0000 [ 107.106074][ T26] audit: type=1326 audit(1756488841.341:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4683 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc7a691be9 code=0x7ffc0000 [ 107.128954][ T26] audit: type=1326 audit(1756488841.341:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4683 comm="syz.1.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc7a691be9 code=0x7ffc0000 [ 107.152546][ T4713] ext4 filesystem being mounted at /23/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 107.170037][ T4724] fuse: Bad value for 'fd' [ 107.303965][ T4729] overlayfs: upper fs does not support file handles, falling back to index=off. [ 107.324060][ T4713] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.130: Invalid inode table block 998769480383777802 in block_group 0 [ 107.391294][ T4732] netlink: 8 bytes leftover after parsing attributes in process `syz.0.135'. [ 107.406562][ T4726] kvm: emulating exchange as write [ 107.454571][ T4713] EXT4-fs warning (device loop4): ext4_group_add:1701: Error opening resize inode [ 108.394462][ T13] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 108.651199][ T13] usb 5-1: Using ep0 maxpacket: 32 [ 108.932250][ T13] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 108.952501][ T13] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.035115][ T13] usb 5-1: Product: syz [ 109.036271][ T4765] fuse: Bad value for 'fd' [ 109.039390][ T13] usb 5-1: Manufacturer: syz [ 109.055039][ T13] usb 5-1: SerialNumber: syz [ 109.205171][ T13] usb 5-1: config 0 descriptor?? [ 109.537038][ T4749] Zero length message leads to an empty skb [ 109.557395][ T13] usb 5-1: USB disconnect, device number 2 [ 110.401348][ T23] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 110.621471][ T23] usb 4-1: device descriptor read/64, error -71 [ 110.911339][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 111.131432][ T23] usb 4-1: device descriptor read/64, error -71 [ 111.262430][ T23] usb usb4-port1: attempt power cycle [ 111.441495][ T4792] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 111.449056][ T4792] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 111.482658][ T4792] vhci_hcd vhci_hcd.0: Device attached [ 111.508307][ T4795] loop4: detected capacity change from 0 to 4096 [ 111.519884][ T4799] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 111.550519][ T4800] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(10) [ 111.557197][ T4800] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 111.599037][ T4800] vhci_hcd vhci_hcd.0: Device attached [ 111.608851][ T4792] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(13) [ 111.615788][ T4792] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 111.671259][ T2301] vhci_hcd: vhci_device speed not set [ 111.677885][ T4792] vhci_hcd vhci_hcd.0: Device attached [ 111.701589][ T23] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 111.715284][ T4792] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 111.741334][ T2301] usb 33-1: new full-speed USB device number 2 using vhci_hcd [ 111.754754][ T4799] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(15) [ 111.761421][ T4799] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 111.768039][ T4810] process 'syz.2.161' launched '/dev/fd/3' with NULL argv: empty string added [ 111.781121][ T4800] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 111.801658][ T23] usb 4-1: device descriptor read/8, error -71 [ 111.814087][ T4799] vhci_hcd vhci_hcd.0: Device attached [ 111.867352][ T4806] vhci_hcd: connection closed [ 111.870510][ T4226] vhci_hcd: stop threads [ 111.890951][ T4801] vhci_hcd: connection closed [ 111.891446][ T4796] vhci_hcd: connection reset by peer [ 111.906088][ T4811] vhci_hcd: connection closed [ 111.915041][ T4226] vhci_hcd: release socket [ 111.936052][ T4226] vhci_hcd: disconnect device [ 111.947091][ T4226] vhci_hcd: stop threads [ 111.955765][ T4226] vhci_hcd: release socket [ 111.960336][ T4226] vhci_hcd: disconnect device [ 111.967918][ T4226] vhci_hcd: stop threads [ 111.976032][ T4226] vhci_hcd: release socket [ 111.980834][ T4226] vhci_hcd: disconnect device [ 111.988871][ T4226] vhci_hcd: stop threads [ 112.033691][ T4226] vhci_hcd: release socket [ 112.051112][ T4226] vhci_hcd: disconnect device [ 112.071202][ T23] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 112.104149][ T4822] loop1: detected capacity change from 0 to 2048 [ 112.161510][ T23] usb 4-1: device descriptor read/8, error -71 [ 112.213345][ T4822] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 112.281711][ T23] usb usb4-port1: unable to enumerate USB device [ 112.441791][ T21] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 113.011126][ T21] usb 3-1: Using ep0 maxpacket: 32 [ 115.880348][ T4840] sched: RT throttling activated [ 116.261344][ T21] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 116.291206][ T21] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.330576][ T21] usb 3-1: Product: syz [ 116.394289][ T21] usb 3-1: config 0 descriptor?? [ 116.431585][ T21] usb 3-1: can't set config #0, error -71 [ 116.445331][ T21] usb 3-1: USB disconnect, device number 2 [ 116.569651][ T4857] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 116.589422][ T4857] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 116.816369][ T4872] loop4: detected capacity change from 0 to 512 [ 116.861237][ T2301] vhci_hcd: vhci_device speed not set [ 116.897015][ T4874] MPTCP: kernel_bind error, err=-22 [ 116.945969][ T4872] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 116.985857][ T4872] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 117.022457][ T4872] EXT4-fs (loop4): 1 truncate cleaned up [ 117.028797][ T4872] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,discard,journal_ioprio=0x0000000000000003,errors=remount-ro,lazytime,minixdf,noquota,usrjquota=,. Quota mode: none. [ 117.077140][ T4872] EXT4-fs error (device loop4): ext4_get_verity_descriptor_location:299: inode #15: comm syz.4.182: verity file has no extents [ 117.123065][ T4877] ODEBUG: Out of memory. ODEBUG disabled [ 117.127004][ T4882] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 256: padding at end of block bitmap is not set [ 117.147151][ T4872] EXT4-fs (loop4): Remounting filesystem read-only [ 117.171474][ T4872] fs-verity (loop4, inode 15): Error -117 getting verity descriptor size [ 117.499406][ T4882] EXT4-fs (loop4): Remounting filesystem read-only [ 122.065611][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 122.065648][ T26] audit: type=1326 audit(1756488857.421:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 122.132220][ T4971] netlink: 28 bytes leftover after parsing attributes in process `syz.4.215'. [ 122.334603][ T26] audit: type=1326 audit(1756488857.451:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 122.357972][ T26] audit: type=1326 audit(1756488857.461:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 122.380809][ T26] audit: type=1326 audit(1756488857.461:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 122.412508][ T26] audit: type=1326 audit(1756488857.461:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 122.439448][ T26] audit: type=1326 audit(1756488857.461:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 122.468867][ T26] audit: type=1326 audit(1756488857.461:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 122.620281][ T26] audit: type=1326 audit(1756488857.461:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 122.644055][ T26] audit: type=1326 audit(1756488857.461:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 122.673059][ T26] audit: type=1326 audit(1756488857.461:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 125.775408][ T5018] netlink: 28 bytes leftover after parsing attributes in process `syz.4.232'. [ 128.644498][ T26] kauditd_printk_skb: 52 callbacks suppressed [ 128.644549][ T26] audit: type=1326 audit(1756488864.001:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5053 comm="syz.0.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 128.692331][ T5058] netlink: 28 bytes leftover after parsing attributes in process `syz.0.247'. [ 130.051606][ T26] audit: type=1326 audit(1756488864.031:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5053 comm="syz.0.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 130.074124][ T26] audit: type=1326 audit(1756488864.031:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5053 comm="syz.0.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 130.096585][ T26] audit: type=1326 audit(1756488864.031:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5053 comm="syz.0.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 130.119217][ T26] audit: type=1326 audit(1756488864.031:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5053 comm="syz.0.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 130.145876][ T26] audit: type=1326 audit(1756488864.031:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5053 comm="syz.0.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 130.168934][ T26] audit: type=1326 audit(1756488864.031:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5053 comm="syz.0.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 130.192642][ T26] audit: type=1326 audit(1756488864.031:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5053 comm="syz.0.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 130.216332][ T26] audit: type=1326 audit(1756488864.041:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5053 comm="syz.0.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 130.264390][ T26] audit: type=1326 audit(1756488864.041:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5053 comm="syz.0.