last executing test programs: 4m36.064842202s ago: executing program 0 (id=306): r0 = socket$inet(0x2, 0x2, 0x1) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000680)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x2004000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x1, &(0x7f0000001380)=0x1a, 0x4) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) r7 = accept4(r6, 0x0, 0x0, 0x80800) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="700000001000ffff25bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="920a050000000000480012800e0001006970366772657461700000003400028014000700ff02000000000000000000000000000114000600fe80000000000000000000000000003508000100", @ANYRES32=r1], 0x70}, 0x1, 0x0, 0x0, 0x4000080}, 0x20048004) 4m33.944759637s ago: executing program 0 (id=309): syz_genetlink_get_family_id$nbd(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'gre0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x38, 0x10, 0x421, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r1, 0x0, 0x10000}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e20}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_rdma(0x10, 0x3, 0x14) socket$packet(0x11, 0x3, 0x300) ioprio_set$pid(0x3, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x101a02, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x8, &(0x7f00000000c0)=0x0) eventfd2(0x0, 0x0) io_submit(r6, 0x1, &(0x7f00000006c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0}]) io_getevents(r6, 0x2, 0x2, &(0x7f0000001340)=[{}, {}], 0x0) 4m30.19016266s ago: executing program 0 (id=314): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0) write$sequencer(r2, &(0x7f0000000000)=[@t={0x81, 0x5, 0x0, 0x1, @generic=0xf}], 0x8) r3 = epoll_create1(0x0) r4 = dup3(r1, r2, 0x80000) ioctl$DRM_IOCTL_ADD_MAP(r4, 0xc0286415, &(0x7f0000000200)={&(0x7f0000ffe000/0x1000)=nil, 0xa5, 0x2, 0x10}) r5 = epoll_create1(0x0) r6 = dup3(r1, r5, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r6, &(0x7f00000001c0)={0x2007}) syz_usb_connect$cdc_ncm(0x5, 0x98, &(0x7f0000000100)=ANY=[@ANYBLOB="12010102020000082505a1a4400001020301090286000201df40010904000001020d00000524060001052400240060240f01fcffffffba00b4000906241abcf806152412ff00"], &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0}) sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r8) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x14, r9, 0x7}, 0x14}, 0x1, 0x0, 0x0, 0x48050}, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x32, 0xffffffffffffffff, 0x0) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x17, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20000000}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x48010000}, {0x85, 0x0, 0x0, 0x86}}, {}, [@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3fd}, {0x85, 0x0, 0x0, 0xc2}}], {{}, {}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x2, 0x1001, &(0x7f0000001cc0)=""/4097, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4b564d02, 0xec000000}]}) ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, &(0x7f0000000240)={0xc, 0x6, 0x10}) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xf}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0) 4m25.096928669s ago: executing program 0 (id=324): syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)={[{@quota}, {@grpquota_block_hardlimit}]}) syz_mount_image$exfat(0x0, &(0x7f0000000940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1380443, 0x0, 0x3, 0x0, &(0x7f0000000000)) r0 = open(&(0x7f0000000480)='./file1\x00', 0x16907e, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x65055, &(0x7f0000000340)={0xa, 0x4e20, 0x5, @local, 0xa}, 0x1c) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a00000000000000000000020000000000000000010000840800000006000000010000000400000f000000"], 0x0, 0x46, 0x0, 0x1}, 0x28) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="da00009e89b759", @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f00000001c0)={0x1, 0x0, [{0x1, 0x2, 0x80, 0xfffffff9, 0xeaa}]}) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000600)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfc695eec6b4426ea40a206b9cdbc407406838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9a943b5a180daf743cf4f42698c10d467e714371c2c78b293c2e33df72ca75c486b859d14464b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d34a20bed8351e1f200000000000001f54074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59116563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f015eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a1245a6a4690f00a75a064cdaae3e59099df9c3e384e6927fbf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83234be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562ecbffb31806b1025784162fa5895299eb8fb8eaec40808fe6eb449333f62a998d77d2e9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcbc00c89cfcfdf92ef6ad69889b1d9984feb0711745f126fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586a00206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e98b42f698b043ed9b97dcb6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e15c9b67ed40416ba164033135fee831df925e9baabdb846b5bf66855e3f8b79dca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf900"}) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000540)='./file1\x00', 0x3010018, &(0x7f0000000040), 0x5, 