last executing test programs: 24m46.864718932s ago: executing program 32 (id=571): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$kcm(r0, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x20040000) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000c40)={0x14, 0x24, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 23m51.304152462s ago: executing program 33 (id=762): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2001) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x22008d0, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 22m55.071227085s ago: executing program 34 (id=943): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) mount(0x0, &(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0/file0\x00', 0x0, 0xa02080, 0x0) 19m24.223149088s ago: executing program 35 (id=1681): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x8d8, &(0x7f0000000080), 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) 17m44.857246877s ago: executing program 36 (id=2048): recvmmsg(0xffffffffffffffff, &(0x7f0000002280)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000004200)=""/4096, 0x1000}], 0x1}, 0x5}, {{0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000006200)=""/4096, 0x1000}], 0x1}}], 0x2, 0x60, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x23328fa3312a3cb, 0x4000000) 17m1.565902979s ago: executing program 37 (id=2174): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x5]}, 0x8, 0x800) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) signalfd4(r0, &(0x7f0000000140)={[0x72]}, 0x8, 0x0) 16m34.846562515s ago: executing program 38 (id=2251): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) setpriority(0x2, 0xff, 0x0) 11m24.383290049s ago: executing program 5 (id=3332): sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)={0x14, 0x0, 0x1, 0x70bd2b, 0x0, {0x1b}}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x20000000) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) 11m23.538312949s ago: executing program 5 (id=3336): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000088a805005600080054"], 0xfdef) 11m21.611032619s ago: executing program 39 (id=3336): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000088a805005600080054"], 0xfdef) 10m35.928049763s ago: executing program 4 (id=3480): syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000400)=ANY=[], 0x8, 0x128f, &(0x7f0000003700)="$eJzs3c9rI1UcAPBv2vTn2qbquroL4kMvihC3PXjyUmQXxIJS7YJ6mrWphqY/aEKhIm49eRL8M0Q9ehPEf6AXL54FQaQXj3sQR9Ika9Ok3a5tWpDP55LHe+/7vm8yj4EZ5jH7r321trpSL69kjRgqFKK4ORLF+ylSDMVwtOzGS3d++fXZd957/835hYVbiyndnn939tWU0vRzP37w6XfP/9S4cuf76R/GYm9maP/Pud/2ru1d3//726jWU7We1jcaKUt3NzYa2d1aJS1X66vllN6uVbJ6JVXX65WtRspqD9pXahubmzspW1+emtzcqtTrKVvfSauVndQopMbWTso+yqrrqVwup6nJ4CyWvrmf53lEno/EaOR5nk/EZFyJx2IqpqMUM/F4PBFPxtV4Kq7F0/FMXD/oddnzBgAAAAAAAAAAAAAAAAAAgP+Xh+z/L9j/DwAAAAAAAAAAAAAAAAAAAIN3dP9/McL3/wEAAAAAAAAAAAAAAAAAAOCCPeT7/0f2/79s/z8AAAAAAAAAAAAAAAAAAAAMwnjrZzGl8Yi1L7aXtpdav636+ZWoRi0qcTNK8Vcc7P5vaZVvv7Fw62Y6MBOvrN1rx9/bXhrujp8dKcVMYbidtSt+diIiUkrd8WMxeTh+LkpxtX/+uVb+FKOH48fjxRea8Z+34stRip8/jI2oxXJEoTOPZvxnsym9/tbCRHf+G81+xxoe4CkBAACA81ZOD/Tev++2O/VtbzW1789Tu2fhhOcDR+7vi3GjeFlHTUd955PVrFarbP3HwmjfcToPWM4yck+hOWQWh2umJ39fbKY55Tid5XbG+eS9TcPncoCnLYyc3OcM5zSKp/4zB1SI3aM1eSniUcf54+tDNePHhk+d9xI9KAy1l1lW2+232Mb7JY3dPB/o3zvar2nspKjjrxmFgV6RuEj/nvTLngkAAAAAAAAAAACPou/bfxMR0fM+4Mc9NZ3Xw7vDe0c+PvuXF3CEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA/7MCxAAAAAIAwf+s0OjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KsAAAD//zIyvvc=") syz_mount_image$vfat(&(0x7f00000006c0), &(0x7f0000000280)='./bus\x00', 0xdb9303c4987113b7, 0x0, 0x1, 0x0, &(0x7f0000000080)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='.\x00', 0x40000, 0x0) unlinkat(r0, &(0x7f0000000000)='./file0\x00', 0x200) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x161cc2, 0x85) 10m33.602383321s ago: executing program 4 (id=3490): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x3091, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2081c80, 0x0) move_mount(r0, &(0x7f0000000280)='./file0\x00', r0, 0x0, 0x272) 10m32.62665343s ago: executing program 4 (id=3493): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) close(r0) 10m31.842882326s ago: executing program 4 (id=3497): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0xee01, &(0x7f00000000c0)={0x20000000000, 0x1, 0x2000200000a95c, 0x9, 0x4000000201, 0x80000001, 0x48cd, 0xfffffffffffffffc, 0x7}) 10m29.133959762s ago: executing program 40 (id=3497): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0xee01, &(0x7f00000000c0)={0x20000000000, 0x1, 0x2000200000a95c, 0x9, 0x4000000201, 0x80000001, 0x48cd, 0xfffffffffffffffc, 0x7}) 10m23.389901747s ago: executing program 9 (id=3520): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000004"], 0x48) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8) 10m22.457662691s ago: executing program 9 (id=3523): r0 = socket(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r1 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000080)=0x2, 0x4) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x13, @ipv4={'\x00', '\xff\xff', @empty}, 0x2}, 0x1c) 10m21.709296595s ago: executing program 9 (id=3527): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r0) r2 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00') sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x3c, r1, 0x1, 0x0, 0x0, {0x3}, [@GTPA_LINK={0x8}, @GTPA_VERSION={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}, @GTPA_NET_NS_FD={0x8, 0x7, r2}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast2}]}, 0x3c}}, 0x0) 10m20.696571s ago: executing program 9 (id=3530): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) 10m19.896753371s ago: executing program 9 (id=3534): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x8000d0, &(0x7f0000000100)={[{@bsdgroups}]}, 0x1, 0x58d, &(0x7f0000000bc0)="$eJzs3U9sHFcZAPBvdh0ncU3ThEZqyiGBRKR/lNjtSk4DB8IBDhT1UiRUqRysZGOHrJMQu6I2F/fGiSIBAlRRNeKABBKJxAE4VBQkDkgECYEQEWolEAf+tIBwD5QARrM7a2+8s/Yi2zvF8/tJm33zZuzvvd18b3ffm/UEUFpH0n+SiNGIuBkR+1qbdx5wpHX37dqN6eu1G9NJLC8/+dekedy12o3p9qHtn7srIhYj4r6I+NH5iLO7uuPOzi9cnGw06lez7bG5mStjs/MLJy7MTE7Vp+qXarXHTk9MnD41Mf4/9CZZd+/Hr7x+4NfTT0y9dPhfT52a+fpfkjjT7Hes6cdWymvRUBJxZjuCFaCa9iciRvo8/mD9+Ze3uUn06YsHbo2lz929EXGsmf/7otp8NiM+8OLTf98X77/d62dv3nrxj4NsKwCwdZZTu9ffDexMlUg/+yeVkxHRKlcqJ0+2PsPfGyOVxuXZuYfPX37m0rnWHME9saty/kKjPp7NFdwTu5J0+5FmeXX70TXbtYjYHxGfre5tbp88e7lxbqAjHdA2GvHadz51dviuNfn/h2or/4GdK83/X/74ez9Iy29Wi24NMEhp/n/zzZnHQ/7DDjS87t6N83/PNrULKJrXfygv+Q/l1Z3/6587C+wcXv+hvOQ/lJf8h/KS/1Be8h/KqzP/pT+U0/7Dr9xKImLxfXubt+g4czDnz/YAO8jycuJL/lBS3vtDeQ2tFvcW2Q5g8HzGBzY6+7/nt4GvbH1bgMGoFN0AoDDHD1n/g7Iy/w/lNVR0A4DCeI8PmP+H8jH/D+U12uP6X+/ouHbXeETcHRE/re7a3b7WF/D/azTitRdufvfpiMqfkuz9//F9x0YnX3/1h53HDSf/aC4RDEfEp1948svPTs7NXX0krf/bSv3cV7L6R4vqDdCPdp628xgor9n5hYuTjUb9qoLCmkLE26IZCttYaI8D12o3ptu3QY09zz8U8cYHWychpHGvZ7fW3qFsbnJPc41yZCm541yFZAvWLj93ImLxuYi4L6//SXa989bKx8hStSv+O7P79HYomz9JjznYZ/zq3ZuLf39H/MMd8d/VZ/xbH+vzwG2y/1vFxn/pNyvLXkN5j//QJr8Se2CD/Y9/Y1O/ftN+/7ti4x87XGz8L12OeCUdf8bz8q+SpuXKymfn+POFz7fmTde/wuLGPnN8dfy73jX+VVbGv2qP8e9In3F+8lT9E3n11Z9FvPFcxP258dvx9jRjjSxVuuIf7Rh/Hlgn/p8/+ouLefVnXo1YvhZxPPLjd8Yam5u5MjY7v3DiwszkVH2qfqlWe+z0xMTpUxPjY8056rH2THW3J24f/FBe/dGvtfo/0iN+u/+9Hv/ldfrcaeGrnxx9d079zw+14j9wNP/5P5DFbz3+Q13x35Pdp/9P/p2dy5se81ZE7M7qH4yI77+8/6G8dn3kdiv+uR79r9wRv7v/D/fZ//jtf57Jq372w/3+AgBgK/WeGii6ZQAAwFYbxEpj0X0E8o0sDUfnMnCy2LGusLi6rpDWv5WtL1QXI/6ZrTGk9Q9mq2RpOXehAXjbObjw3l8V3QYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAspudX7g42WjUr84W3RJg0P4bAAD//y/L/6E=") sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x20, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x2}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x1, 0x0, 0x80000}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x7, 0x3}}}}]}]}, 0x70}}, 0x20040000) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0) 10m19.111734349s ago: executing program 9 (id=3538): syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x32, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "d57e190d001e6e1d16c1711bbd8adbf65bd846957b378a02340c68117aa1b390", "b0b4170e157cddfb9792c8e37bafb99e319950347e93f4d34870ee24c0ea06d56270e45c8d3e7d708161ba81dd33c54b", "01acae6f69ea1443db8d53af54944d4894a87f20c65bfb8e0c8cfb67", {"38f5e54b3dc7c070b4d66f0f9565df74", "d2653a13d554fee0e7be27c873db314d"}}}}}}}, 0x0) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000040)={0x4, 0x100000, 0x0, 0x2}) 10m16.196573528s ago: executing program 41 (id=3538): syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x32, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "d57e190d001e6e1d16c1711bbd8adbf65bd846957b378a02340c68117aa1b390", "b0b4170e157cddfb9792c8e37bafb99e319950347e93f4d34870ee24c0ea06d56270e45c8d3e7d708161ba81dd33c54b", "01acae6f69ea1443db8d53af54944d4894a87f20c65bfb8e0c8cfb67", {"38f5e54b3dc7c070b4d66f0f9565df74", "d2653a13d554fee0e7be27c873db314d"}}}}}}}, 0x0) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000040)={0x4, 0x100000, 0x0, 0x2}) 8m36.854354349s ago: executing program 2 (id=3846): socket(0x1d, 0x2, 0x6) r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x1223}}) io_uring_enter(r0, 0x47f6, 0x0, 0x700000000000000, 0x0, 0x0) 8m34.579271321s ago: executing program 2 (id=3853): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x21}, 0x94) r1 = socket$inet6(0xa, 0x3, 0x3) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'bond_slave_1\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r0, r2, 0x25, 0x2, @void}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r0}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 8m33.69155644s ago: executing program 2 (id=3857): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1400}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0xfffffc01, r1}, 0x38) 8m32.773424246s ago: executing program 2 (id=3860): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000180)={[{@nomblk_io_submit}, {@mblk_io_submit}, {@noload}]}, 0x3, 0x470, &(0x7f0000000dc0)="$eJzs3M1vG0UbAPBn13H65k0hoZSvlo9AQVQIkqYt0AMHQCBxKBISHOBoJaEqTQtqgkSrSKQcygkhJO6II/8CJ7ggxAmJK9xRpQr1QsvJaL27iZ3YTtPYcYt/P8ntM/vhmce7Y8/u2AlgaE1l/yQReyPi94iYyIutG0zl/12/tjJ349rKXBL1+tt/JY3t/r62MlduWu433lyIJA62qXfpwsUztcXFhfNFeWb57EczSxcuPnf6bO3UwqmFc0dPnDh+bPbFF44+35M8xyMtojfe++rNk1+05L8hjx6Z6rbyqXq9x9UN1l1N8cgA28H2VIrjVW30/4moNB29iXj9s7XCpwNqINA39Xq9Pt559Wod+A9LorWsy8OwKD/oy+vfdtfBL/dt9DF4V1/JL4CyvK8Xj3zNyNodg+qG69temoqId1f/+SZ7RH/uQwAAtPghG/88m412Vuayscf6+CON+5u2u7uYG5qMiHsiYl9E3BvnYn9E3BfR2PaBiHhwm/U3TZI0hpmbxz/plVtO7iZk47+Xirmt1vFfOfqLyUqjdCEvRDV5//TiwpHiNTkc1T1ZebZLHT++9tuXndY1j/+yR1Z/ORYs2nFlZE/rPvO15dqtZ9zq6qWIAyPt8k/WZgKSiHgoIg60e4J06zpOP/Pdw53WbZ1/Fz2YaKp/G/F0fvxXY0P+paT7/OTM/2Jx4chMeVZs9suvl9/qVP+O8u+B7Pj/v+35v5b/ZNI8X7u0/Tou//F5x2uaqWoRbOP8X60t10aTdxrxaLHsk9ry8vnZiNHkZN7o5uVH1/cty+X2Wf6HD7Xv//ti/ZU4GBHZSfxIRDwaEY8Vx+7xiHgiIg51yf/nV5/8YOOysTL/2+D4z2/r+K8Ho9G6JG2zTRZUzvz0fUulk+thkf+N7u9/xxvR4WLJzbz/bW5F+2Cnrx8AAADcCdKI2BtJOr0Wp+n0dP4d/v351Hfm43Pz+W8EJqOalne6Jpruh84Wl/V5+VJE5F8tKNcfi7Rx3/jrylijPD334eL8QDMHxjv0/8yflUG3Dug7P9iC4aX/w/Dq2v+ru9cOYPdt6v9d+/yevrYF2F1tPv/HBtEOYPe1G//7ez8wHDb0f9N+METc/4fhpf/D8NL/YSgtjcXWP5LvGpTPdIu7bxVMROy0hYMJonpbNKNvQaR9r2K0v6dW34LkDmzzpmBw70kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99G8AAAD//1KFzjw=") syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r0, 0x4c81, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) 8m31.195377733s ago: executing program 8 (id=3864): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0xffff, 0xb7, @loopback, 0x5}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x1e) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000180)=@gcm_256={{0x304}, "3bd2372723106d89", "3440d0f76c8d565a9e1e171605a4d119dcdbddd219b4dbac6b3b54e8d013b7bd", "beee4390", "28f4a7dcb837716c"}, 0x38) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000080)=@gcm_128={{0x303}, "ba28597967d1b54c", "9712b0d86846b5ecc522bc6f13a6e30c", "ea0292da", "9e87dc79f4c04982"}, 0x28) 8m30.949223589s ago: executing program 2 (id=3866): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000cc0)='./file1\x00', 0x10000, &(0x7f0000000d40)=ANY=[@ANYRES16=0x0], 0xfb, 0x2ba, &(0x7f0000000a00)="$eJzs3b+KY1UYAPDvZpI7WadICisRvMUWNg4721mZRUYQp1JS+Ad0cXdhmYSFCQRWxbCVT2Bh4XvY2Qs2voHgA9i5yMKRm9xJYpLNZHbMjMz+fs0cvvN995xz7wkpwj3zxev943uPBg+efPN7NJtZ1DrRiadZtKMWp1IlAIBr4WlK8ecLfb/Xa9uaEwCwXXPf/43npOwuh97Z9rQAgC366ONPPrhzdHT4YVE0I/rfDbtZjP9W/XcexMPoxf24Fa14NvstIKVJ+733jw6jXpTacbM/GnaH3Yj+579OU/MY1x9EK9qr6w+Kibn60bDbiFd2I8siHnbKidyOVry6VF/2H95eUR/dPN5sVosox9+PVvz2ZTyKXtwb/6YxG//bPIp30/d/ff1pmVzWZyvuVNq5tIcCAAAAAAAAAAAAAAAAAAAAAMC1t19MteNmvwxV5+/sPBv37/+rf3y+Tm3cP6nPIvJxY+F8oFGKH0/P17lVFEWqjtSZnu9zox6v1aN+ZQsHAAAAAAAAAAAAAAAAAACA/5HB46+O7/Z690/+k0b1kv/0tf4XvU5nLvJGrE/ePddYsVOll3NdzDn45bP+NFIuYpM5v92sLlhFho0iYt2cG0uRG3Pla8b6O6WUsiziYo+psclYZzT21ueU9+PnH/beOr6bnXUPm6cP7qf5rjxOBo8Xnmlk55lhOtf2y9fk5NWO2eg6exf7EOXxx2SwKpKdsYrGXKRRNeJ526+50X6eflIAAAAAAAAAAAAAAAAAAIBLNnvpd0Xnk7Wlta1NCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu2ez//88asRRZaIyq4tU5KaXRNJLHyeCKlwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBL4J8AAAD//9iHZrU=") syz_open_procfs(0x0, &(0x7f0000000040)='uid_map\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) splice(r0, &(0x7f0000000040), r1, 0x0, 0x808, 0x0) 8m29.125517903s ago: executing program 8 (id=3869): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3000009, 0x12, r0, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents64(r1, &(0x7f0000002f40)=""/4098, 0x1002) 8m28.107255018s ago: executing program 2 (id=3872): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x9b}}, 0x0, 0x5}, 0x94) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88) 8m27.944907954s ago: executing program 8 (id=3873): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0x3c}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='reno', 0x4) 8m24.836193957s ago: executing program 42 (id=3872): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x9b}}, 0x0, 0x5}, 0x94) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88) 8m24.752155786s ago: executing program 8 (id=3877): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000180)={[{@nomblk_io_submit}, {@mblk_io_submit}, {@noload}]}, 0x3, 0x470, &(0x7f0000000dc0)="$eJzs3M1vG0UbAPBn13H65k0hoZSvlo9AQVQIkqYt0AMHQCBxKBISHOBoJaEqTQtqgkSrSKQcygkhJO6II/8CJ7ggxAmJK9xRpQr1QsvJaL27iZ3YTtPYcYt/P8ntM/vhmce7Y8/u2AlgaE1l/yQReyPi94iYyIutG0zl/12/tjJ349rKXBL1+tt/JY3t/r62MlduWu433lyIJA62qXfpwsUztcXFhfNFeWb57EczSxcuPnf6bO3UwqmFc0dPnDh+bPbFF44+35M8xyMtojfe++rNk1+05L8hjx6Z6rbyqXq9x9UN1l1N8cgA28H2VIrjVW30/4moNB29iXj9s7XCpwNqINA39Xq9Pt559Wod+A9LorWsy8OwKD/oy+vfdtfBL/dt9DF4V1/JL4CyvK8Xj3zNyNodg+qG69temoqId1f/+SZ7RH/uQwAAtPghG/88m412Vuayscf6+CON+5u2u7uYG5qMiHsiYl9E3BvnYn9E3BfR2PaBiHhwm/U3TZI0hpmbxz/plVtO7iZk47+Xirmt1vFfOfqLyUqjdCEvRDV5//TiwpHiNTkc1T1ZebZLHT++9tuXndY1j/+yR1Z/ORYs2nFlZE/rPvO15dqtZ9zq6qWIAyPt8k/WZgKSiHgoIg60e4J06zpOP/Pdw53WbZ1/Fz2YaKp/G/F0fvxXY0P+paT7/OTM/2Jx4chMeVZs9suvl9/qVP+O8u+B7Pj/v+35v5b/ZNI8X7u0/Tou//F5x2uaqWoRbOP8X60t10aTdxrxaLHsk9ry8vnZiNHkZN7o5uVH1/cty+X2Wf6HD7Xv//ti/ZU4GBHZSfxIRDwaEY8Vx+7xiHgiIg51yf/nV5/8YOOysTL/2+D4z2/r+K8Ho9G6JG2zTRZUzvz0fUulk+thkf+N7u9/xxvR4WLJzbz/bW5F+2Cnrx8AAADcCdKI2BtJOr0Wp+n0dP4d/v351Hfm43Pz+W8EJqOalne6Jpruh84Wl/V5+VJE5F8tKNcfi7Rx3/jrylijPD334eL8QDMHxjv0/8yflUG3Dug7P9iC4aX/w/Dq2v+ru9cOYPdt6v9d+/yevrYF2F1tPv/HBtEOYPe1G//7ez8wHDb0f9N+METc/4fhpf/D8NL/YSgtjcXWP5LvGpTPdIu7bxVMROy0hYMJonpbNKNvQaR9r2K0v6dW34LkDmzzpmBw70kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99G8AAAD//1KFzjw=") syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r0, 0x4c81, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) 8m23.507017981s ago: executing program 8 (id=3882): r0 = socket$kcm(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='lo\x00', 0x10) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) r1 = socket$kcm(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='veth1\x00', 0x10) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e21, @local}, 0x10) 8m22.417649568s ago: executing program 8 (id=3883): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r2, &(0x7f0000000180)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0}, 0x0) 8m19.435101594s ago: executing program 43 (id=3883): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r2, &(0x7f0000000180)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0}, 0x0) 1m7.058753213s ago: executing program 0 (id=5380): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000084c000/0x3000)=nil) syz_clone(0x42080000, 0x0, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 1m2.403745186s ago: executing program 0 (id=5393): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) membarrier(0x10, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000300)={0x0}) r2 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={r1, 0x1, r2, 0x3, 0x80000}) 1m0.868757643s ago: executing program 0 (id=5400): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x80) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)={[{@quota}]}) chdir(&(0x7f0000000240)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x40) pwrite64(r0, &(0x7f0000000280)='\x00', 0x1, 0xfecc) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0) 1m0.082347383s ago: executing program 0 (id=5404): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x2014050, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='./file0/../file0\x00') 58.849141005s ago: executing program 0 (id=5408): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r2, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010) sendmmsg$inet(r0, &(0x7f0000000600)=[{{&(0x7f0000000040)={0x2, 0x4e25, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@ip_pktinfo={{0x18, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x18, 0x3f}}], 0x1, 0xc0) 57.641200251s ago: executing program 7 (id=5413): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x4, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 55.370426092s ago: executing program 7 (id=5418): rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xfffffeffffffffff]}, 0x0, 0x8) r0 = gettid() timer_create(0x1, &(0x7f0000000800)={0x0, 0x12, 0x4, @tid=r0}, &(0x7f0000000380)=0x0) timer_settime(r1, 0x1, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0) r2 = gettid() tkill(r2, 0x16) 54.106860523s ago: executing program 7 (id=5422): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r3, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 52.17425467s ago: executing program 7 (id=5427): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000140)=ANY=[], 0x12f4}, 0x1, 0x0, 0x0, 0x44054}, 0x8010) poll(&(0x7f0000000380)=[{r1}], 0x1, 0x4) 51.280370714s ago: executing program 0 (id=5430): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) move_pages(0x0, 0x1, &(0x7f00000000c0)=[&(0x7f0000ffa000/0x5000)=nil], 0x0, &(0x7f0000000000), 0x0) 51.1196659s ago: executing program 7 (id=5431): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x10a78c0, 0x0) 48.159318331s ago: executing program 44 (id=5430): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) move_pages(0x0, 0x1, &(0x7f00000000c0)=[&(0x7f0000ffa000/0x5000)=nil], 0x0, &(0x7f0000000000), 0x0) 48.068587114s ago: executing program 7 (id=5436): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x80000) r2 = fcntl$dupfd(r0, 0x0, r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)={0x40000000}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x10000014}) epoll_wait(r1, &(0x7f00000008c0)=[{}, {}], 0x2, 0x1000) 44.786562601s ago: executing program 45 (id=5436): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x80000) r2 = fcntl$dupfd(r0, 0x0, r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)={0x40000000}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x10000014}) epoll_wait(r1, &(0x7f00000008c0)=[{}, {}], 0x2, 0x1000) 9.535353426s ago: executing program 1 (id=5527): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000001c0)={{0x0, 0x0, 0xfffd, 0x8001}, 'syz1\x00'}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.empty_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) write$uinput_user_dev(r0, &(0x7f0000000900)={'syz1\x00', {0x8725, 0x0, 0x6}, 0x37b3, [0xfeff, 0x4, 0x0, 0x0, 0x4, 0x20000, 0x0, 0xfff, 0x0, 0x0, 0x0, 0xe5, 0x4, 0xb7, 0xfffffffd, 0xfffffffe, 0x0, 0x4, 0x0, 0xe5, 0xffffffff, 0x10000000, 0x0, 0xfffffffe, 0x0, 0xa8e, 0x2, 0x0, 0x1f6, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x0, 0x3, 0x200000, 0x20, 0x3, 0x5, 0x80000004, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x20004, 0x0, 0x0, 0xd, 0x2, 0xffffffff], [0x10, 0x0, 0x7, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffc, 0xfffffffd, 0x800, 0x0, 0xfffffffc, 0x3, 0x1, 0x0, 0x2, 0x0, 0x5, 0x40000000, 0x2, 0xfffffffc, 0x7fffffff, 0x0, 0x68, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, 0x8004, 0x8, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x80, 0x0, 0x4, 0x0, 0x7, 0x0, 0x4], [0x0, 0x4, 0xfffffffe, 0x0, 0xffffffff, 0x5, 0x100, 0x0, 0x0, 0xb7c, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x520, 0x2, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x7, 0xfffffffe, 0x8, 0x0, 0x9, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x40, 0x2ff, 0x4000005, 0x0, 0x4, 0x2, 0x0, 0x40000004, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x3ff], [0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20e, 0x5, 0x0, 0x103, 0x0, 0x0, 0x0, 0x80, 0x6, 0x0, 0x0, 0x2, 0x1, 0x7fff, 0xfffffffd, 0xd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x804, 0x0, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x40000003, 0x2, 0xfffffffe, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x3, 0x7, 0xfffffffd, 0x53591b27, 0x8, 0x0, 0x0, 0xfffff4a1, 0x8, 0x7, 0x8000, 0x0, 0x6, 0x7ffdffff, 0x1000000, 0x0, 0x3]}, 0x45c) 8.710103009s ago: executing program 3 (id=5529): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r1], 0x44}}, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x54801}, 0x0) 8.263232248s ago: executing program 1 (id=5531): capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) setrlimit(0x40000000000008, &(0x7f0000000080)={0x0, 0x6}) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000600)={0x200000000000001, 0x3}, 0x8) sendto$inet6(r0, 0x0, 0x0, 0xc880, &(0x7f0000000540)={0xa, 0x4e1c, 0x6, @empty, 0x8}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000002c0)="8f", 0x1}], 0x1}}], 0x1, 0x4000483) 8.026019731s ago: executing program 3 (id=5532): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @pic={0xd, 0x27, 0x4, 0x8, 0x9, 0xa4, 0x1, 0x4, 0x6, 0x4, 0x10, 0xb3, 0x7c, 0xf, 0x45, 0x2}}) 7.556555049s ago: executing program 6 (id=5533): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ptrace(0x10, r0) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x11, &(0x7f0000002380)={[{@sysvgroups}, {@noquota}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x8}}, {@usrjquota}, {@data_journal}, {@errors_remount}, {@init_itable_val={'init_itable', 0x3d, 0x313}}, {@block_validity}]}, 0x0, 0x5fd, &(0x7f00000004c0)="$eJzs3c1vFVUbAPBnpp+07/u2kDcqLqSJMZAoLS1giDER9oTgx85VpYUghRJao0USS4IbE+PGhYkrF+J/oSRuXbh14caVISHGsBBD5Jq5nSnT23tLv+69pff3S4aeM8Odc6b04Zl7es7cADrWSPZHGrE/Iq4mEUOlY92RHxxZ+nv3/7xxLtuSqFTe/iOJG58ki+VzJfnXwfzF/wxF8nMasa9rdbtzC9cvTc7MTF/L62Pzl6+OzS1cP3zx8uSF6QvTVyZenThx/NjxE+NHtnR9Sal8+tb7Hw59dubdb79+mIx/9+uZJE7Go7xv2XXVvrZvSy1n37ORqCx5UN6ffV9PbPHcO8VfQ8XPyWNJ7Q52rDT/eeyJiGdjKLpK/5pD8embbe0c0FSVJIocBXScZFPx37/9HQFarLgPKN7b13sfvFra5LsSoBXunVoaAFiK/Z6IKOK/e2lsMPqrYwMD95MV4zxJRGxtZG5J1sZPP565lW3RYBwOaI7Fm8Uod23+T6qxORz91drA/XRF/KelLdv/1ibbH6mpi39oncWbEfFcnv97Y0PxP1KK//c22b74BwAAAAAAgO1z51REvFJv/l+6PP+nt878n8GIOLkN7T/593/p3byQbENzQMm9UxGv153/uzzHd7grr/23Oh+gJzl/cWb6SET8LyIORU9fVh+vOW95hvDhz/d91aj98vy/bMvaL+YC5me6212zEHdqcn5yq9cNRNy7GfF8df7vgXzPyvk/Wf5P6uT/LL6vrrONfS/dPtvo2JPjH2iWyjcRB+vm/8e328naz+cYq94PjBV3Bau98PEX3zdqX/xD+2T5f2Dt+O9Lys/rmdvY+Xsj4uhCd6XR8c3e//cm73QV5898NDk/f208ojc5vXr/xMb6DLtVEQ9FvGTxf+jFtcf/lu//S3G4JyIW19nmM48Gf2t0TP6H9snif2rt/D+8Mv9vvDBxe/iHRu2fXVf+P1bN6YfyPcb/oGz18zjWG6Bt6S4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPOXSiPhPJOnocjlNR0cjBiPi/zGQzszOzb98fvaDK1PZsern/6fFJ/0OLdWT4vP/h0v1iZr60YjYGxFfdu2p1kfPzc5MtfviAQAAAAAAAAAAAAAAAAAAYIcYrK75r/TVrv/P/N7V7t4BTdedfxXv0Hm6N/3KSt+2dgRouc3HP/C0W3/89zS1H0DrNY7/Bw8rVS3tDtBC7v+hc20y/v26AHYB+R861TrH9Pqb3Q+gHeR/AAAAAADYVfYeuPNLEhGLr+2pbpne/JjJ/rC7pe3uANA25vBC5+qebXcPgHbxHh9Ilkt/113s33j2f9KcDgEAAAAAAAAAAAAAqxzcb/0/dKq11/+b2w+72Rrr/+sFv8cFwC7S+KM/5H7Y7bzHB56U7a3/BwAAAAAAAAAAAIAdoP/6pcmZmelrcwtPX+GNndGNjRUWJ3dEN7a18Kg5Z+6JiJ1xga0uFI/gaGM32vz/EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsOzfAAAA//+XNycY") ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0}) 7.38671267s ago: executing program 1 (id=5534): r0 = syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103050000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d00000904010102020d0000090582020002e1ad00090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x20, 0x80, 0x1c, {0xff, 0x2270, 0x1000, 0x9, 0x44, 0x8000, 0xfffd, 0xec, 0x100, 0xfffc, 0x5, 0xfb}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) 7.116449905s ago: executing program 3 (id=5535): recvmmsg(0xffffffffffffffff, &(0x7f0000000a80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=""/45, 0x2d}, 0x4}], 0x1, 0x600121a3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, &(0x7f0000000300), 0x4) write$binfmt_elf64(r1, &(0x7f0000000580)=ANY=[], 0x78) recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/8, 0xc}}], 0x4b, 0x0, 0x0) 6.427632385s ago: executing program 6 (id=5536): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000200)={@val={0xa, 0x10}, @void, @eth={@link_local, @empty, @void, {@ipv6={0x86dd, @generic={0x9, 0x6, "000400", 0x8, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, {[@dstopts={0x6}]}}}}}}, 0x42) 6.245787036s ago: executing program 3 (id=5537): syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x1200000, &(0x7f0000000540)=ANY=[], 0x0, 0x41c, &(0x7f00000007c0)="$eJzs3E1PG0cYwPFZYojrSihS1PASDpOmleghzu5SjFBO2/XYTLLeXe2uIzhVUYEIFUhVUqlwaZGqtJXaUz9Brv0GveQTNWq/AdW+QAHbOOHNCP1/UjTj3WdmnrGsmdhoVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGG4ddO0DOFpv70oe3PrUdDqduPTzazY7+/jI8UJ4wphpP9EuSzG80vjt/+//VHeyVj+akyU06Isdj68c+vR7dLQfvsTEr4UW9s7L/7Kc3yn+NK/e5kLT+y9vPnjtC2bytdxoFtOU0kdB3K+VjMfLjRi2dCeipfiRLWkGyknCSI57X4mrfn5GamqS0Hbb9YdT+1fnHtgm2ZNPq6GyoniwH/4uBq7C9rztN/MYtLbacxc+kF8ohOZKKcl5era+spMvyTTIOuE+4YQP2ZBdr+ebNO2Lcu2rdrs/OycaZZs05ZHLpjHiI4mg//QYrDOc/kGzmSv2P8BAAAAAMD1ZWS/saff/4ez3+EN0dCeMgedFgAAAAAAOEfZX/7H0mI4rY0Lg+//AAAAAABcN78cPmP3QbczdnF403jzj4iiYWM3XPzE2HDScGdDlLJ2N473mDQmjdGik6yolYpXrpoyJvKgif3ot0Wx2u+sn9GRQDHy8QTyE3Z7P3RJQPwmJvOgyeW8XN6/k49SaWhPVd3Ae2QJxxkdStRi8t3m2vcim/6vfmvUEKtr6yvVr16sL2e57Ka97G4UByg6zlH0fjPEy4Nzj91nPFJ0kY1bMbIg8/D8h/L7Q51jTogeY74Sd/OYu5W8rBydfzmdv1XtNftKPnvrjDN/JabymKnp+2lxf7pLFna/LOzDWfR+L86WxUz3LP4+yGLmjFkAwKCs9tmFjM6N/xSr3Pnt7iev6PfymHuT2cJamuyyopv99hXzjLvbnx3PQOi1x6bj/u63qiNCHOyqr9MGr3uOG3t29j+BGy83vhF3trZ3HqxtPHu+8nxl07Znaubnpjlri+FsGkXB3gMA6EJFb41K8rMRRTr80hqZt5xkQckocJ/ISNebSmo/UZG74PhNJcMoSAI38NLKU10SsYzbYRhEiWwEkQyDWC9mT36RxaNfYtVy/ES7cegpJ1bSDfzEcRNZ1/FPxfgLKsoax6FydUO7TqIDX8ZBO3JVVcpYKRm2v/B0nAbquvIT3dBp1ZdhpFtOtCSfBl67pWRdxW6kwyRIu40OxtJ+I4haWbfVwb7VAABcGVvbO18/W19f+fYCK4OeIwAAOIpdGgAAAAAAAAAAAAAAAAAAAACAq+8yzv+db8UQQhy5clMIcRUSu16VcvEBuSr5vHPlVpH4VcnnPSoj4pTN9y4gnwEuSgAuxX8BAAD//37Wnks=") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0) open_tree(r0, &(0x7f0000000640)='\x00', 0x89901) 5.14574163s ago: executing program 3 (id=5538): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x28}, 0x18) open(&(0x7f0000000100)='./file0\x00', 0x800, 0x4) 4.645193147s ago: executing program 6 (id=5539): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000280)={&(0x7f0000000780)={{@my=0x0}, {@my=0x0, 0x800000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c9"}, 0x418}) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 4.520076016s ago: executing program 5 (id=5432): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) landlock_restrict_self(r0, 0x1) bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0x6e) connect$unix(r1, &(0x7f0000000640)=@file={0x1}, 0x6e) 3.89836985s ago: executing program 1 (id=5540): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0) 3.594082725s ago: executing program 3 (id=5541): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000100)="ea", 0x1) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) splice(r0, 0x0, r3, 0x0, 0x25a5, 0x0) 3.470197421s ago: executing program 6 (id=5542): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r1, 0x0, 0xf3a, 0x0) tee(r0, r4, 0x1, 0x0) write$binfmt_elf64(r2, &(0x7f0000000380)=ANY=[], 0x18c6) 3.267192677s ago: executing program 5 (id=5543): syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) 866.591488ms ago: executing program 46 (id=5541): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000100)="ea", 0x1) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) splice(r0, 0x0, r3, 0x0, 0x25a5, 0x0) 820.720945ms ago: executing program 6 (id=5545): r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x0, &(0x7f0000000000)=0x9, 0x0, 0x4) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 809.965164ms ago: executing program 5 (id=5546): creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r0 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) renameat2(r0, &(0x7f00000001c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 782.848397ms ago: executing program 1 (id=5547): r0 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000002240)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', r1, 0x0, 0x0, 0xfe, 0x0, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0xfff}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', r3, 0x0, 0xff, 0x64, 0x7, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1, 0x8000, 0xfffffffe}}) 755.368083ms ago: executing program 4 (id=5442): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000200)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="02017d29012918000e3580009f0001140000002f0600ac141414e0000003808a89723a0b72e41082b1a3d206"], 0xdd12}], 0x1}, 0x0) 205.474667ms ago: executing program 6 (id=5548): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r2, {0xa, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x54, 0x2, [@TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x3d1, 0x3, 0x20000000, 0x6, 0x6}, 0x7b}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x84}}, 0x2) 204.987277ms ago: executing program 4 (id=5549): r0 = creat(&(0x7f0000000080)='./file0\x00', 0xc7) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x82, 0x0) close(r0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x4440, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 68.652063ms ago: executing program 5 (id=5550): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@updpolicy={0xb4, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in6=@dev={0xfe, 0x80, '\x00', 0x21}, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x0, 0x0, 0x87}, {0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffff7, 0x9ac, 0xfffffc, 0x4000000000000000, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}, 0x800}}, 0xb4}}, 0x2c000010) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10) 0s ago: executing program 1 (id=5551): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$packet(0x11, 0x3, 0x300) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x0, 0x4, 0x11, 0x4, 0x0, 0xa6b9}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0xfff5, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x4}, 0x1, {0x8100}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x2}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a) kernel console output (not intermixed with test programs): s in process `syz.7.3987'. [ 1388.676606][T18102] loop3: detected capacity change from 0 to 8 [ 1388.831085][T18102] SQUASHFS error: Failed to read block 0x4de: -5 [ 1388.909809][T18102] SQUASHFS error: Failed to read block 0x4de: -5 [ 1388.960110][ T30] audit: type=1800 audit(2000000133.720:262): pid=18102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3991" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 1389.753372][T17818] veth0_vlan: entered promiscuous mode [ 1389.951075][T17818] veth1_vlan: entered promiscuous mode [ 1390.563607][T17818] veth0_macvtap: entered promiscuous mode [ 1390.709832][T17818] veth1_macvtap: entered promiscuous mode [ 1391.119788][T17818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1391.250413][T18122] loop1: detected capacity change from 0 to 4096 [ 1391.310500][T18127] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3997'. [ 1391.313842][T17818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1391.572847][T17046] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1391.669964][T17046] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1391.754925][T17046] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1391.843622][T17046] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1394.134158][T18154] input: syz1 as /devices/virtual/input/input49 [ 1394.162967][T18152] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 1394.266227][T18152] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 1394.290908][T18152] overlayfs: failed to create directory ./bus/work (errno: 17); mounting read-only [ 1395.488935][ T795] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1395.675690][ T795] usb 4-1: Using ep0 maxpacket: 32 [ 1395.717082][ T795] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1395.730220][ T795] usb 4-1: New USB device strings: Mfr=115, Product=0, SerialNumber=0 [ 1395.739036][ T795] usb 4-1: Manufacturer: syz [ 1395.799814][ T795] usb 4-1: config 0 descriptor?? [ 1395.825115][T18175] loop7: detected capacity change from 0 to 16384 [ 1395.867434][T17044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1395.875996][T17044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1396.102181][ T795] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1396.119583][T18177] loop7: detected capacity change from 16384 to 0 [ 1396.126996][ C1] blk_print_req_error: 10 callbacks suppressed [ 1396.127100][ C1] I/O error, dev loop7, sector 1280 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2 [ 1396.149175][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x880700 phys_seg 1 prio class 2 [ 1396.173363][ T795] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1396.252633][ T795] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1396.302769][T17028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1396.311068][T17028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1396.345990][ T795] usb 4-1: media controller created [ 1396.688736][ T795] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1397.656779][ T795] stb0899_attach: Driver disabled by Kconfig [ 1397.663082][ T795] az6027: no front-end attached [ 1397.663082][ T795] [ 1397.779733][ T795] az6027: usb out operation failed. (-71) [ 1397.790383][ T795] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1397.889361][ T795] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input50 [ 1397.980258][ T795] dvb-usb: schedule remote query interval to 400 msecs. [ 1397.987673][ T795] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1398.029221][T18196] loop1: detected capacity change from 0 to 256 [ 1398.100208][ T795] usb 4-1: USB disconnect, device number 26 [ 1398.240523][T18196] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 1398.964963][ T795] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1400.717216][T18227] input: syz0 as /devices/virtual/input/input51 [ 1401.663671][T17038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1401.674269][T17038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1402.086051][T17044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1402.094129][T17044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1402.210119][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1402.349649][T18245] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4022'. [ 1402.402011][T18247] netlink: 'syz.3.4021': attribute type 13 has an invalid length. [ 1402.410571][T18247] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4021'. [ 1403.477776][T18258] netlink: 'syz.6.3887': attribute type 4 has an invalid length. [ 1403.542489][T18263] netlink: 'syz.6.3887': attribute type 4 has an invalid length. [ 1403.729906][T18261] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4027'. [ 1409.687452][T18336] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4052'. [ 1409.726495][T18336] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1409.917449][T18336] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1409.921466][ C0] hrtimer: interrupt took 492869 ns [ 1411.950242][T18363] netlink: 'syz.1.4061': attribute type 6 has an invalid length. [ 1413.284700][T18382] loop6: detected capacity change from 0 to 1024 [ 1413.362724][T18382] EXT4-fs: Ignoring removed bh option [ 1413.503371][T18382] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1413.895101][T18392] EXT4-fs error (device loop6): ext4_check_all_de:659: inode #12: block 7: comm syz.6.4067: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 1414.125511][T18392] EXT4-fs (loop6): Remounting filesystem read-only [ 1414.853252][T17818] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1414.870604][T18404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4072'. [ 1415.954885][T18411] loop6: detected capacity change from 0 to 128 [ 1416.587931][T18411] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1416.731161][T18411] ext4 filesystem being mounted at /9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1417.220591][T18411] EXT4-fs error (device