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 133.183971][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.190811][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 136.584224][ T5162] input: syz0 as /devices/virtual/input/input5 [ 137.165807][ T26] kauditd_printk_skb: 28 callbacks suppressed [ 137.165858][ T26] audit: type=1326 audit(1756488872.521:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5178 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93cd634be9 code=0x7ffc0000 [ 137.225530][ T5186] netlink: 28 bytes leftover after parsing attributes in process `syz.3.293'. [ 137.297786][ T5185] overlayfs: unrecognized mount option "ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ" or missing value [ 137.479071][ T26] audit: type=1326 audit(1756488872.551:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5178 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f93cd634be9 code=0x7ffc0000 [ 137.842897][ T26] audit: type=1326 audit(1756488872.561:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5178 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93cd634be9 code=0x7ffc0000 [ 137.892549][ T26] audit: type=1326 audit(1756488872.561:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5178 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f93cd634be9 code=0x7ffc0000 [ 138.541803][ T26] audit: type=1326 audit(1756488872.561:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5178 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93cd634be9 code=0x7ffc0000 [ 138.600067][ T26] audit: type=1326 audit(1756488872.561:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5178 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f93cd634be9 code=0x7ffc0000 [ 138.664566][ T26] audit: type=1326 audit(1756488872.561:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5178 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93cd634be9 code=0x7ffc0000 [ 138.877627][ T26] audit: type=1326 audit(1756488872.561:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5178 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f93cd634be9 code=0x7ffc0000 [ 138.977439][ T26] audit: type=1326 audit(1756488872.561:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5178 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93cd634be9 code=0x7ffc0000 [ 139.056735][ T26] audit: type=1326 audit(1756488872.561:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5178 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f93cd634be9 code=0x7ffc0000 [ 139.382205][ T5180] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.391139][ T5180] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.891311][ T4297] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 140.120533][ T5222] binder: 5221:5222 ioctl c0306201 200000000680 returned -14 [ 140.141250][ T4297] usb 4-1: Using ep0 maxpacket: 8 [ 140.261338][ T4297] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 140.269829][ T4297] usb 4-1: config 0 has no interface number 0 [ 140.290919][ T4297] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 140.302514][ T4297] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 140.313937][ T4297] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 140.327946][ T4297] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 140.337753][ T4297] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.350198][ T4297] usb 4-1: config 0 descriptor?? [ 140.403117][ T4297] ldusb 4-1:0.55: Interrupt in endpoint not found [ 140.613242][ T21] usb 4-1: USB disconnect, device number 6 [ 140.865490][ T5180] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.955802][ T5180] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.319035][ T5254] comedi comedi0: no devices specified [ 141.738853][ T5180] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.748754][ T5180] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.759626][ T5180] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.768692][ T5180] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.992592][ T5180] syz.1.289 (5180) used greatest stack depth: 20320 bytes left [ 142.564939][ T5296] loop4: detected capacity change from 0 to 512 [ 142.675960][ T5296] EXT4-fs (loop4): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 142.721400][ T5296] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.540276][ T5313] input: syz1 as /devices/virtual/input/input6 [ 143.739816][ T5318] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode 802.3ad(4) [ 143.852821][ T5320] netlink: 'syz.2.333': attribute type 13 has an invalid length. [ 143.882870][ T5320] netlink: 'syz.2.333': attribute type 17 has an invalid length. [ 143.932611][ T5324] loop3: detected capacity change from 0 to 128 [ 144.032383][ T5320] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 144.057138][ T5320] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 144.415177][ T5334] loop2: detected capacity change from 0 to 128 [ 144.573263][ T5334] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 144.608504][ T5334] ext4 filesystem being mounted at /69/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 144.826582][ T5334] fscrypt (loop2, inode 12): Unsupported encryption flags (0x83) [ 145.499268][ T5354] loop3: detected capacity change from 0 to 512 [ 145.583844][ T5356] loop4: detected capacity change from 0 to 128 [ 145.675846][ T5354] EXT4-fs (loop3): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 145.778572][ T5354] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.451646][ T5365] loop0: detected capacity change from 0 to 2048 [ 146.603091][ T5365] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 146.680729][ T5365] ext4 filesystem being mounted at /63/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.872154][ T13] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 146.889307][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 146.889325][ T26] audit: type=1326 audit(1756488882.241:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5378 comm="syz.1.355" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdc7a691be9 code=0x0 [ 147.279213][ T13] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.315877][ T13] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.346692][ T13] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 147.381109][ T13] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 147.435628][ T13] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.499227][ T13] usb 5-1: config 0 descriptor?? [ 147.881626][ T5389] 8021q: adding VLAN 0 to HW filter on device bond1 [ 147.955329][ T26] audit: type=1326 audit(1756488883.311:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 147.997194][ T5389] team0: Port device bond1 added [ 148.015627][ T5398] netlink: 28 bytes leftover after parsing attributes in process `syz.0.362'. [ 148.038107][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.209591][ T26] audit: type=1326 audit(1756488883.331:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 148.591771][ T26] audit: type=1326 audit(1756488883.341:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 148.781079][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.789367][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.797281][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.804938][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.816084][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.823798][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.831505][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.839297][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.847035][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.854682][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.863311][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.870935][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.878726][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.887777][ T13] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 148.896878][ T13] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 148.935304][ T13] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 148.942956][ T26] audit: type=1326 audit(1756488883.341:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 149.067174][ T13] usb 5-1: USB disconnect, device number 3 [ 149.067928][ T26] audit: type=1326 audit(1756488883.341:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 149.100891][ T5410] loop2: detected capacity change from 0 to 1024 [ 149.205177][ T26] audit: type=1326 audit(1756488883.341:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 149.299312][ T5410] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 149.359665][ T26] audit: type=1326 audit(1756488883.341:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 149.401325][ T5410] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 149.420596][ T5411] fido_id[5411]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 149.520240][ T26] audit: type=1326 audit(1756488883.341:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 149.571452][ T5410] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 149.651103][ T26] audit: type=1326 audit(1756488883.341:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.0.