0x4c3, &(0x7f0000000ac0)="$eJzs3U1oXNUeAPD/nXw0L01f8j54r3SV9wp9fZQmTad5pdAH7apQtGArKOjC0EzStJO2NCmYLMQP0IoK7aYbi6ALBekirlQEkS5ERXDRjaAUVBAbSKtVpAshcu/MxLSZpE1Tc2n8/eBwz7kzc89/5uSeueefSxLAH1ZnROyKiIaI2BIR7dX9hWqJJyslfV6pOHEoLUlMTx+4mkQSEXuLE4dqx0qq29XVA7RExIUPI1ob5/Y7MjZ+pK9cLp2otrtHh493j4yNbx4a7hssDZaOFnu2F4vF3h3F3rv2Xn/45fCZd67vef7sle8//ebi2+eT2BVt1cdmv4+7pTM6Zz6T2RqTiP/f7c5y1pJ3ACza+fvPvJR3DADA8kuv8f8aEf/Orv/boyEqF+uHJx+91h7XBuZ7XcfPr1xezjgBAACAOzcd7bEz3QIAAAArViEi2iIpdFXvBWiLQqGrq3IP79+jtVA+NjK6aeDYyaP9kd0r2xFNhYGhcql2r3BHNCVpuyer/9beelO7GBF/iYhT7X/K2l0Hj5X7805+AAAAwArXFnHpkWfe/efqedb/qS/b844SAAAAWIp0/b/mUmv2p7p+ss4HAACAFSld/1979srHYf0PAAAAK1Zt/T/zf7hUVFRUZip5z1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw1/R0EtMAAADAipZ3/gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHvL3uLEoVpZrj4n9yxXT8xnandEdFTGv1QtlUcaoyXbtkRTRLT+mETjrNclEdGwxL67NkR0xqbPTz/x3VtpierP4RIPyz1i4uu8IyBPzdvyjoA8rXsg7wjI02en8o6APF2cyjsC8rT/QN4RkKd9/8s7AvL08tW8I+CD3RGxpV7+rxBrs20lC3Rz/qchyxAtzSfnIjqj69vZ++bmfwqTS+yGBUztjtgZEaU5+b9C7SkdDdXWmixV2JQMDJVLWyLizxGxMZpWpe2eBfrYu/ZC3UzPi/9Ix//kvlr+Ly1p/7VcYDWOycZVN76uv2+0b6nvm4qppyLWNdYb/2Qm/5vMk/9ddZt9vPfV/uF6+69/lI7/C+8vPP78nqZfjfhP3fM/mXlOWuseHT7ePTI2vnlouG+wNFg6WuzZXiwWe3cUe7uz+aC7NivM9ebTr9f9pv/XwWz+HzP++UnP/9aFxz+b/0fGxo/0lculEyOL7+O5DWfrfoe/cTYd/+YLdzL/NycPZgE2V/c93jc6eqInojm5b+7+rYuPeaWqfR61zysd/43r63//167/KvN/Yc78/7fqtlD5FeK8/vva5br7vzidjn/xIed/ftLx77/F+Z/ccP4vvvLY+v0b6/X9cGTXf+duff5vy4KpHcT1363d7gDlHScAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMz2awAAAP//MEf3BQ==") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x5434, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) lseek(r4, 0xfffffffffffffffc, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) getdents(r4, 0x0, 0x58) r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, &(0x7f0000000100)='0..:\x00', 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x8400ae8e, 0x0) fallocate(r0, 0x41, 0x4000, 0x1000f0) 4m22.239178027s ago: executing program 0 (id=331): epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa0000011}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000540)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0xf, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TCSBRKP(r5, 0x5425, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSW2(r6, 0x5408, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"}) ioctl$TIOCGPGRP(r5, 0x5437, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x446000, 0x40) ioctl$KDSKBLED(r7, 0x4b65, 0x9) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) 4m17.947385928s ago: executing program 0 (id=337): syz_emit_ethernet(0x46, &(0x7f0000000080)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "b33883", 0x10, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], @ndisc_ra={0xc0}}}}}}, 0x0) r0 = open(&(0x7f0000000340)='./file1\x00', 0x4000, 0x0) preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000000)={0x0, 0x6, 0x401, 0x8, 'syz0\x00', 0x9}) r1 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0x7101}) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000180)={0x0, 0x7, 0x1d}, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) gettid() timer_create(0x4, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0xffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f909, 0x8000, '\x00', @p_u32=&(0x7f0000000080)=0x411b}}) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) r3 = shmget$private(0x0, 0x800000, 0x0, &(0x7f0000173000/0x800000)=nil) shmctl$SHM_UNLOCK(r3, 0xc) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="2400000016000d190a762d7f08", 0xd}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff", 0x17}], 0x2}, 0x0) 4m2.277636929s ago: executing program 32 (id=337): syz_emit_ethernet(0x46, &(0x7f0000000080)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "b33883", 0x10, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], @ndisc_ra={0xc0}}}}}}, 0x0) r0 = open(&(0x7f0000000340)='./file1\x00', 0x4000, 0x0) preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000000)={0x0, 0x6, 0x401, 0x8, 'syz0\x00', 0x9}) r1 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0x7101}) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000180)={0x0, 0x7, 0x1d}, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) gettid() timer_create(0x4, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0xffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f909, 0x8000, '\x00', @p_u32=&(0x7f0000000080)=0x411b}}) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) r3 = shmget$private(0x0, 0x800000, 0x0, &(0x7f0000173000/0x800000)=nil) shmctl$SHM_UNLOCK(r3, 0xc) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="2400000016000d190a762d7f08", 0xd}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff", 0x17}], 0x2}, 0x0) 1m16.054233667s ago: executing program 2 (id=877): r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d2407010604000000000000e90924030000000001"], 0x0) syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, 0x0, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x500a}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f00000000c0)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x82c}}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000005c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x81, 0x1, "9a"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000380)={0x44, &(0x7f0000000140)={0x0, 0x10, 