loop6): dx_make_map:1296: inode #2: block 20: comm syz.6.4074: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 1417.336451][T18411] EXT4-fs (loop6): Remounting filesystem read-only [ 1417.923911][T17818] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1418.165028][ T30] audit: type=1326 audit(2000000162.920:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18429 comm="syz.3.4080" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 1418.387573][ T30] audit: type=1326 audit(2000000162.950:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18429 comm="syz.3.4080" exe="/root/syz-executor" sig=0 arch=40000003 syscall=310 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 1418.413078][ T30] audit: type=1326 audit(2000000162.970:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18429 comm="syz.3.4080" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 1418.438658][ T30] audit: type=1326 audit(2000000162.980:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18429 comm="syz.3.4080" exe="/root/syz-executor" sig=0 arch=40000003 syscall=399 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 1418.461931][ T30] audit: type=1326 audit(2000000162.980:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18429 comm="syz.3.4080" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 1418.487548][ T30] audit: type=1326 audit(2000000162.990:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18429 comm="syz.3.4080" exe="/root/syz-executor" sig=0 arch=40000003 syscall=400 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 1418.510439][ T30] audit: type=1326 audit(2000000162.990:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18429 comm="syz.3.4080" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 1418.536019][ T30] audit: type=1326 audit(2000000162.990:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18429 comm="syz.3.4080" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 1418.558578][ T30] audit: type=1326 audit(2000000163.000:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18429 comm="syz.3.4080" exe="/root/syz-executor" sig=0 arch=40000003 syscall=401 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 1418.584522][ T30] audit: type=1326 audit(2000000163.000:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18429 comm="syz.3.4080" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7ffc0000 [ 1419.550742][ T5840] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 1419.789667][ T5840] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1419.804964][ T5840] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1419.816473][ T5840] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1419.826669][ T5840] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1419.961281][T18440] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1420.034649][ T5840] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1420.308404][T18449] loop6: detected capacity change from 0 to 1024 [ 1420.413375][ T5840] usb 2-1: USB disconnect, device number 19 [ 1424.480494][T18487] loop3: detected capacity change from 0 to 128 [ 1424.557424][T18487] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 1425.829482][T18504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4103'. [ 1427.016467][T18518] loop3: detected capacity change from 0 to 256 [ 1427.121429][T18521] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4108'. [ 1427.197059][T18524] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4108'. [ 1427.259114][T18521] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4108'. [ 1427.272715][T18521] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4108'. [ 1428.619501][T18532] loop1: detected capacity change from 0 to 4096 [ 1428.770986][T18532] NILFS (loop1): invalid segment: Checksum error in segment payload [ 1428.779753][T18532] NILFS (loop1): trying rollback from an earlier position [ 1429.046091][T18532] NILFS (loop1): recovery complete [ 1429.102689][T18546] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1429.187848][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 1429.187926][ T30] audit: type=1800 audit(2000000173.950:276): pid=18532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4111" name="file1" dev="loop1" ino=12 res=0 errno=0 [ 1431.410027][T18562] netlink: 208 bytes leftover after parsing attributes in process `syz.6.4121'. [ 1431.420026][T18562] netlink: 208 bytes leftover after parsing attributes in process `syz.6.4121'. [ 1433.089383][ T795] usb 8-1: new high-speed USB device number 34 using dummy_hcd [ 1433.280508][ T795] usb 8-1: Using ep0 maxpacket: 32 [ 1433.375155][ T795] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1433.391507][ T795] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1433.401823][ T795] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1433.411719][ T795] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1433.668462][ T795] usb 8-1: config 0 descriptor?? [ 1433.730503][ T795] hub 8-1:0.0: USB hub found [ 1433.968929][ T795] hub 8-1:0.0: 1 port detected [ 1434.636991][ T795] hub 8-1:0.0: activate --> -90 [ 1435.075219][ T5840] usb 8-1: USB disconnect, device number 34 [ 1435.082203][ T6120] usb 8-1: Failed to suspend device, error -71 [ 1436.989830][ T795] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1437.176917][ T795] usb 4-1: Using ep0 maxpacket: 32 [ 1437.281537][ T795] usb 4-1: config 0 has no interfaces? [ 1437.366621][ T795] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1437.380754][ T795] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1437.390057][ T795] usb 4-1: SerialNumber: syz [ 1437.520783][T18637] loop1: detected capacity change from 0 to 47 [ 1437.552291][ T795] usb 4-1: config 0 descriptor?? [ 1437.924843][ T5840] usb 4-1: USB disconnect, device number 27 [ 1438.401294][T18647] loop6: detected capacity change from 0 to 1024 [ 1438.601883][T18647] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 1438.714044][T18647] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1439.008940][T18647] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.4148: bg 0: block 112: padding at end of block bitmap is not set [ 1439.084807][T18647] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 1 with error 117 [ 1439.097956][T18647] EXT4-fs (loop6): This should not happen!! Data will be lost [ 1439.097956][T18647] [ 1439.702782][T17818] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 1441.040254][ T30] audit: type=1326 audit(2000000185.800:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18667 comm="syz.3.4155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x7fc00000 [ 1444.172022][T18715] loop7: detected capacity change from 0 to 512 [ 1444.342724][T18715] EXT4-fs error (device loop7): ext4_validate_block_bitmap:432: comm syz.7.4170: bg 0: block 5: invalid block bitmap [ 1444.421716][T18715] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 1444.481139][T18715] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.4170: invalid indirect mapped block 3 (level 2) [ 1444.522988][T18715] EXT4-fs (loop7): 2 truncates cleaned up [ 1444.544162][T18715] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1445.191969][ T796] usb 8-1: new high-speed USB device number 35 using dummy_hcd [ 1445.441608][ T796] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1445.452033][ T796] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1445.465701][ T796] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1445.475017][ T796] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1445.854825][ T796] usb 8-1: config 0 descriptor?? [ 1445.908876][T18730] netlink: 'syz.6.4175': attribute type 4 has an invalid length. [ 1446.516141][ T796] kovaplus 0003:1E7D:2D50.0037: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.7-1/input0 [ 1446.942983][ T796] kovaplus 0003:1E7D:2D50.0037: couldn't init struct kovaplus_device [ 1446.951893][ T796] kovaplus 0003:1E7D:2D50.0037: couldn't install mouse [ 1447.061741][ T796] kovaplus 0003:1E7D:2D50.0037: probe with driver kovaplus failed with error -71 [ 1447.190849][ T796] usb 8-1: USB disconnect, device number 35 [ 1447.706666][T18737] fido_id[18737]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory [ 1447.857618][ T8656] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1448.696603][ T796] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 1448.933836][ T796] usb 7-1: config 0 has no interfaces? [ 1448.995028][ T796] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1449.004840][ T796] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1449.013309][ T796] usb 7-1: Product: syz [ 1449.017889][ T796] usb 7-1: Manufacturer: syz [ 1449.022768][ T796] usb 7-1: SerialNumber: syz [ 1449.188752][ T796] usb 7-1: config 0 descriptor?? [ 1449.463352][ T796] usb 7-1: USB disconnect, device number 17 [ 1454.289076][T18816] overlayfs: failed to resolve './file0': -2 [ 1454.999065][T18820] IPVS: Scheduler module ip_vs_ not found [ 1455.100008][T18824] IPVS: length: 24 != 12792 [ 1457.772124][T18850] loop7: detected capacity change from 0 to 256 [ 1457.800912][T18854] netlink: 'syz.1.4210': attribute type 1 has an invalid length. [ 1458.002199][T18850] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1458.079577][ T796] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1458.246324][T18854] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1458.363646][ T796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1458.375803][ T796] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1458.385150][ T796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1458.454912][T18862] exFAT-fs (loop7): start_clu is invalid cluster(0xffffffff) [ 1458.517449][T18863] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4213'. [ 1458.558979][ T796] usb 4-1: config 0 descriptor?? [ 1458.619260][T18857] bond1: (slave geneve2): making interface the new active one [ 1458.811020][T18857] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 1459.030057][T18863] vxlan0: entered promiscuous mode [ 1459.113760][ T6120] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1459.212229][T17048] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1459.248990][ T8656] exFAT-fs (loop7): valid_size(150994954) is greater than size(10) [ 1459.288077][ T796] keytouch 0003:0926:3333.0038: fixing up Keytouch IEC report descriptor [ 1459.350634][T17048] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1459.390699][T17028] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1459.532742][ T796] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0038/input/input52 [ 1460.042906][ T796] keytouch 0003:0926:3333.0038: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 1460.222641][ T796] usb 4-1: USB disconnect, device number 28 [ 1460.356634][T18874] netlink: 51 bytes leftover after parsing attributes in process `syz.7.4215'. [ 1460.535843][ T5840] usb 7-1: new full-speed USB device number 18 using dummy_hcd [ 1460.851243][ T5840] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1460.868296][ T5840] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1460.982442][ T5840] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1460.992157][ T5840] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1461.000538][ T5840] usb 7-1: Product: syz [ 1461.004922][ T5840] usb 7-1: Manufacturer: syz [ 1461.009869][ T5840] usb 7-1: SerialNumber: syz [ 1461.359438][ T5840] usb 7-1: 0:2 : does not exist [ 1461.394975][T18879] fido_id[18879]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1461.530266][ T5840] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 1461.863920][ T5840] usb 7-1: USB disconnect, device number 18 [ 1461.923406][T18889] loop3: detected capacity change from 0 to 512 [ 1462.096671][T18889] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1462.312698][T18889] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1462.401506][ T6046] udevd[6046]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1462.431321][T18889] ext4 filesystem being mounted at /463/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1462.623162][ T30] audit: type=1800 audit(2000000207.370:278): pid=18889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4221" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 1463.103962][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1463.651412][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1463.857289][T18911] syzkaller1: entered promiscuous mode [ 1463.862997][T18911] syzkaller1: entered allmulticast mode [ 1464.596786][T18918] loop6: detected capacity change from 0 to 64 [ 1464.862957][ T30] audit: type=1800 audit(2000000209.620:279): pid=18918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4229" name="file1" dev="loop6" ino=22 res=0 errno=0 [ 1466.233662][T18935] tipc: Started in network mode [ 1466.242023][T18935] tipc: Node identity ac14142f, cluster identity 4711 [ 1466.322132][T18935] tipc: New replicast peer: 0.0.0.0 [ 1466.332682][T18935] tipc: Enabled bearer , priority 10 [ 1466.341969][T18936] tipc: New replicast peer: ff02:0000:0000:0000:0000:0000:0000:0001 [ 1467.430456][T18946] macvlan1: entered promiscuous mode [ 1467.445666][ T795] tipc: Node number set to 2886997039 [ 1467.464560][T18944] macvlan1: left promiscuous mode [ 1467.566487][ T30] audit: type=1326 audit(2000000212.250:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18943 comm="syz.7.4236" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x0 [ 1468.189265][ T795] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 1468.466890][ T795] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1468.478241][ T795] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1468.678503][ T795] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1468.688099][ T795] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1468.699469][ T795] usb 4-1: Product: syz [ 1468.703899][ T795] usb 4-1: Manufacturer: syz [ 1468.709015][ T795] usb 4-1: SerialNumber: syz [ 1469.238760][ T795] usb 4-1: 0:2 : does not exist [ 1469.307950][ T795] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 1469.616275][ T795] usb 4-1: USB disconnect, device number 29 [ 1470.097377][ T5959] udevd[5959]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1470.447228][T18973] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4245'. [ 1471.072597][T18976] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1471.778860][T18985] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4250'. [ 1471.792107][T18985] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4250'. [ 1471.892017][T18985] macvlan0: entered allmulticast mode [ 1471.897958][T18985] veth1_vlan: entered allmulticast mode [ 1472.208744][ T795] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 1472.253750][T18994] loop6: detected capacity change from 0 to 16 [ 1472.306127][T18994] erofs (device loop6): unidentified algorithms fff0, please upgrade kernel [ 1472.472201][ T795] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1472.485820][ T795] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1472.499535][ T795] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1472.511976][ T795] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1472.971224][ T795] usb 4-1: usb_control_msg returned -32 [ 1472.977616][ T795] usbtmc 4-1:16.0: can't read capabilities [ 1475.198846][ T795] usb 4-1: USB disconnect, device number 30 [ 1475.474471][T19024] 9pnet: p9_errstr2errno: server reported unknown error 0x0000 [ 1475.765089][T19028] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4263'. [ 1475.872509][T19028] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4263'. [ 1475.934082][T19029] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4263'. [ 1475.947250][T17760] Bluetooth: hci1: command 0x0406 tx timeout [ 1476.194544][T19034] netlink: 'syz.6.4264': attribute type 1 has an invalid length. [ 1476.202787][T19034] netlink: 'syz.6.4264': attribute type 4 has an invalid length. [ 1476.210865][T19034] netlink: 15334 bytes leftover after parsing attributes in process `syz.6.4264'. [ 1478.473340][T19055] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4273'. [ 1480.232876][T19066] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4276'. [ 1480.242298][T19066] netlink: 32 bytes leftover after parsing attributes in process `syz.7.4276'. [ 1480.251693][T19066] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4276'. [ 1480.503895][T19066] netlink: 32 bytes leftover after parsing attributes in process `syz.7.4276'. [ 1481.058454][T17760] Bluetooth: hci3: command 0x0406 tx timeout [ 1484.430510][T19113] loop1: detected capacity change from 0 to 1024 [ 1484.500107][ T796] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 1484.682734][T19113] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1484.792715][ T796] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 1484.804591][ T796] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 1484.832216][ T796] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1484.841910][ T796] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1485.036040][T19114] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1485.561684][T19123] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4297'. [ 1485.587381][T16421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1486.578927][ T796] aiptek 7-1:17.0: Aiptek using 400 ms programming speed [ 1486.640333][ T796] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input53 [ 1487.000938][ C1] aiptek 7-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 1487.009561][ T796] usb 7-1: USB disconnect, device number 19 [ 1487.961262][T19146] loop3: detected capacity change from 0 to 1024 [ 1488.076573][T19146] ext4: Unknown parameter 'fsmagic' [ 1491.324788][T19170] loop3: detected capacity change from 0 to 128 [ 1491.630323][T19170] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1491.723102][T19170] ext4 filesystem being mounted at /483/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1492.713789][T19183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4316'. [ 1492.814849][T12247] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1494.651795][T19199] loop6: detected capacity change from 0 to 2048 [ 1494.748932][T19199] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1494.825005][T19199] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1494.995605][ T796] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 1495.244086][ T796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1495.255749][ T796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1495.269423][ T796] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1495.279908][ T796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1495.532638][ T796] usb 2-1: config 0 descriptor?? [ 1496.217731][ T796] cp2112 0003:10C4:EA90.0039: unknown main item tag 0x0 [ 1496.311949][ T796] cp2112 