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 149.684511][ T5410] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 28 [ 149.692288][ T5429] loop3: detected capacity change from 0 to 512 [ 149.758716][ T5410] EXT4-fs (loop2): This should not happen!! Data will be lost [ 149.758716][ T5410] [ 149.865361][ T5410] EXT4-fs (loop2): Total free blocks count 0 [ 149.975611][ T5410] EXT4-fs (loop2): Free/Dirty block details [ 150.281453][ T5410] EXT4-fs (loop2): free_blocks=4293918720 [ 150.287827][ T5410] EXT4-fs (loop2): dirty_blocks=16 [ 150.304249][ T5429] EXT4-fs (loop3): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 150.481478][ T5429] ext4 filesystem being mounted at /77/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.492410][ T5410] EXT4-fs (loop2): Block reservation details [ 150.498535][ T5410] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 151.003765][ T5446] netlink: 28 bytes leftover after parsing attributes in process `syz.1.376'. [ 151.891764][ T26] kauditd_printk_skb: 84 callbacks suppressed [ 151.891779][ T26] audit: type=1326 audit(1756488887.251:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5449 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 151.921005][ T5454] netlink: 28 bytes leftover after parsing attributes in process `syz.4.377'. [ 153.365967][ T26] audit: type=1326 audit(1756488887.291:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5449 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 153.393736][ T26] audit: type=1326 audit(1756488887.291:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5449 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 153.417096][ T26] audit: type=1326 audit(1756488887.291:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5449 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3232e55c23 code=0x7ffc0000 [ 153.442067][ T26] audit: type=1326 audit(1756488887.291:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5449 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3232e55c23 code=0x7ffc0000 [ 153.465331][ T26] audit: type=1326 audit(1756488887.291:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5449 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 153.490686][ T26] audit: type=1326 audit(1756488887.301:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5449 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 153.568926][ T26] audit: type=1326 audit(1756488887.301:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5449 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 153.632247][ T26] audit: type=1326 audit(1756488887.301:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5449 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 153.662812][ T26] audit: type=1326 audit(1756488887.301:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5449 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 153.717281][ T5460] 8021q: adding VLAN 0 to HW filter on device bond1 [ 153.762727][ T5460] team0: Port device bond1 added [ 153.972712][ T5482] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 154.142337][ T5489] netlink: 28 bytes leftover after parsing attributes in process `syz.2.390'. [ 155.734502][ T5500] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 155.868276][ T5498] netlink: 28 bytes leftover after parsing attributes in process `syz.2.393'. [ 156.626470][ T5511] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 156.671241][ T5511] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 157.798650][ T5523] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 157.810762][ T5523] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 157.837701][ T5523] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.864845][ T5523] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.924827][ T5523] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 158.012002][ T5535] netlink: 'syz.4.407': attribute type 10 has an invalid length. [ 158.046147][ T5535] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 158.248727][ T5523] syz.1.402 (5523) used greatest stack depth: 20224 bytes left [ 158.439460][ T5538] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_team, syncid = 0, id = 0 [ 158.795380][ T4297] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 158.829334][ T5532] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 158.868577][ T5540] loop1: detected capacity change from 0 to 512 [ 158.962049][ T5532] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 159.008815][ T5540] EXT4-fs (loop1): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 159.071803][ T4297] usb 4-1: Using ep0 maxpacket: 16 [ 159.142634][ T5540] ext4 filesystem being mounted at /77/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 160.601218][ T4297] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.119844][ T4297] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.130477][ T4297] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 161.144821][ T4297] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 161.155181][ T4297] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.166706][ T4297] usb 4-1: config 0 descriptor?? [ 161.172161][ T26] kauditd_printk_skb: 69 callbacks suppressed [ 161.172173][ T26] audit: type=1326 audit(1756488896.531:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 161.206222][ T26] audit: type=1326 audit(1756488896.531:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 161.239759][ T5543] netlink: 28 bytes leftover after parsing attributes in process `syz.0.409'. [ 161.251280][ T4297] usb 4-1: can't set config #0, error -71 [ 161.264398][ T4297] usb 4-1: USB disconnect, device number 7 [ 161.436344][ T5554] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 161.441983][ T26] audit: type=1326 audit(1756488896.791:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 161.467722][ T26] audit: type=1326 audit(1756488896.791:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe495970c23 code=0x7ffc0000 [ 161.490887][ T26] audit: type=1326 audit(1756488896.791:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe495970c23 code=0x7ffc0000 [ 161.520675][ T26] audit: type=1326 audit(1756488896.791:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 161.595867][ T26] audit: type=1326 audit(1756488896.831:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 161.608740][ T5554] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 161.636084][ T5554] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 161.647824][ T5554] device bridge_slave_0 left promiscuous mode [ 161.661363][ T5554] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.702760][ T26] audit: type=1326 audit(1756488896.831:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 161.845379][ T26] audit: type=1326 audit(1756488896.831:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 161.991954][ T26] audit: type=1326 audit(1756488896.831:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.0.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 162.002517][ T5554] device bridge_slave_1 left promiscuous mode [ 162.038049][ T5554] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.150787][ T5554] bond0: (slave bond_slave_0): Releasing backup interface [ 162.161265][ T5571] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 162.169410][ T5571] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 162.197480][ T5554] bond0: (slave bond_slave_1): Releasing backup interface [ 162.250500][ T5554] team0: Port device team_slave_0 removed [ 162.274590][ T5554] team0: Port device team_slave_1 removed [ 162.292029][ T5554] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 162.300001][ T5554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.341880][ T5554] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 162.349368][ T5554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 162.388880][ T5556] team0: Mode changed to "activebackup" [ 162.409079][ T5560] device vlan0 entered promiscuous mode [ 162.508232][ T5560] team0: Port device vlan0 added [ 162.641088][ T5567] 8021q: adding VLAN 0 to HW filter on device bond1 [ 162.655737][ T5569] device bond_slave_0 entered promiscuous mode [ 162.662717][ T5569] device bond_slave_1 entered promiscuous mode [ 162.676000][ T5569] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 162.711596][ T5569] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 162.801733][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 163.258781][ T5594] binder: 5592:5594 ioctl c0306201 0 returned -14 [ 163.262065][ T5593] fuse: Unknown parameter 'group_id00000000000000000000' [ 163.613641][ T5603] netlink: 28 bytes leftover after parsing attributes in process `syz.3.426'. [ 165.138399][ T5618] 8021q: adding VLAN 0 to HW filter on device bond2 [ 165.212200][ T5623] 9pnet_virtio: no channels available for device syz [ 165.360876][ T5620] device bond_slave_0 entered promiscuous mode [ 165.367205][ T5620] device bond_slave_1 entered promiscuous mode [ 165.416993][ T5620] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 165.435430][ T5620] bond2: (slave macvlan2): Enslaving as a backup interface with an up link [ 165.501481][ T5629] binder: 5628:5629 ioctl c0306201 0 returned -14 [ 165.532097][ T5629] binder: 5628:5629 ioctl c0306201 200000000240 returned -11 [ 165.546161][ T5631] loop1: detected capacity change from 0 to 512 [ 165.559284][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 165.657282][ T5631] EXT4-fs (loop1): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 165.681604][ T5631] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.735176][ T5637] fuse: Unknown parameter 'group_id00000000000000000000' [ 166.089373][ T5641] netlink: 28 bytes leftover after parsing attributes in process `syz.4.437'. [ 167.436577][ T4380] wlan1: Trigger new scan to find an IBSS to join [ 167.820255][ T5644] loop1: detected capacity change from 0 to 128 [ 167.820654][ T5651] netlink: 'syz.3.440': attribute type 10 has an invalid length. [ 167.834842][ T5646] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 167.872926][ T5652] siw: device registration error -23 [ 167.922559][ T5651] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 168.019672][ T26] kauditd_printk_skb: 82 callbacks suppressed [ 168.019720][ T26] audit: type=1326 audit(1756488903.371:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5653 comm="syz.4.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 168.070643][ T5656] netlink: 28 bytes leftover after parsing attributes in process `syz.4.441'. [ 168.434965][ T26] audit: type=1326 audit(1756488903.401:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5653 comm="syz.4.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 168.760914][ T26] audit: type=1326 audit(1756488903.411:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5653 comm="syz.4.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 168.804534][ T5644] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 168.810396][ T26] audit: type=1326 audit(1756488903.411:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5653 comm="syz.4.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 168.838913][ T26] audit: type=1326 audit(1756488903.411:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5653 comm="syz.4.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 168.839112][ T5644] ext4 filesystem being mounted at /81/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 168.861854][ T26] audit: type=1326 audit(1756488903.411:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5653 comm="syz.4.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 168.861899][ T26] audit: type=1326 audit(1756488903.411:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5653 comm="syz.4.