0x1, '0'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1m13.750417837s ago: executing program 2 (id=892): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYRES64, @ANYRESDEC], 0xf9, 0x2fd, &(0x7f0000000140)="$eJzs3c1PE08cx/EvD32gBNrDLz9jjHGiF43JBurdpDEQjU00QI1oYrLAVpuuLeluMDUG8OTV+Ed4INzgRqIevHLx5smLNw6aGCNRcc1ud6HQghLZgvb9SqDDznyZWdqSz2zCsnbz6f1i3tLyui2dnRHpFInLukjKbYlU3U8d4h6s6ZCo1JuXc72f3p4cHb91NZPNDo0oNZwZu5BWSvWfevHg0eLpV3bvjeX+lZispu6sfUy/X/1/9fjaj7F7BUsVLFUq20pXE+V3dnTCNNRUwSpqSl13HN0yVKH0elzE6y/butufN8vT01Wll6b6EtMVw7KUXqqqolFV0i1SqSr9rl4oKU3TVF9C8CuxhZERPeM14/sungxhQfhjlxOy4z1aqWT0LhHpaRibW2jhwgAAwBGxLf/HlZv65+vyv6fDf3SPbDiOU1/v5f/PSyJ75v8gXK5Ed8n/fr4P8r9p1PK/ZVTs38v/dlnZbv7vJv/vQ24r/zdY2mj1ahAON/8n/Pev5/HtxQGvQf4HAAAAAAAAAAAAAAAAAAAAAOBvsO44ScdxksFj8BHz/yQ8+Pqw14lw8Py3t1HlN5SKi5hPZnIzOREzUju4+bwbMiBJ+e69Hny19vCV7NDm3QZemnN+/dxMrss7lMlLQUwxZFCSkmpeP6hqttdHJFFfn5ak/Ne8Pt20Pipnz9TVa5KUN5NSFlOmvNf1Vv3soFKXrmV31Pd44wAAAAAA+BdoalOq2f5d07b1B7cCmnNHSW1/Lt7+usn1gaiIuPvrgYb9eezwThgAAAAAgDZkVR8WddM0Ki1sxEUk/Lncswv/dHr2HjN7vvU/3qPTSNYdCa4ctXwZ3fWTBheeQprr2LPnXw7uG15cPvGtWdfXg5uif/cu2flvRBpFwv3dBAAAAOBgbYX+3cc4H1q5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2k94913r8mfY684CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHv5GQAA//9oWhe8") r0 = fanotify_init(0xf00, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124) fanotify_mark(r0, 0x541, 0x4000101b, r1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) 1m13.375689414s ago: executing program 2 (id=899): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x8, r2, 0x0, 0x8, 0x1, &(0x7f0000000240)="a8", 0x1}) 1m13.162282093s ago: executing program 2 (id=902): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a09007, 0x0) pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00') 1m12.48915637s ago: executing program 2 (id=906): openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x4b, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000000)={0x0, 0x399a, 0x5, 0x1, 0x2}) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000, 0x100, 0x1}, 0x20) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, 0x0) arch_prctl$ARCH_SHSTK_ENABLE(0x5003, 0x2) arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'netdevsim0\x00', 0x0}) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) 1m12.043118701s ago: executing program 2 (id=911): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x1}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x8, 0x4, 0x5}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r2, &(0x7f00000001c0), 0x0}, 0x20) 1m11.556684755s ago: executing program 33 (id=911): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x1}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x8, 0x4, 0x5}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r2, &(0x7f00000001c0), 0x0}, 0x20) 10.66881688s ago: executing program 5 (id=1215): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x400007f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r3, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000140)={0x2, 0x80, 0x0, 0x0, 0x10, 0xfffffff2, 0xf44}, 0x20) splice(r2, 0x0, r0, 0x0, 0xffff, 0x2) 9.821252439s ago: executing program 3 (id=1218): r0 = syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file2\x00', 0x2, &(0x7f0000000000)={[{@order_relaxed}, {@errors_remount_ro}, {@discard}, {@order_strict}, {@order_strict}, {@errors_continue}, {@nobarrier}, {@norecovery}], [], 0x2c}, 0x3, 0xf28, &(0x7f0000000f40)="$eJzs3U9sHNUZAPA3a6+dxE68BgoGSkihFYGCHZJUTS9VEKhHxKV3UEhohKG0oQci/oQeEJUoRUKcKg5UXCiVUqRWAlWqUE9tT6166wn1QqsqlYJ6aaTEVTZv1rvPnux6vJ799/tJn5/fvNn5vslazsx49k0AJlat+fXo0aUshHc+efuRl57Mfnt12Z2tNQ40v2ax1wgh1Nv6WbK9z+KCyxdfPLFZm4XDza95Pzx6ofXauRDCuXAgfBoa4cOV1S8+ePfhgx+9tuvmN88+/fIO7X5Luh8AADCOzv959e/3/vNP9y9eOr//eJhtLc+PzxuxPxeP+w/FA+X8eLkWOvtZW7SbSdabilFL1ptK1ptO8kwX5Ksn26kXrDfTJd9U27LN9hMAAABGUX5e2whZbbmjX6stL18777/qs4WZbPnZ06unzgyoUAAAAKC0/77SvOlWCCGEEEIIIYQQYxxrC5teFthV+YUIAAAAYGK0zxe26UWIc/2dqau1tcbG/Jutf+Gh2uavhz7o9vPX759/+Ucr//uv+o0DAEB543o0me9Xfhydz2OQziM4lbxuq8f/tWQ701uss2hewVGZb7CozvTfdVgV1b/V93FQiupP58McVkX1p/N0Dqui+mcrrqOsovpH5Qawovp3V1xHWUX177lud3gU1T9XcR1lFdU/X3EdZRXVv7fiOsoqqn9fxXWUVVT/5rfVDp+i+hsV11FWUf2LFddRVlH9N/T28n/1s5Yyiuq/seI6yiqq/6aK6xiUO2Kb/zvsT8bbz5/Tc7pROccDAACASfc/8/8JMZ4xOwQ1CCGEEEIIIYYmXhn0BQgAAABg4PLPBeSfel+L8vGpLuPTXcbrXcZnuozPdhkHAAAAQvjd66dufStb/5z/dufDy+eNyudf2urERel8hFvNv915z7abf1TmLQMAAGCyZN/59Mp9j7z3/OKl8/uPt539Xonnu/k8oNPx2sDHsZ/fFzCf9LP8HPp4Z55awXrp9YG9Rdt7bJs7CgAAABMsP39vhKy23Hbe3Qi12vLy+vn4Uqhnp06vnjwU+/nzWf64UJ+9uvzBnrKNylPJAAAAYLysn+9vfv6fP8d3Kcxky8+eXj115lp/vrW8Xmu/LrCwvjxrvy7QSJYfLlh+JPbz53d+b2F3c/nyie+vPtnvnQcAAIAJceaFs08/sbp68oe+8c3OfHMhzgUxLPWk3+wZjjKG7ZtB/2YCAAD67fPP367/6Mj87699/n99/rv88/8HYr8R5/b7S1whv08g/xzAhs/rP96ZZ6Fovec612sk603FmE3q3tW2ndA232D+usWifI3O7cwU5JtL8s0n+dJ5CqaT9fN8+5Ll9dA5yWK+3kKyXjoP43SSI0vy3xUAAACg2Mrzzzy3cuaFsw+cfuaJp04+dfLZI4ePfevYsUMPfvPBleZ9/Svtd/cDAAAAo2j9pt9BVwIAAAAAAAAAAAAAAAAAAACTq4rHiQ16HwEAAGDS/eeVEMI5scNx7fGFg69DbD0OeO+EEGJjfPvI4GuY9fv5+pE/LHnQdYhqY2oIahAxausnXQOvpWTUh6AG0a9o/re5tpY+aR4AAABgZ12++OKJ9naDc1lf87W21rjWXIl583b+gb8tXo18tQsPdV4v2dPXaph0Vf/8yz9a+d9/tb/58z8N9v77r9a5gePl8t6z8sul9vy3TfeYP93/x8rlP5jkvyf0ln/tvST/4+Xy35vk39Nj/g37/1y5/PfF/Euxf/Du9vzZdfJ3vv+zsc33Y3eP+b+e7P+ToT3/Fva/0WPCxP0xPwBMotqgC9gh+VFCfhw9F/v5/sbDzZDe/bDV4/9asp3pbVfeud38OOiW2M+Pl+aTvLmt1j+XbG/v+lB9K3WmRuWukqL6+/U+7rSi+nt684ZAUf0zFddRVlH9sxXXUVZR/bsqrqOsovp7PQ8dtKL6