0003:10C4:EA90.0039: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 1496.459073][ T796] cp2112 0003:10C4:EA90.0039: Part Number: 0x1A Device Version: 0xC4 [ 1497.063691][T19224] batadv_slave_1: entered promiscuous mode [ 1497.080188][ T796] cp2112 0003:10C4:EA90.0039: error reading lock byte: -71 [ 1497.161179][T19223] batadv_slave_1: left promiscuous mode [ 1497.252419][ T796] usb 2-1: USB disconnect, device number 20 [ 1497.810282][T19222] fido_id[19222]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1500.180201][ T796] IPVS: starting estimator thread 0... [ 1500.206048][T19251] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 1500.276234][T19256] IPVS: using max 192 ests per chain, 9600 per kthread [ 1501.129737][T19263] loop3: detected capacity change from 0 to 1024 [ 1501.310691][T19263] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1502.146353][T19279] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4343'. [ 1502.469046][T19282] loop1: detected capacity change from 0 to 128 [ 1502.536264][ T30] audit: type=1326 audit(2000000247.280:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19280 comm="syz.3.4344" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x0 [ 1502.742117][T19282] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1502.833179][T19282] ext4 filesystem being mounted at /173/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1503.581160][T16421] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1504.172564][T19306] XFS (nbd0): SB validate failed with error -5. [ 1504.327353][ T796] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 1504.574350][ T796] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1504.602142][ T796] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1504.620695][ T796] usb 2-1: Product: syz [ 1504.625166][ T796] usb 2-1: Manufacturer: syz [ 1504.630142][ T796] usb 2-1: SerialNumber: syz [ 1504.815648][ T796] usb 2-1: config 0 descriptor?? [ 1505.108835][ T796] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1505.982401][ T796] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1506.063511][ T796] usb 2-1: USB disconnect, device number 21 [ 1508.020615][ T30] audit: type=1326 audit(2000000252.760:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19350 comm="syz.0.4365" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x0 [ 1508.505678][T19360] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4368'. [ 1508.679568][T19360] tipc: Started in network mode [ 1508.684745][T19360] tipc: Node identity ac14140f, cluster identity 4711 [ 1508.751129][T19360] tipc: New replicast peer: 255.255.255.255 [ 1508.759149][T19360] tipc: Enabled bearer , priority 10 [ 1509.074830][T19364] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4370'. [ 1509.875652][ T5838] tipc: Node number set to 2886997007 [ 1512.135830][T19404] fuse: Bad value for 'fd' [ 1513.108248][T19418] loop1: detected capacity change from 0 to 512 [ 1513.171870][T19418] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1513.179928][T19418] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1513.341668][T19418] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.4386: bad orphan inode 131083 [ 1513.500316][T19418] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1513.840835][T19413] loop3: detected capacity change from 0 to 8192 [ 1514.029307][T19426] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4389'. [ 1514.083625][T16421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1514.181025][T19426] netlink: 'syz.6.4389': attribute type 1 has an invalid length. [ 1514.189732][T19426] netlink: 'syz.6.4389': attribute type 2 has an invalid length. [ 1515.829469][T19443] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4395'. [ 1518.771657][T19471] schedule_timeout: wrong timeout value fffffffffffffff6 [ 1518.779445][T19471] CPU: 1 UID: 0 PID: 19471 Comm: vivid-003-sdr-c Tainted: G L syzkaller #0 PREEMPT(voluntary) [ 1518.779654][T19471] Tainted: [L]=SOFTLOCKUP [ 1518.779732][T19471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1518.779829][T19471] Call Trace: [ 1518.779886][T19471] [ 1518.779942][T19471] __dump_stack+0x26/0x30 [ 1518.780123][T19471] dump_stack_lvl+0x14c/0x1c0 [ 1518.780309][T19471] dump_stack+0x1e/0x25 [ 1518.780475][T19471] schedule_timeout+0x1d2/0x240 [ 1518.780637][T19471] ? kthread_should_stop+0xd7/0x140 [ 1518.780802][T19471] vivid_thread_sdr_cap+0x12cc/0x1740 [ 1518.781041][T19471] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1518.781256][T19471] kthread+0xd5a/0xf00 [ 1518.781412][T19471] ? __pfx_vivid_thread_sdr_cap+0x10/0x10 [ 1518.781647][T19471] ? __pfx_kthread+0x10/0x10 [ 1518.781807][T19471] ret_from_fork+0x207/0x6f0 [ 1518.781953][T19471] ? __switch_to+0x521/0x750 [ 1518.782130][T19471] ? __pfx_kthread+0x10/0x10 [ 1518.782296][T19471] ret_from_fork_asm+0x1a/0x30 [ 1518.782512][T19471] [ 1519.105034][T19471] schedule_timeout: wrong timeout value fffffffffffffff6 [ 1519.113815][T19471] CPU: 0 UID: 0 PID: 19471 Comm: vivid-003-sdr-c Tainted: G L syzkaller #0 PREEMPT(voluntary) [ 1519.114017][T19471] Tainted: [L]=SOFTLOCKUP [ 1519.114075][T19471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1519.114161][T19471] Call Trace: [ 1519.114216][T19471] [ 1519.114271][T19471] __dump_stack+0x26/0x30 [ 1519.114451][T19471] dump_stack_lvl+0x14c/0x1c0 [ 1519.114628][T19471] dump_stack+0x1e/0x25 [ 1519.114788][T19471] schedule_timeout+0x1d2/0x240 [ 1519.114949][T19471] ? kthread_should_stop+0xd7/0x140 [ 1519.115132][T19471] vivid_thread_sdr_cap+0x12cc/0x1740 [ 1519.115360][T19471] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1519.115591][T19471] kthread+0xd5a/0xf00 [ 1519.115758][T19471] ? __pfx_vivid_thread_sdr_cap+0x10/0x10 [ 1519.116008][T19471] ? __pfx_kthread+0x10/0x10 [ 1519.116179][T19471] ret_from_fork+0x207/0x6f0 [ 1519.116334][T19471] ? __switch_to+0x521/0x750 [ 1519.116512][T19471] ? __pfx_kthread+0x10/0x10 [ 1519.116682][T19471] ret_from_fork_asm+0x1a/0x30 [ 1519.116929][T19471] [ 1520.124869][T19488] netlink: 'syz.3.4410': attribute type 10 has an invalid length. [ 1520.318760][T19488] 8021q: adding VLAN 0 to HW filter on device team0 [ 1520.493668][T19488] team0: entered promiscuous mode [ 1520.500444][T19488] team_slave_0: entered promiscuous mode [ 1520.510511][T19488] team_slave_1: entered promiscuous mode [ 1520.518639][T19488] team0: entered allmulticast mode [ 1520.523974][T19488] team_slave_0: entered allmulticast mode [ 1520.530062][T19488] team_slave_1: entered allmulticast mode [ 1520.724458][T19488] bond0: (slave team0): Enslaving as an active interface with an up link [ 1522.616122][T19514] loop7: detected capacity change from 0 to 128 [ 1523.150113][T19514] syz.7.4417: attempt to access beyond end of device [ 1523.150113][T19514] loop7: rw=2049, sector=138, nr_sectors = 2 limit=128 [ 1524.480996][T19540] loop6: detected capacity change from 0 to 128 [ 1524.537537][T19540] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256 [ 1524.804401][T19540] UDF-fs: error (device loop6): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 1525.107375][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1526.033547][ T5838] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1526.275759][ T5838] usb 4-1: Using ep0 maxpacket: 32 [ 1526.344189][ T5838] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 1526.354474][ T5838] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1526.366613][ T5838] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1526.445964][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1526.458819][ T5838] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1526.468986][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 1526.480538][ T5838] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1526.494973][ T5838] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1526.511355][ T5838] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1526.524100][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1526.799045][ T5838] usb 4-1: config 0 descriptor?? [ 1526.863701][T19551] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1527.260549][ T5838] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 31 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1527.489124][ C0] usblp0: nonzero read bulk status received: -71 [ 1527.499806][ T5838] usb 4-1: USB disconnect, device number 31 [ 1527.721698][T19550] usblp0: removed [ 1529.190979][T19585] netlink: 'syz.6.4442': attribute type 10 has an invalid length. [ 1530.086565][T19598] loop3: detected capacity change from 0 to 512 [ 1530.248100][T19598] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1530.365249][T19598] ext4 filesystem being mounted at /510/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1531.218976][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1532.165973][ T796] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1532.388584][ T796] usb 4-1: Using ep0 maxpacket: 8 [ 1532.447347][ T796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1532.459080][ T796] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1532.468616][ T796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1532.560356][ T796] usb 4-1: config 0 descriptor?? [ 1532.941040][ T796] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1533.410259][ T796] usb 4-1: USB disconnect, device number 32 [ 1534.885630][ T796] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1535.067773][ T5840] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1535.124228][ T796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1535.135889][ T796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1535.146134][ T796] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1535.155531][ T796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1535.316998][ T5840] usb 4-1: Using ep0 maxpacket: 8 [ 1535.345778][ T796] usb 2-1: config 0 descriptor?? [ 1535.352374][ T5840] usb 4-1: config 0 has no interfaces? [ 1535.358640][ T5840] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1535.368342][ T5840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1535.469944][ T5840] usb 4-1: config 0 descriptor?? [ 1535.778838][ T5838] usb 4-1: USB disconnect, device number 33 [ 1535.910622][ T796] cp2112 0003:10C4:EA90.003A: unknown main item tag 0x0 [ 1535.972164][ T796] cp2112 0003:10C4:EA90.003A: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 1536.106200][ T796] cp2112 0003:10C4:EA90.003A: Part Number: 0x00 Device Version: 0x4D [ 1536.551670][ T796] cp2112 0003:10C4:EA90.003A: error setting SMBus config [ 1536.586987][ T796] cp2112 0003:10C4:EA90.003A: probe with driver cp2112 failed with error -71 [ 1536.693805][ T796] usb 2-1: USB disconnect, device number 22 [ 1536.965211][T19669] fido_id[19669]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1537.027831][T19672] new mount options do not match the existing superblock, will be ignored [ 1539.971651][T19699] loop1: detected capacity change from 0 to 32768 [ 1540.162493][T19699] JBD2: Ignoring recovery information on journal [ 1540.352300][T19699] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1540.418053][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1540.660411][T16421] ocfs2: Unmounting device (7,1) on (node local) [ 1544.691824][T19778] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4486'. [ 1547.830107][ T5838] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 1548.128325][ T5838] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1548.138321][ T5838] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1548.270123][ T5838] usb 7-1: config 0 descriptor?? [ 1548.362946][ T5838] cp210x 7-1:0.0: cp210x converter detected [ 1548.809555][ T5838] cp210x 7-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 1548.877967][ T5838] usb 7-1: cp210x converter now attached to ttyUSB0 [ 1549.091292][ T5840] usb 7-1: USB disconnect, device number 20 [ 1549.154818][ T5840] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1549.249320][ T5840] cp210x 7-1:0.0: device disconnected [ 1549.605695][ T5838] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1549.815890][ T5838] usb 4-1: Using ep0 maxpacket: 16 [ 1549.859502][ T5838] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1549.871527][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1549.988399][ T5838] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1549.998047][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1550.009466][ T5838] usb 4-1: Product: syz [ 1550.013863][ T5838] usb 4-1: Manufacturer: syz [ 1550.019038][ T5838] usb 4-1: SerialNumber: syz [ 1550.154376][ T5838] usb 4-1: config 0 descriptor?? [ 1550.280743][ T5838] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1550.290576][ T5838] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 1550.854771][T19853] dvmrp0: entered allmulticast mode [ 1550.928676][ T5838] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 1550.984151][ T5838] em28xx 4-1:0.0: Config register raw data: 0xea [ 1550.991070][ T5838] em28xx 4-1:0.0: I2S Audio (1 sample rate(s)) [ 1551.000402][ T5838] em28xx 4-1:0.0: No AC97 audio processor [ 1551.474649][ T5838] usb 4-1: USB disconnect, device number 34 [ 1554.908429][T19902] loop1: detected capacity change from 0 to 256 [ 1555.099649][T19902] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1555.322731][T19902] exFAT-fs (loop1): valid_size(150994954) is greater than size(10) [ 1555.499148][ T30] audit: type=1800 audit(2000000300.250:283): pid=19909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4528" name="file1" dev="loop1" ino=1048803 res=0 errno=0 [ 1559.109577][ T5838] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1559.320796][ T796] usb 8-1: new high-speed USB device number 36 using dummy_hcd [ 1559.346962][T19949] loop1: detected capacity change from 0 to 4096 [ 1559.377085][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1559.388793][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1559.401982][ T5838] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1559.411486][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1559.458897][T19949] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 1559.536248][ T796] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1559.547668][ T796] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1559.557105][ T796] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1559.620248][ T5838] usb 4-1: config 0 descriptor?? [ 1559.738853][ T796] usb 8-1: config 0 descriptor?? [ 1560.197033][ T5838] cp2112 0003:10C4:EA90.003B: unknown main item tag 0x0 [ 1560.304417][ T796] keytouch 0003:0926:3333.003C: fixing up Keytouch IEC report descriptor [ 1560.391847][ T5838] cp2112 0003:10C4:EA90.003B: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 1560.500835][ T796] input: HID 0926:3333 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0926:3333.003C/input/input54 [ 1560.548361][ T5838] cp2112 0003:10C4:EA90.003B: Part Number: 0x00 Device Version: 0x4D [ 1560.890559][ T796] keytouch 0003:0926:3333.003C: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.7-1/input0 [ 1561.011953][ T5838] cp2112 0003:10C4:EA90.003B: error setting SMBus config [ 1561.183911][ T5838] cp2112 0003:10C4:EA90.003B: probe with driver cp2112 failed with error -71 [ 1561.442557][ T5838] usb 4-1: USB disconnect, device number 35 [ 1562.452231][T19967] fido_id[19967]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1562.792713][T19976] loop6: detected capacity change from 0 to 2048 [ 1562.974924][T19976] UDF-fs: error (device loop6): udf_process_sequence: Primary Volume Descriptor not found! [ 1563.136841][T19976] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1563.537777][ T5838] usb 8-1: USB disconnect, device number 36 [ 1564.316969][T19986] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4553'. [ 1564.370228][T19986] netlink: 190 bytes leftover after parsing attributes in process `syz.7.4553'. [ 1568.501922][T20043] loop7: detected capacity change from 0 to 512 [ 1568.852442][T20043] EXT4-fs (loop7): 1 orphan inode deleted [ 1568.876572][ T6024] Quota error (device loop7): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1568.890960][ T6024] EXT4-fs error (device loop7): ext4_release_dquot:7022: comm kworker/u8:12: Failed to release dquot type 1 [ 1568.921236][T20043] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1569.084730][T20043] ext4 filesystem being mounted at /729/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1569.682088][T20063] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4578'. [ 1569.762929][ T8656] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1569.983823][T20069] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4579'. [ 1574.520434][ T796] hid-generic 0000:0000:0000.003D: unknown main item tag 0x0 [ 1574.575572][ T796] hid-generic 0000:0000:0000.003D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1574.631698][T20126] loop1: detected capacity change from 0 to 1024 [ 1575.326908][T19764] hfsplus: b-tree write err: -5, ino 4 [ 1575.600442][T20129] fido_id[20129]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1576.956598][T20154] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4612'. [ 1578.113994][T20165] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4616'. [ 1578.118228][ T5838] usb 8-1: new high-speed USB device number 37 using dummy_hcd [ 1578.369583][ T5838] usb 8-1: Using ep0 maxpacket: 32 [ 1578.419059][ T5838] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1578.433503][ T5838] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1578.443832][ T5838] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1578.453220][ T5838] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1578.602661][ T5838] usb 8-1: config 0 descriptor?? [ 1578.737114][ T5838] hub 8-1:0.0: USB hub found [ 1578.979697][ T5838] hub 8-1:0.0: config failed, can't read hub descriptor (err -22) [ 1579.352476][ T5838] hid-generic 0003:046D:C31C.003E: item fetching failed at offset 0/1 [ 1579.387130][T20183] loop1: detected capacity change from 0 to 64 [ 1579.430593][ T5838] hid-generic 0003:046D:C31C.003E: probe with driver hid-generic failed with error -22 [ 1579.670355][ T5838] usb 8-1: USB disconnect, device number 37 [ 1580.259512][T20192] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4623'. [ 1580.259512][T20193] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4624'. [ 1580.632432][T20193] hsr_slave_1 (unregistering): left promiscuous mode [ 1580.951473][T20197] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4626'. [ 1582.842075][T20222] SQUASHFS error: Failed to read block 0x0: -5 [ 1584.045091][T20240] loop1: detected capacity change from 0 to 128 [ 1585.493214][T20254] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4646'. [ 1586.568134][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1587.661130][ T30] audit: type=1326 