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 168.861934][ T26] audit: type=1326 audit(1756488903.411:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5653 comm="syz.4.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 168.861967][ T26] audit: type=1326 audit(1756488903.411:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5653 comm="syz.4.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 168.974060][ T26] audit: type=1326 audit(1756488903.411:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5653 comm="syz.4.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3232e55be9 code=0x7ffc0000 [ 169.006795][ T5661] loop2: detected capacity change from 0 to 1024 [ 169.055459][ T5661] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 169.119700][ T4650] udevd[4650]: incorrect jbd checksum on /dev/loop1 [ 169.128498][ T5661] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,min_batch_time=0x0000000000000001,usrjquota=,,errors=continue. Quota mode: none. [ 169.159446][ T5644] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.438: Invalid inode table block 998769480383777802 in block_group 0 [ 169.250189][ T5644] EXT4-fs warning (device loop1): ext4_group_add:1701: Error opening resize inode [ 169.519317][ T5672] binder: 5670:5672 ioctl c0306201 0 returned -14 [ 169.553522][ T5672] binder: 5670:5672 ioctl c0306201 200000000240 returned -11 [ 169.621818][ T4381] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0xe9 [ 169.659492][ T5679] loop2: detected capacity change from 0 to 512 [ 169.729077][ T5679] EXT4-fs (loop2): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 169.750243][ T5679] ext4 filesystem being mounted at /92/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.900328][ T4381] wlan1: Trigger new scan to find an IBSS to join [ 171.963916][ T5715] netlink: 28 bytes leftover after parsing attributes in process `syz.2.459'. [ 172.275340][ T4198] Bluetooth: hci2: unexpected event for opcode 0x204e [ 172.289761][ T5725] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 172.296671][ T5725] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 172.313484][ T5725] vhci_hcd vhci_hcd.0: Device attached [ 172.339735][ T5725] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 172.402696][ T5728] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(12) [ 172.409414][ T5728] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 172.439240][ T5728] vhci_hcd vhci_hcd.0: Device attached [ 172.447670][ T5725] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(15) [ 172.454473][ T5725] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 172.511318][ T2301] vhci_hcd: vhci_device speed not set [ 172.518750][ T5728] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(14) [ 172.525500][ T5728] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 172.561507][ T5725] vhci_hcd vhci_hcd.0: Device attached [ 172.581218][ T2301] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 172.584671][ T5728] vhci_hcd vhci_hcd.0: Device attached [ 172.611949][ T5741] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 172.790846][ T5738] vhci_hcd: connection closed [ 172.799591][ T4380] vhci_hcd: stop threads [ 172.811231][ T4380] vhci_hcd: release socket [ 172.816039][ T5733] vhci_hcd: connection closed [ 172.816555][ T5729] vhci_hcd: connection closed [ 172.829165][ T5726] vhci_hcd: connection reset by peer [ 172.832842][ T4380] vhci_hcd: disconnect device [ 172.895079][ T4380] vhci_hcd: stop threads [ 172.899419][ T4380] vhci_hcd: release socket [ 172.932326][ T144] wlan1: Creating new IBSS network, BSSID 4e:31:5b:ea:7b:3a [ 172.945090][ T4380] vhci_hcd: disconnect device [ 172.983660][ T4380] vhci_hcd: stop threads [ 172.988216][ T4380] vhci_hcd: release socket [ 173.017554][ T4380] vhci_hcd: disconnect device [ 173.035555][ T4380] vhci_hcd: stop threads [ 173.047588][ T4380] vhci_hcd: release socket [ 173.081274][ T4380] vhci_hcd: disconnect device [ 173.513741][ T5773] syz.0.476 uses obsolete (PF_INET,SOCK_PACKET) [ 174.011123][ T4225] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 174.301595][ T4225] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 174.338408][ T5790] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 174.345211][ T5790] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 174.370543][ T5790] vhci_hcd vhci_hcd.0: Device attached [ 174.383058][ T5793] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 174.391752][ T4225] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.421135][ T4225] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.440794][ T4225] usb 5-1: config 0 interface 0 has no altsetting 0 [ 174.462263][ T5790] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(12) [ 174.469142][ T5790] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 174.489301][ T5790] vhci_hcd vhci_hcd.0: Device attached [ 174.519594][ T5793] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(15) [ 174.524006][ T4225] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.526553][ T5793] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 174.551242][ T4225] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.562702][ T4297] vhci_hcd: vhci_device speed not set [ 174.593388][ T4225] usb 5-1: config 0 interface 0 has no altsetting 0 [ 174.599779][ T5793] vhci_hcd vhci_hcd.0: Device attached [ 174.625664][ T5790] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(14) [ 174.632457][ T5790] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 174.644814][ T4297] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 174.682655][ T4225] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.697989][ T5790] vhci_hcd vhci_hcd.0: Device attached [ 174.702475][ T4225] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.707829][ T5793] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 174.726305][ T5805] netlink: 'syz.0.483': attribute type 10 has an invalid length. [ 174.757326][ T4225] usb 5-1: config 0 interface 0 has no altsetting 0 [ 174.760361][ T5805] device syz_tun entered promiscuous mode [ 174.787632][ T5790] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 174.819226][ T5802] vhci_hcd: connection closed [ 174.819534][ T4435] vhci_hcd: stop threads [ 174.821085][ T5805] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 174.825900][ T4435] vhci_hcd: release socket [ 174.861613][ T5799] vhci_hcd: connection closed [ 174.861679][ T5797] vhci_hcd: connection closed [ 174.867326][ T5791] vhci_hcd: connection reset by peer [ 174.881303][ T4225] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.890601][ T4225] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.927385][ T4225] usb 5-1: config 0 interface 0 has no altsetting 0 [ 174.944222][ T4435] vhci_hcd: disconnect device [ 174.955071][ T4435] vhci_hcd: stop threads [ 174.959522][ T4435] vhci_hcd: release socket [ 174.974740][ T4435] vhci_hcd: disconnect device [ 174.991686][ T4435] vhci_hcd: stop threads [ 174.996212][ T4435] vhci_hcd: release socket [ 175.008513][ T4435] vhci_hcd: disconnect device [ 175.029460][ T4225] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 175.040172][ T4435] vhci_hcd: stop threads [ 175.044683][ T4435] vhci_hcd: release socket [ 175.049390][ T4225] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 175.060721][ T4435] vhci_hcd: disconnect device [ 175.065919][ T4225] usb 5-1: config 0 interface 0 has no altsetting 0 [ 175.151343][ T4225] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 175.169681][ T4225] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 175.190725][ T4225] usb 5-1: config 0 interface 0 has no altsetting 0 [ 175.281343][ T4225] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 175.305950][ T4225] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 175.339756][ T4225] usb 5-1: config 0 interface 0 has no altsetting 0 [ 175.441359][ T4225] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 175.469021][ T4225] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 175.511258][ T4225] usb 5-1: config 0 interface 0 has no altsetting 0 [ 175.671409][ T4225] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 175.701287][ T4225] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 175.710802][ T4225] usb 5-1: Product: syz [ 175.727160][ T4225] usb 5-1: Manufacturer: syz [ 175.747309][ T4225] usb 5-1: SerialNumber: syz [ 175.771292][ T5829] loop1: detected capacity change from 0 to 512 [ 175.772160][ T4225] usb 5-1: config 0 descriptor?? [ 175.827469][ T5829] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 175.879573][ T4225] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 175.897681][ T5829] EXT4-fs (loop1): 1 truncate cleaned up [ 175.908097][ T5829] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,discard,journal_ioprio=0x0000000000000003,errors=remount-ro,lazytime,minixdf,noquota,usrjquota=,. Quota mode: none. [ 175.936108][ T5829] EXT4-fs error (device loop1): ext4_get_verity_descriptor_location:299: inode #15: comm syz.1.494: verity file has no extents [ 175.970597][ T5829] EXT4-fs (loop1): Remounting filesystem read-only [ 175.980468][ T5829] fs-verity (loop1, inode 15): Error -117 getting verity descriptor size [ 176.070323][ T23] usb 5-1: USB disconnect, device number 4 [ 176.107761][ T23] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 177.122505][ T5866] netlink: 'syz.0.509': attribute type 19 has an invalid length. [ 177.201245][ T5866] netlink: 4 bytes leftover after parsing attributes in process `syz.0.509'. [ 177.289548][ T5866] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 177.299584][ T5866] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 177.308589][ T5866] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 177.318018][ T5866] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 177.400688][ T5866] netlink: 'syz.0.509': attribute type 19 has an invalid length. [ 177.418189][ T5866] netlink: 4 bytes leftover after parsing attributes in process `syz.0.509'. [ 177.569023][ T5880] 9pnet_virtio: no channels available for device syz [ 177.751346][ T2301] vhci_hcd: vhci_device speed not set [ 177.781334][ T5891] comedi comedi3: das16m1: a I/O base address must be specified [ 