R+W6clH9cxXXUVZR/fMV11FWUf17K66jrKL691VcR1lF9S9UXEdZRfWXvKxWuaL6Fyuuo6yi+m+ouI6yiuq/seI6yiqq/6aK6xiU22NbdD6cn38uxLG830j6s5v8W47rtQUAAAAYNf82/5+YiDj407WmQdchxAjE7iGoQQghhBBiPOIH3xh8Da1ong8xsXb208wADCu//yeb93+yef8nm/ef68nv4c+Sfm6qy/h0l/F6l/GZZDz9eZ3tMn5jst21tdZfgZtu6jL+pS7j+7qM39JlfKnL+K1dxm/rMn57l3EAAAAmw82xdX4IAAAA4+ulX338xm/uefzi4qXz+4+HmQ3zzh+K/dn4t/XXYz+d9z5Xj3/z/3Hs/yK2f4jtP5L13X8CAAAAOy9/Toy//wMAAMD4yp9T6vwfAAAAxtdibJ3/AwAAwPi6IbbO/wEAAGCMZbs2Xxzb/LrAXbHtdV4/AGD4fTm2d8R2f2zvjO1XYpsfB9wd269WVB8A0D8//+5Pjr2Vrc/3fyQZvxyX5+0G565dKchqnTP5747tnth+rcd60ucB9Jo/t6/HPDuVf2Gb+QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA8VFrfj16dCkL4Z1P3n7kZzNv/PXqsjtbaxxofs1irxFCqLdel4+u938dV7x88cUT7e2V2GbhcMhC1loeHr3QyjQXQjgXDoRPQyN8uLL6xQfvPnzwo9d23fzm2adf3sF/go79AwAAgHH0/wAAAP//xw8d7w==") r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x40) r2 = socket(0x8000000010, 0x2, 0x0) write(r2, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$BLKRASET(r1, 0x1262, &(0x7f00000000c0)=0xffffffffffffff80) r3 = fcntl$getown(r0, 0x9) r4 = syz_open_procfs(r3, &(0x7f0000000100)='net\x00') close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) fgetxattr(r4, &(0x7f0000000140)=@known='system.posix_acl_access\x00', &(0x7f0000000180)=""/28, 0x1c) ioctl$SCSI_IOCTL_GET_PCI(r5, 0x5393, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000030c0), 0x0) pread64(r4, &(0x7f0000002240)=""/237, 0xfecf, 0x4eb) 9.647869616s ago: executing program 5 (id=1221): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioprio_set$uid(0x3, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x601c2, 0x0) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendfile(r1, r0, 0x0, 0x578410e9) 9.451667326s ago: executing program 5 (id=1222): openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x15, 0x5, 0x0) getsockopt(r3, 0x200000000114, 0x2710, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) 8.520519987s ago: executing program 1 (id=1223): mknodat(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_rdma(0x10, 0x3, 0x14) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x32ab60b1caec533c, 0xffffffffffffffff, 0x3000) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000000c0)=0x3) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000000)) read$dsp(r3, &(0x7f0000000280)=""/85, 0x55) 7.88048105s ago: executing program 3 (id=1225): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "193c434c8370fe93", "c52eee4199babfc0f8fc09b69a8d0f00005e35dca46a0ca7096be938ffc600", "715d70a4", "a66abe38fdd95990"}, 0x38) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff004) 7.852480507s ago: executing program 4 (id=1226): openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x4, 0x100, 0x10004, 0x2c}, 0x50) 7.583343289s ago: executing program 5 (id=1227): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) ioctl$XFS_IOC_AG_GEOMETRY(r0, 0xc080583d, &(0x7f0000000280)={0x2, 0x7, 0x1, 0x2, 0x6f2a, 0xa, 0xaf7, 0x1}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x800, 0x0, 0x400250}, &(0x7f0000000340)=0x0, &(0x7f00000002c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_setup(0x10a, &(0x7f0000000680)={0x0, 0x80334c, 0x10, 0x3, 0x3d3}, &(0x7f0000000200)=0x0, &(0x7f0000000240)) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) syz_io_uring_submit(r5, r4, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100, 0x23456}) io_uring_enter(r2, 0x627, 0xc1040000, 0x43, 0x0, 0x0) 6.413883561s ago: executing program 6 (id=1229): mount$fuse(0x0, 0x0, &(0x7f0000000180), 0x1001420, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0xa00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0) recvmsg$unix(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@cred={{0x1c}}], 0x20}, 0x2142) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x4000000e42, 0x9, 0xffffffffffffffff, 0xfffffffffffffff9, 0x10000, 0x3, 0x4002004c2, 0x100000007ff, 0xf, 0xcb6, 0x10000000000400, 0x8, 0x7, 0x0, 0x8, 0x8b], 0x58000, 0x240046}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.032309162s ago: executing program 6 (id=1230): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR={0xa, 0x9, @dev}]}}}]}, 0x40}}, 0x0) syz_io_uring_setup(0x235, &(0x7f0000001240)={0x0, 0x10008cc8, 0x10100, 0x2, 0x75}, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x2a, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000c800) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000a00000018000480130001"], 0x2c}}, 0x0) 5.815876687s ago: executing program 4 (id=1231): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b922, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xe, 0xb}, {0x9, 0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x10, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r6, &(0x7f0000002400)="80", 0x1, 0x200000c1, &(0x7f00000001c0)={0x11, 0x88a8, r5, 0x1, 0x3}, 0x14) 5.229741043s ago: executing program 5 (id=1232): openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f00000006c0)}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xc45, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x3, 0x4002004c2, 0x7ff, 0x9, 0x3, 0x400, 0x80, 0x89, 0x0, 0x3, 0x8d], 0x100000, 0x100}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.228519049s ago: executing program 3 (id=1233): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) r2 = dup(r1) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x48, 0xff}, 0x9c) sendmmsg$inet(r0, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000180)="f165", 0x2}], 0x1}}], 0x1, 0x4000001) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 5.12714297s ago: executing program 5 (id=1234): bind$netlink(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x40, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r2, 0x0, 0xa0028000}, 0x38) 5.073404115s ago: executing program 6 (id=1235): syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, 0x0, 0x0) socket(0x1, 0x1, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = open(&(0x7f0000000280)='.