audit(2000000332.420:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20272 comm="syz.0.4653" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7fc00000 [ 1588.088819][ T30] audit: type=1326 audit(2000000332.850:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20272 comm="syz.0.4653" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f47539 code=0x7fc00000 [ 1588.253839][ T30] audit: type=1326 audit(2000000332.850:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20272 comm="syz.0.4653" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7fc00000 [ 1589.099230][T20291] 8021q: adding VLAN 0 to HW filter on device team0 [ 1589.232891][T20291] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1590.225836][T11361] usb 8-1: new high-speed USB device number 38 using dummy_hcd [ 1590.425841][T11361] usb 8-1: Using ep0 maxpacket: 16 [ 1590.492773][T11361] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1590.509923][T11361] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1590.523585][T11361] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1590.533100][T11361] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1590.594880][T11361] usb 8-1: config 0 descriptor?? [ 1591.214100][T11361] HID 045e:07da: Invalid code 65791 type 1 [ 1591.394824][T11361] input: HID 045e:07da as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:045E:07DA.003F/input/input56 [ 1591.450576][T20325] fuse: Bad value for 'fd' [ 1591.536014][T11361] microsoft 0003:045E:07DA.003F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0 [ 1592.253501][T11361] usb 8-1: USB disconnect, device number 38 [ 1592.573577][ T30] audit: type=1326 audit(2000000337.330:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.1.4670" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7fc00000 [ 1593.016016][ T30] audit: type=1326 audit(2000000337.760:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.1.4670" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf749d539 code=0x7fc00000 [ 1593.043351][T20332] fido_id[20332]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory [ 1593.059525][ T30] audit: type=1326 audit(2000000337.760:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.1.4670" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7fc00000 [ 1594.963543][T20358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1595.032525][T20358] 8021q: adding VLAN 0 to HW filter on device team0 [ 1595.174041][T20358] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1595.480645][T20369] loop3: detected capacity change from 0 to 1024 [ 1595.659406][T20369] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1595.907521][T20369] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 1596.137807][T20369] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 1596.150632][T20369] EXT4-fs (loop3): This should not happen!! Data will be lost [ 1596.150632][T20369] [ 1596.160683][T20369] EXT4-fs (loop3): Total free blocks count 0 [ 1596.167021][T20369] EXT4-fs (loop3): Free/Dirty block details [ 1596.173119][T20369] EXT4-fs (loop3): free_blocks=20480 [ 1596.178965][T20369] EXT4-fs (loop3): dirty_blocks=16 [ 1596.184258][T20369] EXT4-fs (loop3): Block reservation details [ 1596.190542][T20369] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 1596.366586][T20379] fuse: Bad value for 'fd' [ 1596.421275][T20383] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4684'. [ 1596.490227][T20383] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4684'. [ 1596.604335][T20385] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4684'. [ 1596.708712][T20383] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4684'. [ 1596.792858][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1597.473342][T20391] loop7: detected capacity change from 0 to 1024 [ 1600.374358][T20431] loop3: detected capacity change from 0 to 1024 [ 1600.580886][T20431] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1601.014617][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1601.727975][T20445] ------------[ cut here ]------------ [ 1601.733764][T20445] WARNING: fs/exec.c:119 at path_noexec+0x2ac/0x310, CPU#1: syz.0.4706/20445 [ 1601.743221][T20445] Modules linked in: [ 1601.747749][T20445] CPU: 1 UID: 0 PID: 20445 Comm: syz.0.4706 Tainted: G L syzkaller #0 PREEMPT(voluntary) [ 1601.763797][T20445] Tainted: [L]=SOFTLOCKUP [ 1601.769589][T20445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1601.780261][T20445] RIP: 0010:path_noexec+0x2ac/0x310 [ 1601.785852][T20445] Code: 49 89 ff 8b 7d d4 e8 d3 22 e2 ff 4c 89 ff e9 c8 fe ff ff 44 89 e7 e8 c3 22 e2 ff 4d 85 ed 0f 85 a3 fe ff ff e8 c5 6a 3b ff 90 <0f> 0b 90 48 8b 7d c0 4c 8b 37 e8 b5 17 e2 ff 48 8b 00 48 89 45 c8 [ 1601.806058][T20445] RSP: 0018:ffff8880400d7b80 EFLAGS: 00010283 [ 1601.812499][T20445] RAX: ffffffff82bdd86b RBX: ffff888050814e10 RCX: 0000000000080000 [ 1601.820822][T20445] RDX: ffffc9000c411000 RSI: 000000000000005c RDI: 000000000000005d [ 1601.829122][T20445] RBP: ffff8880400d7bc0 R08: ffffea000000000f R09: 0000000000000003 [ 1601.837715][T20445] R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000000 [ 1601.846019][T20445] R13: 0000000000000000 R14: ffff8881405ca620 R15: 0000000000000000 [ 1601.854214][T20445] FS: 0000000000000000(0000) GS:ffff8881aabc9000(0063) knlGS:00000000f5406b40 [ 1601.869771][T20445] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1601.878474][T20445] CR2: 00000000f7fc55b8 CR3: 00000000139e2000 CR4: 00000000003526f0 [ 1601.886793][T20445] Call Trace: [ 1601.890247][T20445] [ 1601.893409][T20445] do_mmap+0x1572/0x1d70 [ 1601.898099][T20445] vm_mmap_pgoff+0x40c/0x760 [ 1601.903043][T20445] ksys_mmap_pgoff+0x51c/0x7d0 [ 1601.908248][T20445] __ia32_sys_mmap_pgoff+0x11a/0x1d0 [ 1601.913860][T20445] ia32_sys_call+0x19c7/0x4340 [ 1601.919040][T20445] __do_fast_syscall_32+0x14a/0x310 [ 1601.924564][T20445] do_fast_syscall_32+0x37/0x80 [ 1601.929834][T20445] do_SYSENTER_32+0x1f/0x30 [ 1601.934636][T20445] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1601.941443][T20445] RIP: 0023:0xf7f47539 [ 1601.945853][T20445] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1601.970192][T20445] RSP: 002b:00000000f540650c EFLAGS: 00000206 ORIG_RAX: 00000000000000c0 [ 1601.986530][T20445] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000003000 [ 1601.994759][T20445] RDX: 0000000003000007 RSI: 0000000000000011 RDI: 0000000000000005 [ 1602.003280][T20445] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1602.011559][T20445] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1602.019884][T20445] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1602.028198][T20445] [ 1602.031383][T20445] ---[ end trace 0000000000000000 ]--- [ 1602.423021][T20450] loop3: detected capacity change from 0 to 1024 [ 1602.690288][T20450] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 1602.914945][T20450] ext4 filesystem being mounted at /561/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1603.154943][T20450] EXT4-fs error (device loop3): ext4_free_blocks:6728: comm syz.3.4704: Freeing blocks not in datazone - block = 0, count = 16 [ 1603.367276][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 1603.373823][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 1603.382466][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 1603.389127][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 1603.614792][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 1603.659187][ T5840] libceph: connect (1)[c::]:6789 error -101 [ 1603.713392][ T5840] libceph: mon0 (1)[c::]:6789 connect error [ 1603.979833][T20462] ceph: No mds server is up or the cluster is laggy [ 1604.221013][T20474] loop7: detected capacity change from 0 to 512 [ 1604.271529][T20474] EXT4-fs: inline encryption not supported [ 1604.348852][T20474] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 1604.480170][T20474] EXT4-fs (loop7): 1 truncate cleaned up [ 1604.588591][T20474] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1605.127864][ T8656] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1606.019682][T20498] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4721'. [ 1606.078763][T20498] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4721'. [ 1608.653043][T20530] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4730'. [ 1608.976157][T17760] Bluetooth: hci5: command 0x1003 tx timeout [ 1608.977168][T10244] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1612.731554][T20586] input: syz1 as /devices/virtual/input/input57 [ 1614.303993][T20608] loop1: detected capacity change from 0 to 64 [ 1615.328014][T20615] loop7: detected capacity change from 0 to 128 [ 1615.573229][T20615] syz.7.4757: attempt to access beyond end of device [ 1615.573229][T20615] loop7: rw=2049, sector=154, nr_sectors = 8 limit=128 [ 1615.686461][T20615] syz.7.4757: attempt to access beyond end of device [ 1615.686461][T20615] loop7: rw=8390657, sector=160, nr_sectors = 2 limit=128 [ 1615.700895][T20615] Buffer I/O error on dev loop7, logical block 80, lost async page write [ 1615.821748][T20615] syz.7.4757: attempt to access beyond end of device [ 1615.821748][T20615] loop7: rw=8388608, sector=154, nr_sectors = 2 limit=128 [ 1618.293514][ T30] audit: type=1326 audit(2000000363.050:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20660 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1618.404891][ T30] audit: type=1326 audit(2000000363.120:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20660 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1618.431052][ T30] audit: type=1326 audit(2000000363.120:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20660 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1618.454277][ T30] audit: type=1326 audit(2000000363.120:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20660 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1618.479765][ T30] audit: type=1326 audit(2000000363.120:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20660 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1618.502750][ T30] audit: type=1326 audit(2000000363.130:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20660 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1618.528268][ T30] audit: type=1326 audit(2000000363.130:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20660 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1618.551697][ T30] audit: type=1326 audit(2000000363.130:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20660 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1618.577264][ T30] audit: type=1326 audit(2000000363.130:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20660 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1618.599773][ T30] audit: type=1326 audit(2000000363.130:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20660 comm="syz.1.4770" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d539 code=0x7ffc0000 [ 1621.031791][T20694] loop1: detected capacity change from 0 to 2048 [ 1621.206940][T20694] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1621.550051][T20709] fuse: Bad value for 'fd' [ 1621.582487][T20691] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 1621.636400][T20691] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 28 [ 1621.649380][T20691] EXT4-fs (loop1): This should not happen!! Data will be lost [ 1621.649380][T20691] [ 1621.659580][T20691] EXT4-fs (loop1): Total free blocks count 0 [ 1621.666027][T20691] EXT4-fs (loop1): Free/Dirty block details [ 1621.672131][T20691] EXT4-fs (loop1): free_blocks=66060288 [ 1621.678148][T20691] EXT4-fs (loop1): dirty_blocks=16 [ 1621.683459][T20691] EXT4-fs (loop1): Block reservation details [ 1621.689742][T20691] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 1622.161383][T16421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1624.170696][T20735] loop3: detected capacity change from 0 to 256 [ 1624.229033][T20735] exfat: Deprecated parameter 'utf8' [ 1624.234679][T20735] exfat: Deprecated parameter 'utf8' [ 1624.390681][T20735] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xd67973f8, utbl_chksum : 0xe619d30d) [ 1625.230123][T20744] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4794'. [ 1625.239593][T20744] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4794'. [ 1627.697048][T20774] loop1: detected capacity change from 0 to 2048 [ 1627.942979][T20774] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1628.063723][T20783] loop7: detected capacity change from 0 to 256 [ 1628.553205][T16421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1629.301985][T20794] loop3: detected capacity change from 0 to 1024 [ 1631.221981][T20821] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4819'. [ 1631.328662][T20821] hsr_slave_0: left promiscuous mode [ 1631.431102][T20821] hsr_slave_1: left promiscuous mode [ 1633.130710][T20842] input: syz1 as /devices/virtual/input/input58 [ 1633.591982][T20838] loop3: detected capacity change from 0 to 4096 [ 1636.625891][T11361] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 1636.850514][T20883] loop7: detected capacity change from 0 to 512 [ 1636.916391][T11361] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1636.927285][T11361] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1637.012475][T20886] Invalid ELF header magic: != ELF [ 1637.042048][T20883] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1637.153219][T20883] ext4 filesystem being mounted at /772/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1637.167840][T11361] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1637.180200][T11361] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1637.189232][T11361] usb 2-1: Product: syz [ 1637.193687][T11361] usb 2-1: Manufacturer: syz [ 1637.198646][T11361] usb 2-1: SerialNumber: syz [ 1637.649075][T11361] usb 2-1: 0:2 : does not exist [ 1637.816876][T11361] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 1638.058675][ T8656] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1638.096525][T11361] usb 2-1: USB disconnect, device number 23 [ 1638.204738][ T6046] udevd[6046]: setting owner of /dev/bus/usb/002/023 to uid=0, gid=0 failed: No such file or directory [ 1638.837275][T20901] openvswitch: netlink: VXLAN extension message has 249 unknown bytes. [ 1638.964935][T20904] loop7: detected capacity change from 0 to 64 [ 1639.060369][ T5959] udevd[5959]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1639.414184][T20904] Trying to free block not in datazone [ 1640.520790][T20927] syz.0.4852(20927): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1640.607730][T20926] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4854'. [ 1640.657763][T20929] loop1: detected capacity change from 0 to 128 [ 1640.753532][T20926] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4854'. [ 1640.811179][T20929] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1640.905479][T20929] ext4 filesystem being mounted at /272/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1641.810944][T16421] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1642.422723][T20949] loop3: detected capacity change from 0 to 256 [ 1642.519027][T20949] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 1642.623024][T20949] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 1642.633150][T20949] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 1642.644654][T20949] UDF-fs: Scanning with blocksize 512 failed [ 1642.869754][T20949] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 1643.017144][T10753] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1643.060219][T20949] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1643.305561][T10753] usb 2-1: Using ep0 maxpacket: 8 [ 1643.357332][T10753] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1643.388361][T10753] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1643.399029][T10753] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1643.409186][T10753] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1643.419590][T10753] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1643.436261][T10753] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1643.446850][T10753] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1644.070237][T10753] usb 2-1: usb_control_msg returned -32 [ 1644.077344][T10753] usbtmc 2-1:16.0: can't read capabilities [ 1644.492402][T10753] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1644.535981][T20970] loop7: detected capacity change from 0 to 64 [ 1644.735779][T10753] usb 4-1: Using ep0 maxpacket: 32 [ 1644.745120][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 1644.755528][ T30] audit: type=1800 audit(2000000645.491:307): pid=20970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4867" name="file1" dev="loop7" ino=22 res=0 errno=0 [ 1644.778683][T10753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1644.778847][T10753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1644.779044][T10753] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1644.779185][T10753] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1644.802621][T10753] usb 4-1: config 0 descriptor?? [ 1644.832818][T20970] syz.7.4867: attempt to access beyond end of device [ 1644.832818][T20970] loop7: rw=34817, sector=39, nr_sectors = 30 limit=64 [ 1644.916332][T20970] syz.7.4867: attempt to access beyond end of device [ 1644.916332][T20970] loop7: rw=34817, sector=72, nr_sectors = 2 limit=64 [ 1644.994296][T20970] syz.7.4867: attempt to access beyond end of device [ 1644.994296][T20970] loop7: rw=34817, sector=76, nr_sectors = 96 limit=64 [ 1645.043504][T10753] hub 4-1:0.0: USB hub found [ 1645.241739][T10753] hub 4-1:0.0: 1 port detected [ 1645.471928][T20980] fuse: Bad value for 'fd' [ 1645.914532][T10753] hub 4-1:0.0: activate --> -90 [ 1646.340562][ T5840] usb 4-1: USB disconnect, device number 36 [ 1646.349309][T10753] usb 4-1-port1: config error [ 1646.584919][T20519] usb 2-1: USB disconnect, device number 24 [ 1647.627056][T21003] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4877'. [ 1647.761036][T21004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4877'. [ 1647.969799][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1652.817798][T21062] netlink: 'syz.7.4896': attribute type 16 has an invalid length. [ 1652.826029][T21062] netlink: 'syz.7.4896': attribute type 17 has an invalid length. [ 1653.101110][T21062] gre0: left promiscuous mode [ 1653.106540][T21062] gre0: left allmulticast mode [ 1653.630865][T21062] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1653.918737][ T30] audit: type=1800 audit(2000000906.680:308): pid=21074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4900" name="file1" dev="tmpfs" ino=1023 res=0 errno=0 [ 1654.825108][T21082] netlink: 'syz.6.4903': attribute type 8 has an invalid length. [ 1654.833412][T21082] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4903'. [ 