178.205401][ T5887] chnl_net:caif_netlink_parms(): no params data found [ 178.461246][ T4298] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 178.469573][ T5887] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.477257][ T5887] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.487778][ T5887] device bridge_slave_0 entered promiscuous mode [ 178.516445][ T5887] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.527189][ T5887] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.536910][ T5887] device bridge_slave_1 entered promiscuous mode [ 178.573855][ T5887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.586558][ T5887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 178.756774][ T5922] netlink: 'syz.4.529': attribute type 10 has an invalid length. [ 178.762012][ T4298] usb 3-1: Using ep0 maxpacket: 8 [ 178.825351][ T5887] team0: Port device team_slave_0 added [ 178.859604][ T5887] team0: Port device team_slave_1 added [ 178.891297][ T4298] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.908024][ T4298] usb 3-1: config 0 has no interfaces? [ 178.991336][ T4298] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.002421][ T5928] fuse: Bad value for 'fd' [ 179.043466][ T4298] usb 3-1: config 0 has no interfaces? [ 179.056612][ T5887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 179.074641][ T5887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.141293][ T4298] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.161152][ T4298] usb 3-1: config 0 has no interfaces? [ 179.174085][ T5887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 179.245525][ T5887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 179.271364][ T5887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.325498][ T5887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.336849][ T4298] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 179.346838][ T4298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.362785][ T4298] usb 3-1: Product: syz [ 179.371676][ T4298] usb 3-1: Manufacturer: syz [ 179.376498][ T4298] usb 3-1: SerialNumber: syz [ 179.407757][ T4298] usb 3-1: config 0 descriptor?? [ 179.510729][ T5887] device hsr_slave_0 entered promiscuous mode [ 179.523462][ T5887] device hsr_slave_1 entered promiscuous mode [ 179.541888][ T5887] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 179.549734][ T5887] Cannot create hsr debugfs directory [ 179.591120][ T13] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 179.647106][ T5944] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 179.744016][ T4259] usb 3-1: USB disconnect, device number 3 [ 179.821276][ T4297] vhci_hcd: vhci_device speed not set [ 179.831212][ T4243] Bluetooth: hci2: command 0x0409 tx timeout [ 179.924732][ T13] usb 5-1: Using ep0 maxpacket: 8 [ 180.061565][ T13] usb 5-1: config 0 has an invalid interface number: 186 but max is 0 [ 180.069837][ T13] usb 5-1: config 0 has no interface number 0 [ 180.101418][ T13] usb 5-1: config 0 interface 186 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 180.151341][ T13] usb 5-1: config 0 interface 186 altsetting 0 has an invalid endpoint with address 0x9A, skipping [ 180.181312][ T13] usb 5-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 180.233479][ T5954] netlink: 'syz.0.541': attribute type 10 has an invalid length. [ 180.363943][ T5887] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 180.391378][ T13] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 180.421554][ T13] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.429822][ T13] usb 5-1: Product: syz [ 180.451151][ T13] usb 5-1: Manufacturer: syz [ 180.455944][ T13] usb 5-1: SerialNumber: syz [ 180.465447][ T13] usb 5-1: config 0 descriptor?? [ 180.485501][ T5887] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 180.504667][ T5960] fuse: Bad value for 'fd' [ 180.512896][ T13] iowarrior 5-1:0.186: no interrupt-in endpoint found [ 180.548653][ T5887] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 180.580563][ T5887] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 180.909236][ T5887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.948275][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.956069][ T4243] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 180.968054][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.989301][ T5887] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.015504][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.050810][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.071303][ T26] kauditd_printk_skb: 64 callbacks suppressed [ 181.071321][ T26] audit: type=1326 audit(1756488916.421:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2de0c7be9 code=0x7ffc0000 [ 181.108494][ T4195] block nbd3: Receive control failed (result -32) [ 181.129040][ T5956] block nbd3: shutting down sockets [ 181.163240][ T5978] netlink: 28 bytes leftover after parsing attributes in process `syz.2.550'. [ 181.252113][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.259439][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.371262][ T4243] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 181.399927][ T26] audit: type=1326 audit(1756488916.461:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd2de0c7be9 code=0x7ffc0000 [ 181.621761][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.722262][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.831603][ T26] audit: type=1326 audit(1756488916.461:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2de0c7be9 code=0x7ffc0000 [ 181.872165][ T4243] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 181.882430][ T4243] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 181.883209][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.891577][ T4243] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.911154][ T23] Bluetooth: hci2: command 0x041b tx timeout [ 181.921760][ T5964] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 182.095458][ T5981] overlayfs: missing 'lowerdir' [ 183.088487][ T26] audit: type=1326 audit(1756488916.481:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fd2de0c7be9 code=0x7ffc0000 [ 183.488902][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.496319][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.655319][ T26] audit: type=1326 audit(1756488916.481:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2de0c7be9 code=0x7ffc0000 [ 183.678905][ T26] audit: type=1326 audit(1756488916.501:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd2de0c7be9 code=0x7ffc0000 [ 183.698225][ T4243] usb 1-1: USB disconnect, device number 2 [ 183.707831][ T26] audit: type=1326 audit(1756488916.501:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2de0c7be9 code=0x7ffc0000 [ 183.751299][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.775837][ T26] audit: type=1326 audit(1756488916.501:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2de0c7be9 code=0x7ffc0000 [ 183.851070][ T23] usb 5-1: USB disconnect, device number 5 [ 183.873706][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.931498][ T5988] netlink: 'syz.3.554': attribute type 10 has an invalid length. [ 183.949869][ T26] audit: type=1326 audit(1756488916.511:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2de0c7be9 code=0x7ffc0000 [ 183.981129][ T13] Bluetooth: hci2: command 0x040f tx timeout [ 184.036430][ T26] audit: type=1326 audit(1756488916.511:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5975 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2de0c7be9 code=0x7ffc0000 [ 184.060909][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.104434][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.131969][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.162242][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.202654][ T4295] udevd[4295]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 184.227792][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.242135][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.262642][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.281846][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.291280][ T23] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 184.301899][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.318677][ T5887] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.791766][ T23] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 184.806990][ T23] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 184.841114][ T23] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 184.850917][ T23] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 184.895647][ T23] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 184.907863][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 184.932445][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 184.941417][ T4297] Bluetooth: hci3: command 0x0406 tx timeout [ 185.003266][ T5887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.112115][ T23] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 185.143399][ T23] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 185.170252][ T23] usb 5-1: Product: syz [ 185.195664][ T23] usb 5-1: Manufacturer: syz [ 185.272712][ T23] cdc_wdm 5-1:1.0: skipping garbage [ 185.278365][ T23] cdc_wdm 5-1:1.0: skipping garbage [ 185.333439][ T6020] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 185.350746][ T23] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 185.390547][ T23] cdc_wdm 5-1:1.0: Unknown control protocol [ 185.495743][ T23] usb 5-1: USB disconnect, device number 6 [ 185.612748][ T6028] capability: warning: `syz.2.563' uses 32-bit capabilities (legacy support in use) [ 185.643225][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 185.657446][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 185.774549][ T5887] device veth0_vlan entered promiscuous mode [ 185.813214][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 185.842208][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 185.854646][ T6036] netlink: 20 bytes leftover after parsing attributes in process `syz.2.565'. [ 185.866521][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 185.882438][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 