\x00', 0x20000, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c00000003080102000000074441980000000000050003"], 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(r1, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) r4 = openat$cgroup_ro(r1, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r6, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r0], 0x4}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendfile(r5, r4, 0x0, 0x100000002) 4.942218819s ago: executing program 1 (id=1236): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x34, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xffe0}, {0x10, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x4040004) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@delchain={0x44, 0x2c, 0xf31, 0x70bd27, 0x2000, {0x0, 0x0, 0x0, r6, {0x8}, {0xfff2, 0xffff}, {0xffff, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @multicast1}, @TCA_FLOWER_CLASSID={0x8, 0x1, {0xb, 0x7}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008854}, 0x4010) 4.928502386s ago: executing program 6 (id=1237): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0) mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r1 = creat(&(0x7f0000000580)='./file1\x00', 0x0) r2 = fanotify_init(0xf00, 0x1) fanotify_mark(r2, 0x105, 0x40009975, r1, 0x0) fallocate(r0, 0x0, 0x1000000, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) 4.130238953s ago: executing program 3 (id=1238): socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000040)='./file0\x00', 0x149040, 0x2) syz_open_procfs(0x0, &(0x7f0000000200)='uid_map\x00') openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) pipe2$9p(&(0x7f0000000240), 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000012c0)=ANY=[@ANYRES8=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r1, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x541c, &(0x7f0000000000)) 4.056240926s ago: executing program 6 (id=1239): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r1, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x38, 0x2, {{0x5, 0x29, 0x80, 0x9, 0xffffffff, 0x91b1}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x4e, 0x24b, 0x4, 0xffffff01, 0x8000000}}]}]}}}]}, 0x68}}, 0x0) r4 = socket$inet6(0xa, 0x3, 0x2) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e25, 0x0, @empty, 0x7}, 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x0) 3.957631143s ago: executing program 4 (id=1240): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, 0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) recvmsg$can_raw(r1, 0x0, 0x2106) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) io_uring_setup(0x549c, 0x0) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000100)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r2, 0x1, 0x70bd22, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x240008d1}, 0x8000) 3.875793988s ago: executing program 1 (id=1241): openat$iommufd(0xffffffffffffff9c, 0x0, 0x40102, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r1, &(0x7f0000048040)=""/102392, 0x18ff8) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 3.793262799s ago: executing program 3 (id=1242): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000308", 0x30, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b52ab", 0x0, 0x2b, 0x0, @private0, @private0}}}}}}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000000000000001}) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.784622395s ago: executing program 4 (id=1243): r0 = add_key$keyring(0x0, &(0x7f0000000ac0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000380)='asymmetric\x00', &(0x7f0000000180)) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) 2.596911648s ago: executing program 4 (id=1244): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xbf5ce000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000018c0)=ANY=[@ANYBLOB="0a000000d2cf00003d36000002"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000180), 0x3, r3}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000380)={r3, &(0x7f0000001940), &(0x7f00000002c0)=""/187}, 0x20) 2.556904607s ago: executing program 1 (id=1245): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) semctl$SEM_STAT(0x0, 0x2, 0x12, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) msgget$private(0x0, 0x500) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', 0x0}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r2}, 0x90) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x34}}, 0x4008000) ioctl$VIDIOC_G_CROP(0xffffffffffffffff, 0xc014563b, &(0x7f0000000080)={0x0, {0x1, 0x9, 0x6, 0x9}}) 1.383570472s ago: executing program 4 (id=1246): mknodat(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_rdma(0x10, 0x3, 0x14) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x32ab60b1caec533c, 