1655.029924][T21082] bond0: entered promiscuous mode [ 1655.037095][T21082] bond_slave_0: entered promiscuous mode [ 1655.047888][T21082] bond_slave_1: entered promiscuous mode [ 1655.189358][T21082] gretap0: entered promiscuous mode [ 1655.262524][T21082] ipvlan0: entered promiscuous mode [ 1655.336419][T21082] ipvlan0: left promiscuous mode [ 1655.343183][T21082] bond0: left promiscuous mode [ 1655.348652][T21082] bond_slave_0: left promiscuous mode [ 1655.356932][T21082] bond_slave_1: left promiscuous mode [ 1655.433696][T21082] gretap0: left promiscuous mode [ 1658.659155][ T30] audit: type=1326 audit(2000000911.410:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21105 comm="syz.7.4911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7fc00000 [ 1658.684514][ T30] audit: type=1326 audit(2000000911.410:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21105 comm="syz.7.4911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fd5539 code=0x7fc00000 [ 1658.710608][ T30] audit: type=1326 audit(2000000911.410:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21105 comm="syz.7.4911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7fc00000 [ 1658.733371][ T30] audit: type=1326 audit(2000000911.410:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21105 comm="syz.7.4911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7fc00000 [ 1658.758771][ T30] audit: type=1326 audit(2000000911.410:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21105 comm="syz.7.4911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7fc00000 [ 1658.781264][ T30] audit: type=1326 audit(2000000911.410:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21105 comm="syz.7.4911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7fc00000 [ 1658.807917][ T30] audit: type=1326 audit(2000000911.410:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21105 comm="syz.7.4911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7fc00000 [ 1658.830542][ T30] audit: type=1326 audit(2000000911.410:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21105 comm="syz.7.4911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7fc00000 [ 1658.856043][ T30] audit: type=1326 audit(2000000911.410:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21105 comm="syz.7.4911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7fc00000 [ 1658.928193][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1658.928281][ T30] audit: type=1326 audit(2000000911.410:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21105 comm="syz.7.4911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7fc00000 [ 1659.274221][T21120] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4915'. [ 1659.286882][T21120] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4915'. [ 1661.056717][T21136] loop3: detected capacity change from 0 to 512 [ 1662.391518][T21150] loop3: detected capacity change from 0 to 256 [ 1662.459948][T21150] exfat: Deprecated parameter 'namecase' [ 1662.704469][T21150] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x8ce3369d, utbl_chksum : 0xe619d30d) [ 1663.263537][T21159] loop1: detected capacity change from 0 to 64 [ 1663.883889][T21164] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4930'. [ 1664.201660][T21162] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1666.280831][T21188] loop3: detected capacity change from 0 to 128 [ 1667.158300][T20519] IPVS: starting estimator thread 0... [ 1667.256563][T21198] IPVS: using max 240 ests per chain, 12000 per kthread [ 1667.478203][T19764] kworker/u8:40: attempt to access beyond end of device [ 1667.478203][T19764] loop3: rw=1, sector=145, nr_sectors = 864 limit=128 [ 1671.365915][T21240] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1671.395942][T20519] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1671.418950][T21240] overlayfs: failed to set xattr on upper [ 1671.424958][T21240] overlayfs: ...falling back to redirect_dir=nofollow. [ 1671.432523][T21240] overlayfs: ...falling back to index=off. [ 1671.438719][T21240] overlayfs: ...falling back to xino=off. [ 1671.444623][T21240] overlayfs: maximum fs stacking depth exceeded [ 1671.628314][T20519] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1671.640407][T20519] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1671.756566][T20519] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1671.766323][T20519] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1671.774562][T20519] usb 2-1: Manufacturer: syz [ 1671.889079][T20519] usb 2-1: config 0 descriptor?? [ 1673.105167][T20519] uclogic 0003:256C:006D.0040: v1 frame probing failed: -71 [ 1673.113481][T20519] uclogic 0003:256C:006D.0040: failed probing parameters: -71 [ 1673.121805][T20519] uclogic 0003:256C:006D.0040: probe with driver uclogic failed with error -71 [ 1673.282868][T20519] usb 2-1: USB disconnect, device number 25 [ 1675.264895][T21285] fuse: Bad value for 'fd' [ 1676.897387][T21300] loop1: detected capacity change from 0 to 2048 [ 1677.065466][T21300] Alternate GPT is invalid, using primary GPT. [ 1677.072660][T21300] loop1: p1 p2 p3 [ 1677.076946][T21300] loop1: partition table partially beyond EOD, truncated [ 1679.303759][ T6036] udevd[6036]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 1679.390826][ T5959] udevd[5959]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 1680.077787][ T5959] udevd[5959]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 1681.751955][T21344] loop3: detected capacity change from 0 to 4096 [ 1681.962221][T21344] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1683.032611][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1683.097738][T21361] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4995'. [ 1683.228555][T21363] CUSE: unknown device info "" [ 1683.233706][T21363] CUSE: unknown device info "@" [ 1683.239694][T21363] CUSE: unknown device info "" [ 1683.244704][T21363] CUSE: DEVNAME unspecified [ 1684.028475][T21370] loop3: detected capacity change from 0 to 1024 [ 1684.327468][T21370] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1685.227008][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1688.689671][T21417] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5011'. [ 1688.733401][T21417] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5011'. [ 1688.803123][T21418] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5011'. [ 1689.364529][ T795] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 1689.652889][ T795] usb 2-1: New USB device found, idVendor=0565, idProduct=0003, bcdDevice=fb.88 [ 1689.665549][ T795] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1689.673785][ T795] usb 2-1: Product: syz [ 1689.679595][ T795] usb 2-1: Manufacturer: syz [ 1689.684395][ T795] usb 2-1: SerialNumber: syz [ 1689.840415][ T795] usb 2-1: config 0 descriptor?? [ 1689.971407][T21431] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5016'. [ 1690.161907][ T795] kaweth 2-1:0.0: Firmware present in device. [ 1690.351946][ T795] kaweth 2-1:0.0: Statistics collection: 0 [ 1690.361713][ T795] kaweth 2-1:0.0: Multicast filter limit: 0 [ 1690.368149][ T795] kaweth 2-1:0.0: MTU: 0 [ 1690.372608][ T795] kaweth 2-1:0.0: Read MAC address 00:00:00:00:00:00 [ 1690.666652][T21440] Invalid ELF header magic: != ELF [ 1691.098045][ T795] kaweth 2-1:0.0: kaweth interface created at eth17 [ 1691.224190][ T5840] usb 2-1: USB disconnect, device number 26 [ 1692.954021][T21461] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1693.005641][ T795] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1693.225923][ T795] usb 2-1: Using ep0 maxpacket: 16 [ 1693.317137][ T795] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1693.329906][ T795] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1693.340629][ T795] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1693.533475][ T795] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1693.546238][ T795] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1693.554563][ T795] usb 2-1: Product: syz [ 1693.559234][ T795] usb 2-1: Manufacturer: syz [ 1693.564078][ T795] usb 2-1: SerialNumber: syz [ 1694.242749][ T795] usb 2-1: 0:2 : does not exist [ 1695.144514][ T795] usb 2-1: USB disconnect, device number 27 [ 1695.388337][ T5959] udevd[5959]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1695.697244][T21491] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5037'. [ 1696.970146][T21504] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1697.269585][T21504] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1697.597654][T21504] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1698.001009][T21504] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1699.087689][ T1147] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1699.454556][T17062] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1699.743039][T17062] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1700.023895][T17042] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1702.085572][T10753] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 1702.976928][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804da48000: rx timeout, send abort [ 1703.379197][T21554] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5056'. [ 1703.485652][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804da48000: abort rx timeout. Force session deactivation [ 1704.621008][T21571] input: syz0 as /devices/virtual/input/input59 [ 1705.751933][T21589] netlink: 16178 bytes leftover after parsing attributes in process `syz.7.5067'. [ 1706.805065][T21604] loop1: detected capacity change from 0 to 512 [ 1706.879306][T21604] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1706.946236][ T5840] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1707.107912][T21604] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1707.146212][ T5840] usb 4-1: Using ep0 maxpacket: 8 [ 1707.170835][ T5840] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1707.205518][ T5840] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1707.216354][ T5840] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1707.226654][ T5840] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1707.241248][ T5840] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1707.254873][ T5840] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1707.264349][ T5840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1707.274195][T21604] ext4 filesystem being mounted at /306/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1707.473717][ T30] audit: type=1800 audit(2000000960.230:321): pid=21604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.5071" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 1707.830173][ T5840] usb 4-1: usb_control_msg returned -32 [ 1707.836689][ T5840] usbtmc 4-1:16.0: can't read capabilities [ 1708.032341][T16421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1708.677891][T21628] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 1708.894922][ T5840] usb 4-1: USB disconnect, device number 37 [ 1709.424650][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1709.864737][T21643] fuse: Bad value for 'fd' [ 1712.787409][ T5840] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 1713.010105][ T5840] usb 2-1: Using ep0 maxpacket: 32 [ 1713.058541][ T5840] usb 2-1: config 2 has an invalid interface number: 88 but max is 0 [ 1713.070285][ T5840] usb 2-1: config 2 has no interface number 0 [ 1713.106906][ T5840] usb 2-1: config 2 interface 88 has no altsetting 0 [ 1713.131477][ T5840] usb 2-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 1713.141356][ T5840] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1713.149936][ T5840] usb 2-1: Product: syz [ 1713.154357][ T5840] usb 2-1: Manufacturer: syz [ 1713.159345][ T5840] usb 2-1: SerialNumber: syz [ 1714.576132][ T30] audit: type=1326 audit(2000000967.330:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21707 comm="syz.3.5106" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf748d539 code=0x0 [ 1714.750868][ T5840] asix 2-1:2.88 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1714.813052][ T5840] asix 2-1:2.88: probe with driver asix failed with error -71 [ 1714.886289][ T5840] usb 2-1: USB disconnect, device number 29 [ 1715.784741][T21718] fuse: Bad value for 'fd' [ 1716.533546][T21730] overlayfs: failed to clone upperpath [ 1717.805129][T21743] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 1719.673891][T21764] loop7: detected capacity change from 0 to 1024 [ 1719.812898][T21764] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 1719.906367][T21764] ext4 filesystem being mounted at /827/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1720.193111][T21764] EXT4-fs error (device loop7): ext4_map_blocks:825: inode #15: block 3: comm syz.7.5123: lblock 3 mapped to illegal pblock 3 (length 3) [ 1720.300006][T21764] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 1720.313103][T21764] EXT4-fs (loop7): This should not happen!! Data will be lost [ 1720.313103][T21764] [ 1720.448308][T21764] EXT4-fs error (device loop7): ext4_ext_remove_space:2955: inode #15: comm syz.7.5123: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 1720.584254][T21764] EXT4-fs error (device loop7) in ext4_setattr:6035: Corrupt filesystem [ 1721.151520][ T8656] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 1721.802832][T21791] loop3: detected capacity change from 0 to 1024 [ 1721.836684][T21793] 9pnet: p9_errstr2errno: server reported unknown error ½ [ 1722.083076][T21796] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5133'. [ 1722.261582][T17024] hfsplus: b-tree write err: -5, ino 4 [ 1723.499586][T21809] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5138'. [ 1723.567754][T21812] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5138'. [ 1723.604184][T21811] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5141'. [ 1723.614230][T21811] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5141'. [ 1723.640550][T21810] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1724.730320][T21821] syzkaller1: entered promiscuous mode [ 1724.741354][T21821] syzkaller1: entered allmulticast mode [ 1725.202251][T21828] loop1: detected capacity change from 0 to 512 [ 1725.268291][T21828] EXT4-fs: Ignoring removed nobh option [ 1725.500521][T21828] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 1725.546211][T21828] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -61 [ 1725.583655][T21828] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #13: comm syz.1.5147: inode has both inline data and extents flags [ 1725.676973][T21828] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.5147: couldn't read orphan inode 13 (err -117) [ 1725.751712][T21828] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1726.324514][T16421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1729.012305][T21864] overlay: filesystem on ./file0 not supported [ 1730.010881][T21876] netlink: 'syz.7.5164': attribute type 4 has an invalid length. [ 1730.066028][T12296] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1730.279875][T12296] usb 4-1: Using ep0 maxpacket: 8 [ 1730.317374][T12296] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1730.334359][T12296] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1730.344927][T12296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1730.523806][T12296] usb 4-1: config 0 descriptor?? [ 1730.871543][T12296] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1731.337891][T12296] usb 4-1: USB disconnect, device number 38 [ 1733.533935][ T5840] hid-generic 0000:0000:0000.0041: unknown main item tag 0x0 [ 1733.637176][ T5840] hid-generic 0000:0000:0000.0041: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1733.726521][T21922] loop3: detected capacity change from 0 to 1024 [ 1733.842082][T21922] hfsplus: failed to load root directory [ 1733.869540][T21924] tls_set_device_offload: netdev not found [ 1734.924048][T21927] fido_id[21927]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1737.792737][T21981] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5197'. [ 1737.856030][T21981] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5197'. [ 1738.070503][T21983] netlink: 204 bytes leftover after parsing attributes in process `syz.3.5198'. [ 1739.271609][T21998] loop1: detected capacity change from 0 to 1024 [ 1739.332601][T21998] EXT4-fs: Ignoring removed bh option [ 1739.468996][T21998] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1739.721087][T21998] EXT4-fs (loop1): shut down requested (1) [ 1740.184865][T16421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1743.276558][T22051] loop1: detected capacity change from 0 to 512 [ 1744.615570][T22070] input: syz1 as /devices/virtual/input/input60 [ 1745.526936][T22083] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5231'. [ 1745.883468][T22087] netlink: 'syz.6.5234': attribute type 12 has an invalid length. [ 1745.891905][T22087] netlink: 'syz.6.5234': attribute type 29 has an invalid length. [ 1745.903211][T22087] netlink: 148 bytes leftover after parsing attributes in process `syz.6.5234'. [ 1746.284372][T22091] 9pnet: p9_errstr2errno: server reported unknown error 0x00 [ 1746.885947][T10753] usb 8-1: new high-speed USB device number 39 using dummy_hcd [ 1747.198837][T10753] usb 8-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1747.208481][T10753] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1747.216899][T10753] usb 8-1: Product: syz [ 1747.221266][T10753] usb 8-1: Manufacturer: syz [ 1747.226270][T10753] usb 8-1: SerialNumber: syz [ 1747.240333][T22105] bridge0: entered allmulticast mode [ 1747.381418][T22105] pim6reg: entered allmulticast mode [ 1747.717964][T22109] netlink: 'syz.6.5241': attribute type 12 has an invalid length. [ 1747.729522][T22109] netlink: 'syz.6.5241': attribute type 29 has an invalid length. [ 1747.737937][T22109] netlink: 148 bytes leftover after parsing attributes in process `syz.6.5241'. [ 1747.747521][T22109] netlink: 'syz.6.5241': attribute type 1 has an invalid length. [ 1747.758689][T22109] netlink: 'syz.6.5241': attribute type 2 has an invalid length. [ 1747.766761][T22109] netlink: 35 bytes leftover after parsing attributes in process `syz.6.5241'. [ 1747.888797][T10753] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1747.901366][T10753] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1748.413246][T22117] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5243'. [ 1748.641497][T10753] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -EPROTO [ 1748.653971][T10753] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1748.737309][T10753] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1748.813686][T10753] lan78xx 8-1:1.0: probe with driver lan78xx failed with error -71 [ 1748.943958][T22121] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5245'. [ 