185.912097][ T5887] device veth1_vlan entered promiscuous mode [ 186.012023][ T4243] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 186.035746][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 186.054407][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 186.065817][ T23] Bluetooth: hci2: command 0x0419 tx timeout [ 186.100233][ T5887] device veth0_macvtap entered promiscuous mode [ 186.128141][ T5887] device veth1_macvtap entered promiscuous mode [ 186.269020][ T6048] fuse: Bad value for 'fd' [ 186.271652][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.328520][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.357439][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.395837][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.422779][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.434225][ T4243] usb 4-1: config 0 has no interfaces? [ 186.517526][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.562120][ T5887] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.572702][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 186.582239][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 186.592181][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 186.602716][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 186.613492][ T4243] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 186.901938][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.953590][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.016125][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.078644][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.181982][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.325312][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.343129][ T4243] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.351591][ T4243] usb 4-1: Product: syz [ 187.355873][ T4243] usb 4-1: Manufacturer: syz [ 187.360688][ T4243] usb 4-1: SerialNumber: syz [ 187.385386][ T5887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 187.433164][ T4243] usb 4-1: config 0 descriptor?? [ 187.549203][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 187.562194][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 187.586848][ T5887] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.617766][ T5887] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.631359][ T5887] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.640538][ T5887] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.664888][ T6063] netlink: 'syz.2.575': attribute type 10 has an invalid length. [ 187.721863][ T6063] device syz_tun entered promiscuous mode [ 187.752543][ T6063] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 187.881662][ T6030] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.037435][ T4225] usb 4-1: USB disconnect, device number 8 [ 188.101912][ T21] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 188.139508][ T6075] loop4: detected capacity change from 0 to 512 [ 188.213085][ T4380] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 188.271904][ T4380] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 188.341986][ T6075] EXT4-fs (loop4): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 188.423632][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 188.462135][ T6075] ext4 filesystem being mounted at /125/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.496908][ T4380] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 188.532431][ T4380] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 188.542657][ T21] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 188.559862][ T21] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 188.654157][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 188.692268][ T21] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 188.772810][ T21] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 188.833980][ T21] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 188.991287][ T4225] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 189.088100][ T6100] 9pnet_virtio: no channels available for device syz [ 189.091252][ T21] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 189.126435][ T21] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 189.148036][ T21] usb 1-1: Product: syz [ 189.171289][ T21] usb 1-1: Manufacturer: syz [ 189.252498][ T21] cdc_wdm 1-1:1.0: skipping garbage [ 189.275377][ T21] cdc_wdm 1-1:1.0: skipping garbage [ 189.333598][ T21] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 189.351351][ T4225] usb 3-1: config 0 has no interfaces? [ 189.357196][ T4225] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 189.374038][ T21] cdc_wdm 1-1:1.0: Unknown control protocol [ 189.413823][ T4225] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.449669][ T4225] usb 3-1: config 0 descriptor?? [ 189.557766][ T26] kauditd_printk_skb: 26 callbacks suppressed [ 189.557787][ T26] audit: type=1326 audit(1756488924.901:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.5.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff85fd6abe9 code=0x7ffc0000 [ 189.623931][ T6111] netlink: 28 bytes leftover after parsing attributes in process `syz.5.585'. [ 189.789512][ T21] usb 3-1: USB disconnect, device number 4 [ 190.052046][ T26] audit: type=1326 audit(1756488924.951:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.5.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff85fd6abe9 code=0x7ffc0000 [ 190.346713][ T26] audit: type=1326 audit(1756488924.951:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.5.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff85fd6abe9 code=0x7ffc0000 [ 190.369723][ T26] audit: type=1326 audit(1756488924.961:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.5.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7ff85fd6abe9 code=0x7ffc0000 [ 190.392594][ C0] vkms_vblank_simulate: vblank timer overrun [ 190.444425][ T26] audit: type=1326 audit(1756488924.961:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.5.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff85fd6abe9 code=0x7ffc0000 [ 190.507060][ T6114] netlink: 75 bytes leftover after parsing attributes in process `syz.3.586'. [ 190.547962][ T26] audit: type=1326 audit(1756488924.961:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.5.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff85fd6abe9 code=0x7ffc0000 [ 190.619158][ T6114] loop2: detected capacity change from 0 to 7 [ 190.625669][ T26] audit: type=1326 audit(1756488924.961:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.5.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff85fd6abe9 code=0x7ffc0000 [ 190.625717][ T26] audit: type=1326 audit(1756488924.961:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.5.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff85fd6abe9 code=0x7ffc0000 [ 190.625753][ T26] audit: type=1326 audit(1756488924.961:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.5.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff85fd6abe9 code=0x7ffc0000 [ 190.694722][ C0] vkms_vblank_simulate: vblank timer overrun [ 190.736098][ T6114] Dev loop2: unable to read RDB block 7 [ 190.751649][ T6114] loop2: unable to read partition table [ 190.789519][ T6114] loop2: partition table beyond EOD, truncated [ 190.821302][ T6114] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 190.903528][ T26] audit: type=1326 audit(1756488924.961:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6108 comm="syz.5.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff85fd6abe9 code=0x7ffc0000 [ 191.098424][ T4298] usb 1-1: USB disconnect, device number 3 [ 191.243001][ T6136] comedi comedi3: Minor 20263 is invalid! [ 191.301836][ T6139] loop5: detected capacity change from 0 to 512 [ 191.335826][ T154] device hsr_slave_0 left promiscuous mode [ 191.357161][ T154] device hsr_slave_1 left promiscuous mode [ 191.473609][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 191.527981][ T6139] EXT4-fs (loop5): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 191.566786][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 191.621515][ T6139] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.621534][ T154] device bridge_slave_1 left promiscuous mode [ 191.699888][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.877466][ T154] device bridge_slave_0 left promiscuous mode [ 191.949949][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.4.598'. [ 191.954692][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.635842][ T6168] overlayfs: missing 'workdir' [ 193.139509][ T154] team0 (unregistering): Port device bond1 removed [ 193.202342][ T6180] netlink: 16 bytes leftover after parsing attributes in process `syz.4.602'. [ 193.204269][ T154] bond1 (unregistering): Released all slaves [ 193.462786][ T154] team0 (unregistering): Port device team_slave_1 removed [ 193.488391][ T154] team0 (unregistering): Port device team_slave_0 removed [ 193.528056][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 193.579362][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 193.750628][ T154] bond0 (unregistering): Released all slaves [ 194.005996][ T6205] loop3: detected capacity change from 0 to 512 [ 194.113294][ T6205] EXT4-fs (loop3): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 194.171591][ T6205] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 194.266605][ T6220] overlayfs: missing 'workdir' [ 194.626641][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.633286][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.643102][ C1] Unknown status report in ack skb [ 195.762727][ T6240] overlayfs: missing 'lowerdir' [ 195.929801][ T6245] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 195.946818][ T6248] sp0: Synchronizing with TNC [ 196.048675][ T6255] loop2: detected capacity change from 0 to 512 [ 196.049526][ T4235] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 196.165696][ T6252] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 196.222198][ T6252] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 196.259613][ T6255] EXT4-fs (loop2): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 196.337366][ T6255] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.609368][ T4235] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 196.621230][ T4235] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 196.630182][ T4235] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 196.639869][ T4235] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.652092][ T4235] usb 6-1: config 0 descriptor?? [ 196.696636][ T4235] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 196.717234][ T4235] dvb-usb: bulk message failed: -22 (3/0) [ 196.729608][ T4833] Bluetooth: hci4: command 0x0406 tx timeout [ 196.759341][ T4833] Bluetooth: hci0: command 0x0406 tx timeout [ 196.779683][ T4833] Bluetooth: hci3: command 0x0406 tx timeout [ 196.799026][ T4235] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 196.907067][ T4833] Bluetooth: hci1: command 0x0406 tx timeout [ 196.934342][ T4235] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 196.990826][ T4235] usb 6-1: media controller created [ 197.008837][ T4235] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 197.172801][ T4235] dvb-usb: bulk message failed: -22 (6/0) [ 197.198133][ T4235] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 197.256410][ T4235] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input7 [ 197.316354][ T4235] dvb-usb: schedule remote query interval to 150 msecs. [ 197.333952][ T6302] binder_alloc: binder_alloc_mmap_handler: 6300 200000ffc000-200000fff000 already mapped failed -16 [ 197.376829][ T4235] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 197.463513][ T4235] usb 6-1: USB disconnect, device number 2 [ 197.621514][ T4259] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 197.648054][ T6313] loop0: detected capacity change from 0 to 512 [ 197.683642][ T4235] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 197.867761][ T6313] EXT4-fs (loop0): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 197.911625][ T6313] ext4 filesystem being mounted at /124/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.001405][ T4259] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 198.014664][ T4259] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.033261][ T6328] netlink: 4 bytes leftover after parsing attributes in process `syz.3.647'. [ 198.085197][ T26] kauditd_printk_skb: 48 callbacks suppressed [ 198.085220][ T26] audit: type=1400 audit(1756488933.441:685): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=6321 comm="syz.5.646" [ 198.211264][ T4259] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 198.752321][ T4259] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 198.760621][ T4259] usb 3-1: Manufacturer: syz [ 198.795145][ T4259] usb 3-1: config 0 descriptor?? [ 199.041633][ T4259] rc_core: IR keymap rc-hauppauge not found [ 199.051192][ T4259] Registered IR keymap rc-empty [ 199.098008][ T4259] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 199.184137][ T4259] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input8 [ 199.268199][ T4259] usb 3-1: USB disconnect, device number 5 [ 199.716956][ T6368] loop5: detected capacity change from 0 to 512 [ 199.854738][ T6368] EXT4-fs (loop5): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 199.874619][ C0] vkms_vblank_simulate: vblank timer overrun [ 199.901404][ T6368] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.926549][ T6392] netlink: 'syz.0.664': attribute type 10 has an invalid length. [ 201.016195][ T4297] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 201.261552][ T4833] Bluetooth: hci5: command 0xfc11 tx timeout [ 201.261735][ T4195] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 201.275690][ T4297] usb 3-1: Using ep0 maxpacket: 8 [ 201.401310][ T4297] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 201.410595][ T4297] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 201.461830][ T4297] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 201.485155][ T4297] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 201.520793][ T4297] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 201.561114][ T4297] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 201.570225][ T4297] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.901351][ T26] audit: type=1326 audit(1756488937.251:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6409 comm="syz.0.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 201.931338][ T4297] usb 3-1: usb_control_msg returned -32 [ 201.937183][ T4297] usbtmc 3-1:16.0: can't read capabilities [ 201.964275][ T6414] netlink: 28 bytes leftover after parsing attributes in process `syz.0.669'. [ 202.246392][ T26] audit: type=1326 audit(1756488937.281:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6409 comm="syz.0.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 202.581857][ T26] audit: type=1326 audit(1756488937.301:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6409 comm="syz.0.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 202.604634][ T26] audit: type=1326 audit(1756488937.301:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6409 comm="syz.0.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 202.627898][ T26] audit: type=1326 audit(1756488937.301:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6409 comm="syz.0.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 202.651153][ T26] audit: type=1326 audit(1756488937.301:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6409 comm="syz.0.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 202.651177][ T6419] usbtmc 3-1:16.0: usb_control_msg returned -32 [ 202.673876][ T26] audit: type=1326 audit(1756488937.301:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6409 comm="syz.0.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 202.673924][ T26] audit: type=1326 audit(1756488937.301:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6409 comm="syz.0.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 202.673958][ T26] audit: type=1326 audit(1756488937.301:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6409 comm="syz.0.669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 202.726272][ C0] vkms_vblank_simulate: vblank timer overrun [ 203.042915][ T4833] usb 3-1: USB disconnect, device number 6 [ 203.477795][ T6445] loop4: detected capacity change from 0 to 512 [ 203.638651][ T6445] EXT4-fs (loop4): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 203.721643][ T6445] ext4 filesystem being mounted at /155/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 205.190565][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 205.190800][ T26] audit: type=1326 audit(1756488940.541:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 205.469406][ T6475] binder: 6474:6475 ioctl c018620c 0 returned -14 [ 205.912834][ T26] audit: type=1326 audit(1756488941.271:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 205.963610][ T6476] netlink: 28 bytes leftover after parsing attributes in process `syz.0.682'. [ 206.139321][ T26] audit: type=1326 audit(1756488941.291:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 206.162546][ T26] audit: type=1326 audit(1756488941.291:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 206.184828][ C0] vkms_vblank_simulate: vblank timer overrun [ 206.191716][ T26] audit: type=1326 audit(1756488941.301:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 206.214666][ T26] audit: type=1326 audit(1756488941.301:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 206.237410][ C0] vkms_vblank_simulate: vblank timer overrun [ 206.245034][ T26] audit: type=1326 audit(1756488941.301:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 206.267597][ C0] vkms_vblank_simulate: vblank timer overrun [ 206.314908][ T26] audit: type=1326 audit(1756488941.301:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 206.337333][ C0] vkms_vblank_simulate: vblank timer overrun [ 206.387403][ T6483] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 206.488071][ T26] audit: type=1326 audit(1756488941.301:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 206.560892][ T6490] rtc_cmos 00:00: Alarms can be up to one day in the future [ 206.592389][ T26] audit: type=1326 audit(1756488941.301:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe495970be9 code=0x7ffc0000 [ 206.747540][ T6494] device syzkaller1 entered promiscuous mode [ 206.950168][ T6503] netlink: 'syz.5.692': attribute type 10 has an invalid length. [ 207.089925][ T6503] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 207.565480][ T6521] device pim6reg1 entered promiscuous mode [ 209.241119][ T4298] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 209.491132][ T4298] usb 1-1: Using ep0 maxpacket: 16 [ 209.611351][ T4298] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 209.654069][ T4298] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 209.688124][ T154] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 209.701571][ T4298] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 209.973932][ T4298] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 209.990858][ T4298] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.000394][ T4298] usb 1-1: Product: syz [ 210.005337][ T4298] usb 1-1: Manufacturer: syz [ 210.010404][ T4298] usb 1-1: SerialNumber: syz [ 210.431355][ T4298] usb 1-1: 0:2 : does not exist [ 210.486268][ T4298] usb 1-1: USB disconnect, device number 4 [ 210.817578][ T6612] loop5: detected capacity change from 0 to 512 [ 210.987614][ T6612] EXT4-fs (loop5): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 211.037638][ T6619] input: syz1 as /devices/virtual/input/input9 [ 211.134352][ T6612] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.531405][ C1] ------------[ cut here ]------------ [ 211.536980][ C1] WARNING: CPU: 1 PID: 6610 at net/mac80211/tx.c:4859 __ieee80211_beacon_get+0x172c/0x1f80 [ 211.547085][ C1] Modules linked in: [ 211.551262][ C1] CPU: 1 PID: 6610 Comm: syz.5.714 Not tainted syzkaller #0 [ 211.558749][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 211.568993][ C1] RIP: 0010:__ieee80211_beacon_get+0x172c/0x1f80 [ 211.575409][ C1] Code: f8 0f 0b e9 f1 fa ff ff e8 51 b6 3a f8 0f 0b 4c 8b 74 24 08 e9 36 fe ff ff e8 40 b6 3a f8 0f 0b e9 3c ef ff ff e8 34 b6 3a f8 <0f> 0b e9 b8 f2 ff ff e8 48 d9 6b 00 