0xffffffffffffffff, 0x3000) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000000c0)=0x3) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000000)) read$dsp(r3, &(0x7f0000000280)=""/85, 0x55) 1.370262022s ago: executing program 3 (id=1247): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=@newqdisc={0x838, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x80c, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x8, 0x200006, 0xd, 0x400, 0x0, 0x3, 0x5, 0x10000, 0x7, 0x4, 0x81, 0x0, 0x8, 0x0, 0x9, 0x5, 0xc0000, 0x8001, 0x1, 0x2000, 0x1, 0x8da5, 0x1, 0x4, 0x2, 0x6, 0x58, 0x7, 0x6f, 0x8, 0x3, 0x4, 0x9, 0x1000, 0x4, 0x9, 0x6, 0x80000001, 0x3, 0x1, 0xd4, 0x100, 0xa, 0xfff, 0x8, 0x9, 0x7, 0x7fffffff, 0xf4b3, 0x1, 0x0, 0x8, 0x8, 0x6, 0xd815, 0xfffffff9, 0x2, 0x401, 0x9, 0x36, 0xf, 0x74, 0xbbc, 0x9, 0x0, 0x6, 0x8, 0x5, 0x1000, 0xb, 0x5, 0x5, 0x4e3, 0x200, 0x0, 0x9, 0x8001, 0x2, 0x1000, 0x7fffffff, 0x46a3, 0x6, 0x2, 0x1dd50645, 0x401, 0x5, 0x101, 0xbf, 0x0, 0x9, 0x3, 0x65, 0xffffff13, 0x2, 0x30, 0x1a3f, 0x2, 0x389c, 0x4, 0x3, 0x3ff, 0x4, 0x4, 0x6, 0xf3bb, 0x1ff, 0x8, 0xf, 0xb, 0x401, 0x4, 0x1000, 0x4, 0x8, 0x1, 0x7ff, 0x7fff, 0x8, 0x408, 0x3ff, 0x4, 0x1, 0xffff, 0x7fff, 0x2, 0xa, 0x1, 0xfff, 0x0, 0xfffffffe, 0x4, 0x0, 0x101, 0x78f1, 0xf, 0x7, 0x0, 0x3, 0xf1c7, 0x100, 0x3, 0x4, 0xfffffffe, 0xffffff7f, 0x7, 0x0, 0x6, 0xd, 0x3, 0xa, 0x8, 0x200, 0x0, 0x400, 0x9, 0x6, 0x132f, 0xaba3, 0x1, 0x3, 0x1, 0x2, 0x6f788000, 0xc, 0x1ff, 0x40, 0x8, 0x3, 0x2, 0x1, 0x0, 0x71, 0xb13, 0x4, 0xbc5, 0x0, 0x7, 0xffff, 0x100, 0x7b58, 0x1, 0x807, 0x1ff, 0x3, 0x400, 0x80000000, 0x1040, 0x3, 0xfffffffa, 0x9a5, 0x8, 0x5, 0x1, 0x9, 0x3, 0x9, 0x7, 0x3, 0x1, 0x101, 0x2, 0x6, 0x598f, 0x5, 0x8e, 0x0, 0xa, 0x9, 0x1000, 0x8, 0xd00f, 0x2, 0x1, 0x7, 0x2a, 0x7, 0x100, 0x24e, 0xbd, 0x2, 0x2800000, 0x807, 0x0, 0x401, 0x6, 0x2, 0x9, 0x7039, 0x4, 0x1, 0x9, 0x1, 0xb18, 0x7, 0xfffffffe, 0x26e, 0x6, 0x5c, 0x8, 0x100, 0x3ff, 0x1, 0x0, 0xb, 0x10000, 0x8, 0x6, 0x2, 0x6, 0x7, 0x2, 0x7ff, 0x1, 0x4, 0x8001, 0x3]}, @TCA_TBF_RTAB={0x404, 0x2, [0x54, 0x0, 0x3, 0xfffeffff, 0x5, 0xd77, 0x57dc, 0x8, 0x5, 0x10, 0x9ae, 0xb, 0x0, 0x6, 0x2, 0x7, 0x7, 0x1, 0x4, 0x8, 0x5, 0xb5, 0x0, 0x337, 0x9, 0x6, 0x800, 0x9, 0x4, 0x7, 0x1, 0x8, 0x5399, 0x101, 0x8, 0x400, 0x2, 0x0, 0x3, 0x6, 0x1, 0x9, 0x4, 0x2, 0x186, 0x3, 0x8, 0x1000, 0x26, 0x9, 0x9, 0x10001, 0xa7a, 0x2, 0x7, 0x8000, 0xffffff25, 0x8, 0xffff8000, 0x7, 0x6, 0x101, 0x3, 0xa, 0x3, 0x3, 0x5c, 0x3, 0xffffff80, 0x16f, 0x0, 0xf, 0xf47d, 0x4, 0x5, 0x1, 0x800, 0x9, 0x7500000, 0x80e, 0x5, 0x0, 0x7ff, 0x4, 0x6, 0xa, 0xc61, 0x9, 0x0, 0x8001, 0x5, 0x80000001, 0x308a, 0x2, 0x4, 0x80000001, 0x9, 0x7, 0x2, 0x56c4, 0x7f, 0x8, 0x7, 0x6, 0x7, 0x0, 0xa02, 0x3, 0xffffffff, 0x3, 0xfffffff7, 0x10001, 0x7, 0x8, 0x81, 0x5, 0x7, 0x2, 0x8, 0x1f36, 0x7fffffff, 0x81, 0xff, 0x8d4, 0x1, 0x8, 0x7fff, 0x4, 0xfffffffb, 0x62, 0x3, 0xfffff639, 0x30, 0x8, 0x0, 0xbfb, 0x1, 0xffff, 0x9, 0x5, 0x10, 0x9, 0xab8, 0x5b7bc809, 0x0, 0x5, 0xc, 0x7, 0x7fff, 0x9, 0x240, 0x1ff, 0x20000, 0xffffffff, 0x9, 0xab84, 0x4, 0xd8, 0x9, 0x11, 0xfffffff9, 0x6, 0x4, 0xfffffff5, 0xca, 0xffffff7f, 0x3, 0x7, 0x8, 0x8000, 0x7, 0x18, 0x9, 0x9, 0xde2, 0x101, 0x3, 0x10001, 0xc5f4, 0xa, 0x5, 0x1, 0x7fff, 0x1ff, 0x0, 0xff, 0x6, 0x7, 0x81, 0x1000, 0x1, 0x8, 0x2, 0x5, 0x3, 0x0, 0x2, 0x0, 0x80000001, 0x4, 0x6, 0x5, 0x101, 0xa9f, 0x7, 0x9, 0xd, 0x3, 0x5af, 0x64000000, 0x3ff, 0x9, 0x65, 0x7ff, 0x3, 0x3, 0x8000, 0x7f, 0x2, 0x6, 0x8, 0x5, 0xc, 0x7f, 0x95, 0x31a, 0x800, 0x6, 0x0, 0x1, 0x80000000, 0x4, 0x5, 0x6, 0x400, 0x1, 0x8d000000, 0x4890, 0x5, 0x5, 0x8, 0xb, 0x0, 0x7, 0x7, 0x1c7, 0x217, 0x4db4, 0x3b0, 0xef, 0x394, 0x3, 0x800, 0x3, 0x4, 0x80]}]}}]}, 0x838}, 0x1, 0x0, 0x0, 0x40098}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r7, &(0x7f0000000200)="2478546ca4fa3b0bfe4ddf30cc5a", 0xe, 0x4000050, &(0x7f00000001c0)={0x11, 0xf7, r6, 0x1, 0xd8, 0x6, @multicast}, 0x14) 1.196740946s ago: executing program 1 (id=1248): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) listen(0xffffffffffffffff, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet6_buf(r3, 0x29, 0xcd, 0x0, 0x0) 891.892053ms ago: executing program 6 (id=1249): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2711}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000d40)=ANY=[@ANYRES32=0x0, @ANYBLOB="096b0200000000002c00128009000100626f6e64000000001c00028006001900ff0300000800090001000000080007000000000014003500626f6e6430"], 0x60}, 0x1, 0x0, 0x0, 0x20004040}, 0x4000054) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x100, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040e0402030c"], 0x7) ioctl$XFS_IOC_GETPARENTS_BY_HANDLE(r3, 0xc040583f, &(0x7f00000001c0)={{@align=0x6, {0x3, 0xf801, 0xd6, 0x6}}, {{[0xffff, 0x4, 0x6]}, 0x0, 0x3, 0x5, 0x0, 0x0}}) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]}) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x6, 0x40}, {0xffff1000, 0x10000, 0xc, 0xeb, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0xeeee0000, 0x1000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x45, 0x3, 0x0, 0xfc}, {0x1, 0x0, 0x10, 0x4, 0x1, 0x0, 0x9, 0x0, 0x3, 0x0, 0x4}, {0x6000, 0xffff1000, 0x9, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x3c}, {0xffff1000, 0x0, 0x0, 0x78, 0x5, 0x0, 0x2, 0x1c, 0xa3, 0xff, 0x5}, {0x0, 0x2000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x28}, {0x0, 0x6000, 0x4, 0x0, 0x0, 0x74, 