1748.981107][T10753] usb 8-1: USB disconnect, device number 39 [ 1749.547058][T22128] netlink: 'syz.0.5246': attribute type 1 has an invalid length. [ 1749.858262][T22133] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5249'. [ 1749.957387][T22134] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5249'. [ 1750.009025][T22133] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5249'. [ 1751.891643][T10753] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1752.132379][T10753] usb 4-1: Using ep0 maxpacket: 32 [ 1752.198491][T10753] usb 4-1: config 232 has an invalid interface number: 126 but max is 0 [ 1752.207407][T10753] usb 4-1: config 232 has no interface number 0 [ 1752.225870][T10753] usb 4-1: config 232 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1752.236846][T10753] usb 4-1: config 232 interface 126 altsetting 16 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1752.247463][T10753] usb 4-1: config 232 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 0 [ 1752.258325][T10753] usb 4-1: config 232 interface 126 has no altsetting 0 [ 1752.472126][T10753] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 1752.481729][T10753] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1752.494231][T10753] usb 4-1: Product: syz [ 1752.499900][T10753] usb 4-1: Manufacturer: syz [ 1752.504741][T10753] usb 4-1: SerialNumber: syz [ 1752.614195][T22158] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1753.081268][T10753] ir_usb 4-1:232.126: IR Dongle converter detected [ 1753.293994][T10753] usb 4-1: IR Dongle converter now attached to ttyUSB0 [ 1753.483174][T12296] usb 4-1: USB disconnect, device number 39 [ 1753.583330][T12296] ir-usb ttyUSB0: IR Dongle converter now disconnected from ttyUSB0 [ 1753.669572][T12296] ir_usb 4-1:232.126: device disconnected [ 1755.810839][T22202] overlayfs: failed to clone upperpath [ 1756.521337][T22209] loop7: detected capacity change from 0 to 2048 [ 1756.596172][T22209] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1756.764594][T22219] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1756.848107][T22209] syz.7.5275: attempt to access beyond end of device [ 1756.848107][T22209] loop7: rw=8912896, sector=33554430, nr_sectors = 2 limit=2048 [ 1757.099794][T22209] NILFS error (device loop7): nilfs_check_folio: bad entry in directory #2: directory entry across blocks - offset=104, inode=16, rec_len=1816, name_len=0 [ 1757.219828][T22209] Remounting filesystem read-only [ 1757.246461][T22220] NILFS error (device loop7): nilfs_check_folio: bad entry in directory #2: directory entry across blocks - offset=104, inode=16, rec_len=1816, name_len=0 [ 1757.379890][T22209] NILFS error (device loop7): nilfs_check_folio: bad entry in directory #2: directory entry across blocks - offset=104, inode=16, rec_len=1816, name_len=0 [ 1757.502774][T22209] NILFS error (device loop7): nilfs_check_folio: bad entry in directory #2: directory entry across blocks - offset=104, inode=16, rec_len=1816, name_len=0 [ 1757.576497][T22209] NILFS error (device loop7): nilfs_check_folio: bad entry in directory #2: directory entry across blocks - offset=104, inode=16, rec_len=1816, name_len=0 [ 1757.683931][T22227] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5280'. [ 1763.158565][T22310] loop1: detected capacity change from 0 to 512 [ 1763.222737][T22310] EXT4-fs: Ignoring removed orlov option [ 1763.320177][T22310] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1763.421011][T22310] EXT4-fs (loop1): 1 orphan inode deleted [ 1763.427113][T22310] EXT4-fs (loop1): 1 truncate cleaned up [ 1763.504597][T22310] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1763.903828][T16421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1767.438829][T22359] netlink: 'syz.0.5321': attribute type 11 has an invalid length. [ 1767.890424][T22364] loop7: detected capacity change from 0 to 1024 [ 1768.220503][ T30] audit: type=1800 audit(2000001020.970:323): pid=22364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.5323" name="file2" dev="loop7" ino=2 res=0 errno=0 [ 1768.288388][T22364] hfsplus: bad catalog file entry [ 1768.767561][ T997] hfsplus: b-tree write err: -5, ino 3 [ 1769.516923][T22383] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5329'. [ 1770.898143][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1770.976381][T20501] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1771.487854][T20501] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1771.499154][T20501] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1772.061439][T20501] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1772.071192][T20501] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1772.079662][T20501] usb 2-1: SerialNumber: syz [ 1773.101533][T20501] usb 2-1: 0:2 : does not exist [ 1773.358813][T20501] usb 2-1: USB disconnect, device number 30 [ 1773.600984][ T5959] udevd[5959]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1774.560835][T10244] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 1774.703458][T22469] loop1: detected capacity change from 0 to 512 [ 1774.788984][T22469] EXT4-fs: Ignoring removed nobh option [ 1774.840971][T22469] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1775.085500][T22469] EXT4-fs (loop1): 1 truncate cleaned up [ 1775.100422][T22469] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1775.276704][T22469] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 1775.280598][T22475] overlayfs: failed to resolve './file1': -2 [ 1775.668916][T16421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1776.917164][T22498] loop3: detected capacity change from 0 to 512 [ 1778.318906][T22515] loop1: detected capacity change from 0 to 128 [ 1778.427727][T22515] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1778.554882][T22515] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 1778.576344][T10244] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1778.584929][T10244] Bluetooth: hci3: Injecting HCI hardware error event [ 1778.595065][T10244] Bluetooth: hci3: hardware error 0x00 [ 1779.161983][T17025] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 1779.324836][T22528] loop3: detected capacity change from 0 to 512 [ 1779.601246][T22528] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1779.718784][T22528] ext4 filesystem being mounted at /689/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1779.942615][T22528] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 1780.655626][T10244] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1780.684320][T22547] loop7: detected capacity change from 0 to 256 [ 1781.107934][T22547] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d) [ 1781.890224][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1783.377069][T22565] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5369'. [ 1783.809318][T22572] loop7: detected capacity change from 0 to 128 [ 1783.976436][T22572] UDF-fs: error (device loop7): udf_read_tagged: read failed, block=256, location=256 [ 1784.872968][T22579] UDF-fs: error (device loop7): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 1785.224756][T22585] netlink: 876 bytes leftover after parsing attributes in process `syz.0.5376'. [ 1785.237327][T22585] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5376'. [ 1787.378838][T10244] block nbd1: Receive control failed (result -32) [ 1787.388209][T22607] block nbd1: shutting down sockets [ 1787.959155][T22610] loop7: detected capacity change from 0 to 1024 [ 1788.865521][T20501] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1789.117879][T20501] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1789.229425][T20501] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1789.238985][T20501] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1789.247632][T20501] usb 2-1: Product: syz [ 1789.255573][T20501] usb 2-1: Manufacturer: syz [ 1789.260397][T20501] usb 2-1: SerialNumber: syz [ 1789.729132][T20501] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 31 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1789.954492][T12296] usb 2-1: USB disconnect, device number 31 [ 1790.038542][T12296] usblp0: removed [ 1790.871648][T22637] fuse: Bad value for 'fd' [ 1793.027626][T22667] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5403'. [ 1793.037094][T22667] netlink: 'syz.3.5403': attribute type 18 has an invalid length. [ 1793.292628][T22667] vxlan0: entered promiscuous mode [ 1793.394735][T17025] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1793.468497][T17025] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1793.528527][T16999] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1793.603389][T16999] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1795.454222][T14372] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1795.468242][T14372] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1795.791331][T14372] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1795.806779][T14372] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1796.130908][T14372] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1796.141776][T14372] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1796.481969][T14372] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1796.496301][T14372] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1797.628440][T14372] bridge_slave_1: left allmulticast mode [ 1797.634346][T14372] bridge_slave_1: left promiscuous mode [ 1797.641504][T14372] bridge0: port 2(bridge_slave_1) entered disabled state [ 1797.792938][T14372] bridge_slave_0: left allmulticast mode [ 1797.799249][T14372] bridge_slave_0: left promiscuous mode [ 1797.806091][T14372] bridge0: port 1(bridge_slave_0) entered disabled state [ 1798.365140][T22718] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5420'. [ 1798.935425][ T30] audit: type=1326 audit(2000001051.680:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22722 comm="syz.1.5421" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf749d539 code=0x0 [ 1799.714075][T14372] bridge0 (unregistering): left allmulticast mode [ 1799.891458][T14372] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1799.981735][T14372] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1800.091012][T14372] bond0 (unregistering): Released all slaves [ 1801.388813][T14372] hsr_slave_0: left promiscuous mode [ 1801.427826][T14372] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1801.436334][T14372] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1801.514276][T14372] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1801.525765][T14372] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1801.643306][T14372] veth1_macvtap: left promiscuous mode [ 1801.696005][T14372] veth0_macvtap: left promiscuous mode [ 1801.718829][T14372] veth1_vlan: left allmulticast mode [ 1801.724389][T14372] veth1_vlan: left promiscuous mode [ 1801.769535][T14372] veth0_vlan: left promiscuous mode [ 1802.219918][T22743] uprobe: syz.6.5426:22743 failed to unregister, leaking uprobe [ 1803.021593][T14372] pim6reg (unregistering): left allmulticast mode [ 1803.840728][T14372] team0 (unregistering): Port device team_slave_1 removed [ 1803.917360][T14372] team0 (unregistering): Port device team_slave_0 removed [ 1804.925116][T14372] IPVS: stop unused estimator thread 0... [ 1804.979580][T22770] netlink: 'syz.1.5435': attribute type 8 has an invalid length. [ 1804.990604][T22770] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5435'. [ 1805.338049][T22770] bond0: entered promiscuous mode [ 1805.343779][T22770] bond_slave_0: entered promiscuous mode [ 1805.351150][T22770] bond_slave_1: entered promiscuous mode [ 1805.570724][T22770] gretap0: entered promiscuous mode [ 1805.664368][T22770] ip6gretap0: entered promiscuous mode [ 1805.711564][T22770] hsr0: entered promiscuous mode [ 1805.718531][T22769] netlink: 'syz.3.5433': attribute type 1 has an invalid length. [ 1805.726739][T22769] netlink: 'syz.3.5433': attribute type 2 has an invalid length. [ 1805.734836][T22769] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5433'. [ 1806.398252][T17760] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1806.414254][T17760] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1806.424350][T17760] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1806.439570][T17760] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1806.497445][T17760] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1807.193827][T14372] bond2: left allmulticast mode [ 1807.200275][T14372] bond2: left promiscuous mode [ 1807.206468][T14372] bridge0: port 1(bond2) entered disabled state [ 1807.238449][T14372] team0: left allmulticast mode [ 1807.243525][T14372] team_slave_0: left allmulticast mode [ 1807.249437][T14372] team_slave_1: left allmulticast mode [ 1807.255088][T14372] bridge1: left allmulticast mode [ 1807.260545][T14372] team0: left promiscuous mode [ 1807.265581][T14372] team_slave_0: left promiscuous mode [ 1807.275023][T14372] team_slave_1: left promiscuous mode [ 1807.281743][T14372] bridge1: left promiscuous mode [ 1807.288611][T14372] bridge0: port 3(team0) entered disabled state [ 1807.301255][T14372] bridge_slave_1: left allmulticast mode [ 1807.307603][T14372] bridge_slave_1: left promiscuous mode [ 1807.314230][T14372] bridge0: port 2(bridge_slave_1) entered disabled state [ 1807.852718][T14372] bond1 (unregistering): (slave gre1): Releasing backup interface [ 1807.891251][T14372] gre1 (unregistering): left promiscuous mode [ 1808.041689][T14372] team0: Port device bridge1 removed [ 1808.200257][T14372] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1808.278793][T14372] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1808.325863][T14372] bond0 (unregistering): Released all slaves [ 1808.378716][ T30] audit: type=1800 audit(2000001061.130:325): pid=22794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.5438" name="file1" dev="tmpfs" ino=1712 res=0 errno=0 [ 1808.424848][T14372] bond1 (unregistering): Released all slaves [ 1808.558087][T14372] bond2 (unregistering): Released all slaves [ 1808.578300][T17760] Bluetooth: hci1: command tx timeout [ 1809.293539][T10244] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1809.306508][T10244] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1809.316267][T10244] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1809.335824][T10244] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1809.347631][T10244] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1810.000633][T14372] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1810.056611][T14372] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1810.087045][T22814] loop3: detected capacity change from 0 to 1024 [ 1810.655694][T17760] Bluetooth: hci1: command tx timeout [ 1810.845678][ T3465] hfsplus: bad catalog file entry [ 1810.870452][ T3465] hfsplus: b-tree write err: -5, ino 3 [ 1811.459253][T17760] Bluetooth: hci4: command tx timeout [ 1811.481251][T14372] team0 (unregistering): Port device team_slave_1 removed [ 1811.685611][T14372] team0 (unregistering): Port device team_slave_0 removed [ 1812.106813][T22833] fuse: Bad value for 'fd' [ 1812.434929][T22779] chnl_net:caif_netlink_parms(): no params data found [ 1812.736385][T17760] Bluetooth: hci1: command tx timeout [ 1813.512130][T20501] libceph: connect (1)[c::]:6789 error -101 [ 1813.550622][T20501] libceph: mon0 (1)[c::]:6789 connect error [ 1813.583499][T20501] libceph: connect (1)[c::]:6789 error -101 [ 1813.599682][T17760] Bluetooth: hci4: command tx timeout [ 1813.624868][T20501] libceph: mon0 (1)[c::]:6789 connect error [ 1813.755992][T20501] libceph: connect (1)[c::]:6789 error -101 [ 1813.763036][T20501] libceph: mon0 (1)[c::]:6789 connect error [ 1813.817520][T20501] libceph: connect (1)[c::]:6789 error -101 [ 1813.859527][T20501] libceph: mon0 (1)[c::]:6789 connect error [ 1813.898784][T20501] libceph: connect (1)[c::]:6789 error -101 [ 1813.915486][T20501] libceph: mon0 (1)[c::]:6789 connect error [ 1813.991664][T22841] ceph: No mds server is up or the cluster is laggy [ 1813.998829][T22846] ceph: No mds server is up or the cluster is laggy [ 1814.817856][T17760] Bluetooth: hci1: command tx timeout [ 1815.256696][T22802] chnl_net:caif_netlink_parms(): no params data found [ 1815.354245][T22779] bridge0: port 1(bridge_slave_0) entered blocking state [ 1815.364354][T22779] bridge0: port 1(bridge_slave_0) entered disabled state [ 1815.416126][T22779] bridge_slave_0: entered allmulticast mode [ 1815.458860][T22779] bridge_slave_0: entered promiscuous mode [ 1815.615775][T17760] Bluetooth: hci4: command tx timeout [ 1815.691600][T22779] bridge0: port 2(bridge_slave_1) entered blocking state [ 1815.699622][T22779] bridge0: port 2(bridge_slave_1) entered disabled state [ 1815.744521][T22779] bridge_slave_1: entered allmulticast mode [ 1815.754959][T22779] bridge_slave_1: entered promiscuous mode [ 1816.351603][T22779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1816.432948][T22779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1816.971761][T22779] team0: Port device team_slave_0 added [ 1817.104632][T22779] team0: Port device team_slave_1 added [ 1817.119389][T22889] loop3: detected capacity change from 0 to 256 [ 1817.530446][T22779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1817.541614][T22779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1817.568037][T22779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1817.709489][T17760] Bluetooth: hci4: command tx timeout [ 1817.724080][T22779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1817.731425][T22779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1817.757737][T22779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1818.528601][T12296] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 1818.627418][T22779] hsr_slave_0: entered promiscuous mode [ 1818.650593][T22779] hsr_slave_1: entered promiscuous mode [ 1818.674294][T22779] debugfs: 'hsr0' already exists in 'hsr' [ 1818.680387][T22779] Cannot create hsr debugfs directory [ 1818.708642][T22802] bridge0: port 1(bridge_slave_0) entered blocking state [ 1818.716363][T22802] bridge0: port 1(bridge_slave_0) entered disabled state [ 1818.734438][T22802] bridge_slave_0: entered allmulticast mode [ 1818.736546][T12296] usb 2-1: Using ep0 maxpacket: 8 [ 1818.754608][T22802] bridge_slave_0: entered promiscuous mode [ 1818.793872][T12296] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 1818.802534][T12296] usb 2-1: config 0 has no interface number 0 [ 1818.908404][T12296] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 1818.916388][T22802] bridge0: port 2(bridge_slave_1) entered blocking state [ 1818.918664][T12296] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1818.925968][T22802] bridge0: port 2(bridge_slave_1) entered disabled state [ 