44 89 e1 80 e1 07 80 c1 03 38 [ 211.595576][ C1] RSP: 0000:ffffc90000dd08c0 EFLAGS: 00010246 [ 211.601801][ C1] RAX: ffffffff893d147c RBX: ffff88801a588c80 RCX: ffff888020f45940 [ 211.610085][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.618098][ C1] RBP: ffffc90000dd0ae8 R08: ffff888020f45940 R09: 0000000000000003 [ 211.626301][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff8880175fea00 [ 211.634864][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff920001ba128 [ 211.642984][ C1] FS: 0000555580606500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 211.652057][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 211.658817][ C1] CR2: 00007ff85df8ff98 CR3: 0000000060a25000 CR4: 00000000003526e0 [ 211.667305][ C1] Call Trace: [ 211.670614][ C1] [ 211.673529][ C1] ? ieee80211_beacon_get_template+0x30/0x30 [ 211.679543][ C1] ? verify_lock_unused+0x140/0x140 [ 211.684921][ C1] ? __lock_acquire+0x13ad/0x7c60 [ 211.690171][ C1] ieee80211_beacon_get_tim+0x48/0x840 [ 211.695777][ C1] mac80211_hwsim_beacon_tx+0xf4/0x920 [ 211.701295][ C1] __iterate_interfaces+0x243/0x500 [ 211.706719][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 211.713093][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 211.719366][ C1] ieee80211_iterate_active_interfaces_atomic+0xb3/0x140 [ 211.726549][ C1] mac80211_hwsim_beacon+0x9b/0x180 [ 211.731993][ C1] __hrtimer_run_queues+0x53d/0xc40 [ 211.737225][ C1] ? ktime_get_update_offsets_now+0x95/0x3e0 [ 211.743345][ C1] ? ktime_get_update_offsets_now+0x95/0x3e0 [ 211.749538][ C1] ? hw_scan_work+0xeb0/0xeb0 [ 211.754277][ C1] ? hrtimer_interrupt+0x8d0/0x8d0 [ 211.759442][ C1] hrtimer_run_softirq+0x176/0x240 [ 211.764632][ C1] handle_softirqs+0x328/0x820 [ 211.769427][ C1] ? __irq_exit_rcu+0x12f/0x220 [ 211.774423][ C1] ? do_softirq+0x200/0x200 [ 211.778965][ C1] ? irqtime_account_irq+0xb2/0x1b0 [ 211.784323][ C1] __irq_exit_rcu+0x12f/0x220 [ 211.789118][ C1] ? irq_exit_rcu+0x20/0x20 [ 211.793785][ C1] irq_exit_rcu+0x5/0x20 [ 211.798232][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 211.803908][ C1] [ 211.806869][ C1] [ 211.809907][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 211.816315][ C1] RIP: 0010:finish_lock_switch+0x134/0x280 [ 211.822179][ C1] Code: be ff ff ff ff e8 ec 7c 55 08 85 c0 74 4a 4d 85 ff 75 66 0f 1f 44 00 00 48 89 df e8 46 e7 5e 08 e8 71 75 2a 00 fb 48 83 c4 08 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 48 89 df e8 d9 0f fe ff 43 80 3c [ 211.842040][ C1] RSP: 0000:ffffc9000307fc68 EFLAGS: 00000282 [ 211.848333][ C1] RAX: a13b2a4ba471a000 RBX: ffff8880b913a300 RCX: a13b2a4ba471a000 [ 211.856530][ C1] RDX: dffffc0000000000 RSI: ffffffff8a0b1620 RDI: ffffffff8a59a240 [ 211.864734][ C1] RBP: 1ffff1101722760b R08: dffffc0000000000 R09: ffffed1017227461 [ 211.873314][ C1] R10: ffffed1017227461 R11: 1ffff11017227460 R12: 1ffff110172275b9 [ 211.881633][ C1] R13: dffffc0000000000 R14: ffff8880b913adc8 R15: 0000000000000000 [ 211.889974][ C1] finish_task_switch+0x12f/0x640 [ 211.895308][ C1] ? __switch_to_asm+0x34/0x60 [ 211.900541][ C1] __schedule+0x11c3/0x4390 [ 211.905258][ C1] ? __lock_acquire+0x7c60/0x7c60 [ 211.910337][ C1] ? release_firmware_map_entry+0x190/0x190 [ 211.916303][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 211.922541][ C1] ? lock_chain_count+0x20/0x20 [ 211.927466][ C1] schedule+0x11b/0x1e0 [ 211.931805][ C1] exit_to_user_mode_loop+0x47/0x130 [ 211.937314][ C1] exit_to_user_mode_prepare+0xb1/0x140 [ 211.942955][ C1] irqentry_exit_to_user_mode+0x5/0x30 [ 211.948663][ C1] asm_sysvec_reschedule_ipi+0x16/0x20 [ 211.954370][ C1] RIP: 0033:0x7ff85fc4abe4 [ 211.958825][ C1] Code: 82 b5 03 00 00 c6 44 24 1e 01 45 31 ff 45 31 f6 44 0f b6 e6 85 c0 0f 84 9e 00 00 00 44 89 f9 49 8b 50 40 4c 89 f0 49 03 14 ca <80> 3d bd 91 34 00 00 49 89 d6 48 89 d5 74 28 25 ff 0f 00 00 83 f0 [ 211.978879][ C1] RSP: 002b:00007fffba195b70 EFLAGS: 00000282 [ 211.985018][ C1] RAX: ffffffff83b798da RBX: 00007ff860ac1720 RCX: 000000000005a3ff [ 211.993082][ C1] RDX: ffffffff83b798da RSI: ffffffff83b7928f RDI: 000000000000000c [ 212.001259][ C1] RBP: ffffffff83b7928f R08: 00007ff85ff92218 R09: 00007ff85ff7e000 [ 212.009271][ C1] R10: 00007ff85efd7008 R11: 000000000000000c R12: 000000000000000c [ 212.017345][ C1] R13: 000000000000013b R14: ffffffff83b798da R15: 000000000005a3ff [ 212.025441][ C1] ? jent_loop_shuffle+0x10a/0x160 [ 212.030978][ C1] ? jent_lfsr_time+0x16f/0x270 [ 212.036125][ C1] ? jent_loop_shuffle+0x10a/0x160 [ 212.041420][ C1] ? jent_loop_shuffle+0x10a/0x160 [ 212.046780][ C1] ? jent_lfsr_time+0x16f/0x270 [ 212.051898][ C1] [ 212.054965][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 212.062452][ C1] CPU: 1 PID: 6610 Comm: syz.5.714 Not tainted syzkaller #0 [ 212.070292][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 212.080817][ C1] Call Trace: [ 212.084260][ C1] [ 212.087147][ C1] dump_stack_lvl+0x168/0x230 [ 212.091962][ C1] ? show_regs_print_info+0x20/0x20 [ 212.097201][ C1] ? load_image+0x3b0/0x3b0 [ 212.101765][ C1] panic+0x2c9/0x7f0 [ 212.105811][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 212.110367][ C1] ? jent_lfsr_time+0x16f/0x270 [ 212.115444][ C1] ? __ieee80211_beacon_get+0x172c/0x1f80 [ 212.121341][ C1] __warn+0x248/0x2b0 [ 212.125529][ C1] ? __ieee80211_beacon_get+0x172c/0x1f80 [ 212.131435][ C1] report_bug+0x1b7/0x2e0 [ 212.135900][ C1] handle_bug+0x3a/0x70 [ 212.140186][ C1] exc_invalid_op+0x16/0x40 [ 212.144963][ C1] asm_exc_invalid_op+0x16/0x20 [ 212.150042][ C1] RIP: 0010:__ieee80211_beacon_get+0x172c/0x1f80 [ 212.156503][ C1] Code: f8 0f 0b e9 f1 fa ff ff e8 51 b6 3a f8 0f 0b 4c 8b 74 24 08 e9 36 fe ff ff e8 40 b6 3a f8 0f 0b e9 3c ef ff ff e8 34 b6 3a f8 <0f> 0b e9 b8 f2 ff ff e8 48 d9 6b 00 44 89 e1 80 e1 07 80 c1 03 38 [ 212.176404][ C1] RSP: 0000:ffffc90000dd08c0 EFLAGS: 00010246 [ 212.182514][ C1] RAX: ffffffff893d147c RBX: ffff88801a588c80 RCX: ffff888020f45940 [ 212.190551][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 212.198761][ C1] RBP: ffffc90000dd0ae8 R08: ffff888020f45940 R09: 0000000000000003 [ 212.206938][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff8880175fea00 [ 212.215180][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff920001ba128 [ 212.223647][ C1] ? __ieee80211_beacon_get+0x172c/0x1f80 [ 212.229634][ C1] ? ieee80211_beacon_get_template+0x30/0x30 [ 212.235797][ C1] ? verify_lock_unused+0x140/0x140 [ 212.241135][ C1] ? __lock_acquire+0x13ad/0x7c60 [ 212.246230][ C1] ieee80211_beacon_get_tim+0x48/0x840 [ 212.251739][ C1] mac80211_hwsim_beacon_tx+0xf4/0x920 [ 212.257248][ C1] __iterate_interfaces+0x243/0x500 [ 212.262555][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 212.268844][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 212.275226][ C1] ieee80211_iterate_active_interfaces_atomic+0xb3/0x140 [ 212.282474][ C1] mac80211_hwsim_beacon+0x9b/0x180 [ 212.287821][ C1] __hrtimer_run_queues+0x53d/0xc40 [ 212.293057][ C1] ? ktime_get_update_offsets_now+0x95/0x3e0 [ 212.299077][ C1] ? ktime_get_update_offsets_now+0x95/0x3e0 [ 212.305131][ C1] ? hw_scan_work+0xeb0/0xeb0 [ 212.309867][ C1] ? hrtimer_interrupt+0x8d0/0x8d0 [ 212.315207][ C1] hrtimer_run_softirq+0x176/0x240 [ 212.320377][ C1] handle_softirqs+0x328/0x820 [ 212.325185][ C1] ? __irq_exit_rcu+0x12f/0x220 [ 212.330102][ C1] ? do_softirq+0x200/0x200 [ 212.334643][ C1] ? irqtime_account_irq+0xb2/0x1b0 [ 212.339916][ C1] __irq_exit_rcu+0x12f/0x220 [ 212.344821][ C1] ? irq_exit_rcu+0x20/0x20 [ 212.349371][ C1] irq_exit_rcu+0x5/0x20 [ 212.353737][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 212.359676][ C1] [ 212.362708][ C1] [ 212.365898][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 212.372351][ C1] RIP: 0010:finish_lock_switch+0x134/0x280 [ 212.378319][ C1] Code: be ff ff ff ff e8 ec 7c 55 08 85 c0 74 4a 4d 85 ff 75 66 0f 1f 44 00 00 48 89 df e8 46 e7 5e 08 e8 71 75 2a 00 fb 48 83 c4 08 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 48 89 df e8 d9 0f fe ff 43 80 3c [ 212.398228][ C1] RSP: 0000:ffffc9000307fc68 EFLAGS: 00000282 [ 212.404337][ C1] RAX: a13b2a4ba471a000 RBX: ffff8880b913a300 RCX: a13b2a4ba471a000 [ 212.412465][ C1] RDX: dffffc0000000000 RSI: ffffffff8a0b1620 RDI: ffffffff8a59a240 [ 212.420564][ C1] RBP: 1ffff1101722760b R08: dffffc0000000000 R09: ffffed1017227461 [ 212.429030][ C1] R10: ffffed1017227461 R11: 1ffff11017227460 R12: 1ffff110172275b9 [ 212.437158][ C1] R13: dffffc0000000000 R14: ffff8880b913adc8 R15: 0000000000000000 [ 212.445310][ C1] finish_task_switch+0x12f/0x640 [ 212.450566][ C1] ? __switch_to_asm+0x34/0x60 [ 212.455602][ C1] __schedule+0x11c3/0x4390 [ 212.460557][ C1] ? __lock_acquire+0x7c60/0x7c60 [ 212.465761][ C1] ? release_firmware_map_entry+0x190/0x190 [ 212.471700][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 212.477744][ C1] ? lock_chain_count+0x20/0x20 [ 212.482648][ C1] schedule+0x11b/0x1e0 [ 212.486850][ C1] exit_to_user_mode_loop+0x47/0x130 [ 212.492375][ C1] exit_to_user_mode_prepare+0xb1/0x140 [ 212.498369][ C1] irqentry_exit_to_user_mode+0x5/0x30 [ 212.504203][ C1] asm_sysvec_reschedule_ipi+0x16/0x20 [ 212.509803][ C1] RIP: 0033:0x7ff85fc4abe4 [ 212.514263][ C1] Code: 82 b5 03 00 00 c6 44 24 1e 01 45 31 ff 45 31 f6 44 0f b6 e6 85 c0 0f 84 9e 00 00 00 44 89 f9 49 8b 50 40 4c 89 f0 49 03 14 ca <80> 3d bd 91 34 00 00 49 89 d6 48 89 d5 74 28 25 ff 0f 00 00 83 f0 [ 212.534335][ C1] RSP: 002b:00007fffba195b70 EFLAGS: 00000282 [ 212.540461][ C1] RAX: ffffffff83b798da RBX: 00007ff860ac1720 RCX: 000000000005a3ff [ 212.548486][ C1] RDX: ffffffff83b798da RSI: ffffffff83b7928f RDI: 000000000000000c [ 212.556735][ C1] RBP: ffffffff83b7928f R08: 00007ff85ff92218 R09: 00007ff85ff7e000 [ 212.564894][ C1] R10: 00007ff85efd7008 R11: 000000000000000c R12: 000000000000000c [ 212.572914][ C1] R13: 000000000000013b R14: ffffffff83b798da R15: 000000000005a3ff [ 212.581027][ C1] ? jent_loop_shuffle+0x10a/0x160 [ 212.586426][ C1] ? jent_lfsr_time+0x16f/0x270 [ 212.591375][ C1] ? jent_loop_shuffle+0x10a/0x160 [ 212.596553][ C1] ? jent_loop_shuffle+0x10a/0x160 [ 212.601723][ C1] ? jent_lfsr_time+0x16f/0x270 [ 212.606692][ C1] [ 212.610410][ C1] Kernel Offset: disabled [ 212.614880][ C1] Rebooting in 86400 seconds..