1818.940232][T12296] usb 2-1: Product: syz [ 1818.940352][T12296] usb 2-1: Manufacturer: syz [ 1818.940467][T12296] usb 2-1: SerialNumber: syz [ 1819.038633][T12296] usb 2-1: config 0 descriptor?? [ 1819.081712][T22802] bridge_slave_1: entered allmulticast mode [ 1819.131521][T22802] bridge_slave_1: entered promiscuous mode [ 1819.314651][T12296] uvcvideo 2-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 1819.364127][T12296] uvcvideo 2-1:0.31: No valid video chain found. [ 1819.408650][T12296] usb 2-1: USB disconnect, device number 32 [ 1819.627543][T22802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1819.743884][T22802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1820.291244][T22802] team0: Port device team_slave_0 added [ 1820.600245][T22802] team0: Port device team_slave_1 added [ 1821.056890][T22802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1821.064058][T22802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1821.093563][T22802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1821.188551][T22802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1821.195933][T22802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1821.226148][T22802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1821.401641][T22933] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5474'. [ 1821.983954][T22802] hsr_slave_0: entered promiscuous mode [ 1822.029726][T22802] hsr_slave_1: entered promiscuous mode [ 1822.084862][T22802] debugfs: 'hsr0' already exists in 'hsr' [ 1822.091313][T22802] Cannot create hsr debugfs directory [ 1823.818304][T22779] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1823.996266][T22779] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1824.113048][T22779] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1824.332898][T22779] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1824.712240][T22971] loop1: detected capacity change from 0 to 1024 [ 1824.754831][T22971] EXT4-fs: Ignoring removed oldalloc option [ 1824.899281][T22971] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 1824.992054][T22971] ext4 filesystem being mounted at /384/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1825.380740][T22979] loop3: detected capacity change from 0 to 1024 [ 1825.423570][T22979] EXT4-fs: Ignoring removed bh option [ 1825.442716][T16421] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 1825.596791][T22979] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1826.493328][T22802] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1826.579286][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1826.589494][T22802] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1826.639353][T22802] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1826.720072][T22802] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1827.021978][T22779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1827.316404][T22779] 8021q: adding VLAN 0 to HW filter on device team0 [ 1827.586790][T14372] bridge0: port 1(bridge_slave_0) entered blocking state [ 1827.594336][T14372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1827.692505][T14372] bridge0: port 2(bridge_slave_1) entered blocking state [ 1827.700221][T14372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1829.289217][T22802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1829.527846][T22802] 8021q: adding VLAN 0 to HW filter on device team0 [ 1829.665379][ T6120] bridge0: port 1(bridge_slave_0) entered blocking state [ 1829.673032][ T6120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1829.803889][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1829.811754][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1831.324124][T22779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1831.827052][T23042] loop3: detected capacity change from 0 to 1024 [ 1831.954874][T23042] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 1832.000191][T23042] ext4 filesystem being mounted at /731/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1832.126404][T23042] EXT4-fs error (device loop3): ext4_map_blocks:825: inode #15: comm syz.3.5500: lblock 0 mapped to illegal pblock 0 (length 6) [ 1832.150962][T23052] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5500: bg 0: block 112: padding at end of block bitmap is not set [ 1832.219626][T23042] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 1832.232853][T23042] EXT4-fs (loop3): This should not happen!! Data will be lost [ 1832.232853][T23042] [ 1832.247500][T23052] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 45 with error 117 [ 1832.262580][T23052] EXT4-fs (loop3): This should not happen!! Data will be lost [ 1832.262580][T23052] [ 1832.333959][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1832.714259][ T9772] EXT4-fs error (device loop3): ext4_map_blocks:825: inode #15: block 8: comm kworker/u8:15: lblock 8 mapped to illegal pblock 8 (length 8) [ 1832.851623][ T9772] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 1832.867600][ T9772] EXT4-fs (loop3): This should not happen!! Data will be lost [ 1832.867600][ T9772] [ 1832.996715][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 1833.371673][T22802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1833.950298][ T30] audit: type=1326 audit(2000001086.700:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23067 comm="syz.3.5504" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf748d539 code=0x0 [ 1835.369486][T22779] veth0_vlan: entered promiscuous mode [ 1835.517169][T22779] veth1_vlan: entered promiscuous mode [ 1836.287517][T22779] veth0_macvtap: entered promiscuous mode [ 1836.390424][T22779] veth1_macvtap: entered promiscuous mode [ 1837.132505][T22779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1837.385926][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1837.393812][T22779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1837.527465][T22802] veth0_vlan: entered promiscuous mode [ 1837.651147][ T6120] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1837.737723][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1837.812694][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1837.887769][T22802] veth1_vlan: entered promiscuous mode [ 1837.912545][ T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1838.690480][T22802] veth0_macvtap: entered promiscuous mode [ 1838.823771][T22802] veth1_macvtap: entered promiscuous mode [ 1839.208172][T22802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1839.392802][T22802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1839.675901][T17060] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1839.782958][T17060] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1839.851046][T17060] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1839.963846][T17060] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1840.714961][T23138] loop3: detected capacity change from 0 to 512 [ 1840.930478][T23138] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1841.052932][T23138] ext4 filesystem being mounted at /739/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1842.829482][T12247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1843.853772][T23176] input: syz1 as /devices/virtual/input/input61 [ 1846.215789][T10753] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 1846.430513][T10753] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1846.440124][T10753] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1846.448545][T10753] usb 2-1: Product: syz [ 1846.452917][T10753] usb 2-1: Manufacturer: syz [ 1846.457904][T10753] usb 2-1: SerialNumber: syz [ 1846.800521][T17060] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1846.808831][T17060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1847.071440][T23222] loop3: detected capacity change from 0 to 136 [ 1847.366807][ T6120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1847.374979][ T6120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1847.736336][T10753] cdc_ncm 2-1:1.0: failed to get mac address [ 1847.943025][T10753] cdc_ncm 2-1:1.0: bind() failure [ 1848.141335][T10753] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 1848.240824][T10753] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 1848.365942][T10753] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 1848.526472][T10753] usb 2-1: USB disconnect, device number 33 [ 1848.880530][T23231] 9p: Bad value for 'rfdno' [ 1849.853157][T17042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1849.862111][T17042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1850.301859][ T3399] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1850.310383][ T3399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1853.194859][T10244] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1853.209919][T10244] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1853.220254][T10244] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1853.242091][T10244] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1853.276906][T10244] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1853.435686][T23276] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5550'. [ 1853.451191][T23276] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5550'. [ 1853.645033][ C1] ===================================================== [ 1853.652429][ C1] BUG: KMSAN: uninit-value in __dev_queue_xmit+0x2fe8/0x5890 [ 1853.660163][ C1] __dev_queue_xmit+0x2fe8/0x5890 [ 1853.665487][ C1] hsr_forward_skb+0x219a/0x3c60 [ 1853.670657][ C1] hsr_handle_frame+0xcfc/0x1120 [ 1853.675889][ C1] __netif_receive_skb_core+0xef3/0x4d80 [ 1853.681760][ C1] __netif_receive_skb_list_core+0x2f9/0x16a0 [ 1853.688265][ C1] netif_receive_skb_list_internal+0xeed/0x1540 [ 1853.694788][ C1] napi_complete_done+0x403/0x790 [ 1853.700136][ C1] gro_cell_poll+0x2c8/0x310 [ 1853.704967][ C1] __napi_poll+0xdc/0x890 [ 1853.709593][ C1] net_rx_action+0xa1c/0x1c20 [ 1853.714593][ C1] handle_softirqs+0x168/0x6e0 [ 1853.719640][ C1] __do_softirq+0x14/0x1b [ 1853.724169][ C1] do_softirq+0x58/0x90 [ 1853.728587][ C1] __local_bh_enable_ip+0xa1/0xb0 [ 1853.733998][ C1] tun_rx_batched+0x887/0x980 [ 1853.738970][ C1] tun_get_user+0x5c0d/0x6c80 [ 1853.743876][ C1] tun_chr_write_iter+0x3e9/0x5c0 [ 1853.749185][ C1] vfs_write+0xbe1/0x15c0 [ 1853.753735][ C1] ksys_write+0x1d9/0x470 [ 1853.758358][ C1] __ia32_sys_write+0x9a/0xf0 [ 1853.763329][ C1] ia32_sys_call+0x3d5e/0x4340 [ 1853.768460][ C1] __do_fast_syscall_32+0x14a/0x310 [ 1853.773959][ C1] do_fast_syscall_32+0x37/0x80 [ 1853.779140][ C1] do_SYSENTER_32+0x1f/0x30 [ 1853.783939][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1853.790614][ C1] [ 1853.793095][ C1] Uninit was stored to memory at: [ 1853.798512][ C1] qdisc_pkt_len_segs_init+0xa19/0xa80 [ 1853.804195][ C1] __dev_queue_xmit+0x303/0x5890 [ 1853.809398][ C1] hsr_forward_skb+0x219a/0x3c60 [ 1853.814583][ C1] hsr_handle_frame+0xcfc/0x1120 [ 1853.819796][ C1] __netif_receive_skb_core+0xef3/0x4d80 [ 1853.825858][ C1] __netif_receive_skb_list_core+0x2f9/0x16a0 [ 1853.832291][ C1] netif_receive_skb_list_internal+0xeed/0x1540 [ 1853.838904][ C1] napi_complete_done+0x403/0x790 [ 1853.844161][ C1] gro_cell_poll+0x2c8/0x310 [ 1853.849025][ C1] __napi_poll+0xdc/0x890 [ 1853.854019][ C1] net_rx_action+0xa1c/0x1c20 [ 1853.858994][ C1] handle_softirqs+0x168/0x6e0 [ 1853.863961][ C1] __do_softirq+0x14/0x1b [ 1853.868554][ C1] [ 1853.871090][ C1] Uninit was created at: [ 1853.875698][ C1] kmem_cache_alloc_node_noprof+0x9de/0x1780 [ 1853.881987][ C1] kmalloc_reserve+0x13c/0x4b0 [ 1853.887022][ C1] __alloc_skb+0x805/0x1030 [ 1853.891722][ C1] __pskb_copy_fclone+0xcc/0x14d0 [ 1853.897058][ C1] hsr_create_tagged_frame+0x30b/0x1330 [ 1853.902929][ C1] hsr_forward_skb+0x16d1/0x3c60 [ 1853.908195][ C1] hsr_handle_frame+0xcfc/0x1120 [ 1853.913549][ C1] __netif_receive_skb_core+0xef3/0x4d80 [ 1853.919504][ C1] __netif_receive_skb_list_core+0x2f9/0x16a0 [ 1853.925911][ C1] netif_receive_skb_list_internal+0xeed/0x1540 [ 1853.932410][ C1] napi_complete_done+0x403/0x790 [ 1853.937736][ C1] gro_cell_poll+0x2c8/0x310 [ 1853.942545][ C1] __napi_poll+0xdc/0x890 [ 1853.947177][ C1] net_rx_action+0xa1c/0x1c20 [ 1853.952100][ C1] handle_softirqs+0x168/0x6e0 [ 1853.957170][ C1] __do_softirq+0x14/0x1b [ 1853.961701][ C1] [ 1853.964194][ C1] CPU: 1 UID: 0 PID: 23277 Comm: syz.1.5551 Tainted: G W L syzkaller #0 PREEMPT(voluntary) [ 1853.975869][ C1] Tainted: [W]=WARN, [L]=SOFTLOCKUP [ 1853.981200][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1853.991571][ C1] ===================================================== [ 1853.998695][ C1] Disabling lock debugging due to kernel taint [ 1854.005076][ C1] Kernel panic - not syncing: kmsan.panic set ... [ 1854.011654][ C1] CPU: 1 UID: 0 PID: 23277 Comm: syz.1.5551 Tainted: G B W L syzkaller #0 PREEMPT(voluntary) [ 1854.023375][ C1] Tainted: [B]=BAD_PAGE, [W]=WARN, [L]=SOFTLOCKUP [ 1854.029917][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1854.040134][ C1] Call Trace: [ 1854.043628][ C1] [ 1854.046588][ C1] __dump_stack+0x26/0x30 [ 1854.051143][ C1] dump_stack_lvl+0x50/0x1c0 [ 1854.055985][ C1] ? dump_stack+0x12/0x25 [ 1854.060546][ C1] dump_stack+0x1e/0x25 [ 1854.064927][ C1] vpanic+0x435/0xd40 [ 1854.069164][ C1] panic+0x15d/0x160 [ 1854.073335][ C1] kmsan_report+0x31a/0x320 [ 1854.078097][ C1] ? __msan_warning+0x1b/0x30 [ 1854.083022][ C1] ? __dev_queue_xmit+0x2fe8/0x5890 [ 1854.088463][ C1] ? hsr_forward_skb+0x219a/0x3c60 [ 1854.093803][ C1] ? hsr_handle_frame+0xcfc/0x1120 [ 1854.099147][ C1] ? __netif_receive_skb_core+0xef3/0x4d80 [ 1854.105212][ C1] ? __netif_receive_skb_list_core+0x2f9/0x16a0 [ 1854.111709][ C1] ? netif_receive_skb_list_internal+0xeed/0x1540 [ 1854.118376][ C1] ? napi_complete_done+0x403/0x790 [ 1854.123897][ C1] ? gro_cell_poll+0x2c8/0x310 [ 1854.128965][ C1] ? __napi_poll+0xdc/0x890 [ 1854.133719][ C1] ? net_rx_action+0xa1c/0x1c20 [ 1854.138805][ C1] ? handle_softirqs+0x168/0x6e0 [ 1854.143969][ C1] ? __do_softirq+0x14/0x1b [ 1854.148692][ C1] ? do_softirq+0x58/0x90 [ 1854.153225][ C1] ? __local_bh_enable_ip+0xa1/0xb0 [ 1854.158626][ C1] ? tun_rx_batched+0x887/0x980 [ 1854.163719][ C1] ? tun_get_user+0x5c0d/0x6c80 [ 1854.168803][ C1] ? tun_chr_write_iter+0x3e9/0x5c0 [ 1854.174239][ C1] ? vfs_write+0xbe1/0x15c0 [ 1854.178967][ C1] ? ksys_write+0x1d9/0x470 [ 1854.183711][ C1] ? __ia32_sys_write+0x9a/0xf0 [ 1854.188796][ C1] ? ia32_sys_call+0x3d5e/0x4340 [ 1854.193990][ C1] ? __do_fast_syscall_32+0x14a/0x310 [ 1854.199612][ C1] ? do_fast_syscall_32+0x37/0x80 [ 1854.204863][ C1] ? do_SYSENTER_32+0x1f/0x30 [ 1854.209795][ C1] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1854.216552][ C1] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 1854.222879][ C1] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 1854.228924][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.234318][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 1854.240930][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.246332][ C1] __msan_warning+0x1b/0x30 [ 1854.251075][ C1] __dev_queue_xmit+0x2fe8/0x5890 [ 1854.256340][ C1] ? __msan_memset+0xf3/0x1a0 [ 1854.261261][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.266634][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1854.272705][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.278107][ C1] ? __dev_queue_xmit+0x27d/0x5890 [ 1854.283508][ C1] hsr_forward_skb+0x219a/0x3c60 [ 1854.288739][ C1] hsr_handle_frame+0xcfc/0x1120 [ 1854.293935][ C1] ? __pfx_hsr_handle_frame+0x10/0x10 [ 1854.299555][ C1] __netif_receive_skb_core+0xef3/0x4d80 [ 1854.305438][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.310814][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1854.316889][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.322265][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1854.328437][ C1] ? filter_irq_stacks+0x49/0x190 [ 1854.333721][ C1] ? stack_depot_save_flags+0x35/0x790 [ 1854.339431][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.344837][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.350220][ C1] __netif_receive_skb_list_core+0x2f9/0x16a0 [ 1854.356599][ C1] netif_receive_skb_list_internal+0xeed/0x1540 [ 1854.363148][ C1] napi_complete_done+0x403/0x790 [ 1854.368460][ C1] gro_cell_poll+0x2c8/0x310 [ 1854.373266][ C1] ? kmsan_get_metadata+0x146/0x160 [ 1854.378734][ C1] ? __pfx_gro_cell_poll+0x10/0x10 [ 1854.384061][ C1] __napi_poll+0xdc/0x890 [ 1854.388646][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1854.394740][ C1] net_rx_action+0xa1c/0x1c20 [ 1854.399678][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1854.405760][ C1] ? sched_clock_cpu+0x59/0xa70 [ 1854.410844][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.416257][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 1854.421613][ C1] handle_softirqs+0x168/0x6e0 [ 1854.426658][ C1] __do_softirq+0x14/0x1b [ 1854.431212][ C1] do_softirq+0x58/0x90 [ 1854.435609][ C1] [ 1854.438661][ C1] [ 1854.441715][ C1] __local_bh_enable_ip+0xa1/0xb0 [ 1854.446962][ C1] ? tun_rx_batched+0x167/0x980 [ 1854.452082][ C1] tun_rx_batched+0x887/0x980 [ 1854.457023][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.462450][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.467830][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1854.473957][ C1] tun_get_user+0x5c0d/0x6c80 [ 1854.478901][ C1] ? stack_depot_save_flags+0x35/0x790 [ 1854.484637][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.490006][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 1854.495385][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 1854.501983][ C1] ? ref_tracker_alloc+0x440/0x7a0 [ 1854.507435][ C1] tun_chr_write_iter+0x3e9/0x5c0 [ 1854.512733][ C1] vfs_write+0xbe1/0x15c0 [ 1854.517320][ C1] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1854.523138][ C1] ksys_write+0x1d9/0x470 [ 1854.527722][ C1] __ia32_sys_write+0x9a/0xf0 [ 1854.532652][ C1] ia32_sys_call+0x3d5e/0x4340 [ 1854.537680][ C1] __do_fast_syscall_32+0x14a/0x310 [ 1854.543144][ C1] do_fast_syscall_32+0x37/0x80 [ 1854.548243][ C1] do_SYSENTER_32+0x1f/0x30 [ 1854.552981][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1854.559544][ C1] RIP: 0023:0xf749d539 [ 1854.563760][ C1] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1854.583586][ C1] RSP: 002b:00000000f54c650c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1854.592236][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 1854.600367][ C1] RDX: 000000000000007a RSI: 0000000000000000 RDI: 0000000000000000 [ 1854.608498][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1854.616639][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1854.624768][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1854.632947][ C1] [ 1854.636717][ C1] Kernel Offset: disabled [ 1854.641118][ C1] Rebooting in 86400 seconds..