0x8, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0xfa87}, {0xdddd1000, 0xfffd}, 0xddf8ffdb, 0x0, 0x0, 0x120, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1, 0xfffffffffffffffe]}) 0s ago: executing program 1 (id=1250): bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000140), 0x0}, 0x20) sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x410cd}, 0x400c084) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000080000", @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000037f8"], 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)="ef", 0x0}, 0x50) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) kernel console output (not intermixed with test programs): 35][ T8497] loop2: detected capacity change from 0 to 64 [ 375.279904][ T8499] capability: warning: `syz.5.543' uses 32-bit capabilities (legacy support in use) [ 375.380897][ T8497] hfs: request for non-existent node -252 in B*Tree [ 375.442290][ T6039] udevd[6039]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 375.484951][ T8497] hfs: request for non-existent node -252 in B*Tree [ 375.760627][ T5922] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 375.797711][ T8512] netlink: 32 bytes leftover after parsing attributes in process `syz.5.547'. [ 375.886631][ T8515] IPVS: set_ctl: invalid protocol: 2 10.1.1.1:20000 [ 375.955048][ T5922] usb 4-1: config 1 has an invalid interface number: 7 but max is 0 [ 375.981216][ T5922] usb 4-1: config 1 has no interface number 0 [ 376.001932][ T5922] usb 4-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 376.031993][ T5922] usb 4-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0x24, changing to 0x4 [ 376.062371][ T5922] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 608 [ 376.084757][ T5922] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 376.115532][ T5922] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 376.128116][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.144540][ T5922] usb 4-1: Product: syz [ 376.150536][ T5922] usb 4-1: Manufacturer: syz [ 376.155281][ T5922] usb 4-1: SerialNumber: syz [ 376.174058][ T8504] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 376.187347][ T8504] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 376.203305][ T5922] usb 4-1: Expected 3 endpoints, found: 2 [ 376.230216][ T8526] loop1: detected capacity change from 0 to 4096 [ 376.340793][ T8526] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 376.359331][ T8526] ntfs3(loop1): Failed to load $Extend (-22). [ 376.377407][ T8526] ntfs3(loop1): Failed to initialize $Extend. [ 376.464532][ T10] usb 4-1: USB disconnect, device number 5 [ 376.544087][ T8526] ntfs3(loop1): ino=21, The size of extended attributes must not exceed 64KiB [ 376.712530][ T8528] comedi comedi4: bad chanlist[0]=0x00000a85 chan=2693 range length=2 [ 376.836713][ T8534] loop1: detected capacity change from 0 to 64 [ 376.864884][ T8534] hfs: request for non-existent node -252 in B*Tree [ 376.873975][ T8534] hfs: request for non-existent node -252 in B*Tree [ 377.042927][ T8544] netlink: 8 bytes leftover after parsing attributes in process `syz.5.563'. [ 377.065612][ T8544] 8021q: adding VLAN 0 to HW filter on device bond0 [ 377.073033][ T8542] loop2: detected capacity change from 0 to 1024 [ 377.086549][ T8544] team0: Port device bond0 added [ 377.101811][ T8544] bridge0: port 3(team0) entered blocking state [ 377.109261][ T8544] bridge0: port 3(team0) entered disabled state [ 377.116678][ T8544] team0: entered allmulticast mode [ 377.123079][ T8544] team_slave_0: entered allmulticast mode [ 377.150971][ T8544] team_slave_1: entered allmulticast mode [ 377.197394][ T8544] bond0: entered allmulticast mode [ 377.224365][ T8544] bond_slave_0: entered allmulticast mode [ 377.245921][ T8544] bond_slave_1: entered allmulticast mode [ 377.414674][ T8544] team0: entered promiscuous mode [ 377.445096][ T8544] team_slave_0: entered promiscuous mode [ 377.484799][ T8544] team_slave_1: entered promiscuous mode [ 377.542928][ T8544] bond0: entered promiscuous mode [ 377.549974][ T8544] bond_slave_0: entered promiscuous mode [ 377.564907][ T8544] bond_slave_1: entered promiscuous mode [ 377.923505][ T8561] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 378.100351][ T8544] bridge0: port 3(team0) entered blocking state [ 378.108229][ T8544] bridge0: port 3(team0) entered forwarding state [ 378.193758][ T8563] bond0: entered promiscuous mode [ 378.199809][ T5840] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 378.240945][ T8563] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.574418][ T8579] comedi: No check for data length of config insn id 4 is implemented [ 378.582843][ T8579] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c [ 378.603058][ T8579] comedi: Assuming n=15 is correct [ 378.878662][ T8582] can0: slcan on ttyS3. [ 379.940722][ T8582] can0 (unregistered): slcan off ttyS3. [ 380.046041][ T5840] Bluetooth: hci5: command 0x0405 tx timeout [ 380.560633][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 380.567341][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.840973][ T5857] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 380.940107][ T8598] loop1: detected capacity change from 0 to 512 [ 380.953631][ T8598] EXT4-fs: Ignoring removed nomblk_io_submit option [ 381.342375][ T5857] usb 4-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 381.383800][ T8598] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8857e02c, mo2=0002] [ 381.441833][ T8598] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.581: invalid indirect mapped block 2683928664 (level 1) [ 381.455972][ T8598] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 381.466804][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 381.482529][ C1] EXT4-fs (loop1): initial error at time 1774553810: ext4_free_branches:1023: inode 11 [ 381.492257][ C1] EXT4-fs (loop1): last error at time 1774553810: ext4_free_branches:1023: inode 11 [ 381.544029][ T5857] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.572428][ T5857] usb 4-1: Product: syz [ 381.580845][ T5857] usb 4-1: Manufacturer: syz [ 381.590499][ T5857] usb 4-1: SerialNumber: syz [ 381.640059][ T8598] EXT4-fs (loop1): Remounting filesystem read-only [ 381.653123][ T8598] EXT4-fs (loop1): 1 truncate cleaned up [ 381.670567][ T8598] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 381.808484][ T8597] EXT4-fs warning (device loop1): ext4_empty_dir:3087: inode #2: comm syz.1.581: directory missing '.' [ 382.501736][ T8603] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.522776][ T8603] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.530027][ T8603] bridge0: port 1(bridge_slave_0) entered forwarding state [ 382.568475][ T5857] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x04B8 pid 0x0202 [ 382.584886][ T8611] netlink: 56 bytes leftover after parsing attributes in process `syz.2.586'. [ 382.612046][ T5857] usb 4-1: USB disconnect, device number 6 [ 382.623393][ T5857] usblp0: removed [ 382.734398][ T5840] Bluetooth: hci4: unexpected event for opcode 0x1407 [ 382.777708][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 384.489040][ T8662] netlink: 76 bytes leftover after parsing attributes in process `syz.1.608'. [ 384.514470][ T8665] netlink: 'syz.4.609': attribute type 1 has an invalid length. [ 385.080410][ T8689] loop1: detected capacity change from 0 to 256 [ 385.502054][ T5840] Bluetooth: hci5: Malformed LE Event: 0x1b [ 385.656942][ T8708] loop2: detected capacity change from 0 to 1024 [ 385.665460][ T8708] EXT4-fs: Ignoring removed bh option [ 385.673921][ T8708] ext4: Bad value for 'init_itable' [ 385.955899][ T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 386.160810][ T10] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 101 [ 386.204827][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 386.231925][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 386.248573][ T8730] netlink: 220 bytes leftover after parsing attributes in process `syz.1.640'. [ 386.269008][ T8730] netlink: 16 bytes leftover after parsing attributes in process `syz.1.640'. [ 386.295078][ T10] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 386.309352][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.339495][ T10] usb 3-1: Product: syz [ 386.343869][ T10] usb 3-1: Manufacturer: syz [ 386.356439][ T10] usb 3-1: SerialNumber: syz [ 386.402959][ T10] usb 3-1: config 0 descriptor?? [ 386.427735][ T10] usb-storage 3-1:0.0: USB Mass Storage device detected [ 386.487947][ T10] usb-storage 3-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 386.792075][ T5914] usb 3-1: USB disconnect, device number 4 [ 386.842116][ T808] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 386.937950][ T8722] loop4: detected capacity change from 0 to 32768 [ 387.019453][ T808] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30 [ 387.036859][ T8722] (syz.4.636,8722,0):ocfs2_verify_volume:2303 ERROR: found superblock with bad version: found 0.19034, should be 0.90 [ 387.050866][ T8722] (syz.4.636,8722,0):ocfs2_verify_volume:2331 ERROR: status = -22 [ 387.059817][ T8722] (syz.4.636,8722,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 387.065189][ T808] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 387.093475][ T8722] (syz.4.636,8722,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 387.103522][ T808] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 387.164776][ T808] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 387.215163][ T808] usb 2-1: config 0 interface 0 has no altsetting 0 [ 387.242908][ T808] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00 [ 387.258478][ T8722] gfs2: error -5 reading superblock [ 387.266043][ T808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.302654][ T808] usb 2-1: config 0 descriptor?? [ 389.352475][ T8765] loop4: detected capacity change from 0 to 256 [ 389.707923][ T808] hid-alps 0003:044E:120C.0001: unknown main item tag 0x6 [ 390.131536][ T808] hid-alps 0003:044E:120C.0001: hidraw0: USB HID v0.04 Device [HID 044e:120c] on usb-dummy_hcd.1-1/input0 [ 390.134271][ T8781] loop2: detected capacity change from 0 to 164 [ 390.343558][ T808] usb 2-1: USB disconnect, device number 5 [ 390.461865][ T8782] fido_id[8782]: Failed to read report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:044E:120C.0001/report_descriptor': No such device [ 390.979891][ T8798] loop2: detected capacity change from 0 to 64 [ 392.510652][ T30] audit: type=1800 audit(1774553821.230:40): pid=8798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.666" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 393.234260][ T5922] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 393.346886][ T8816] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 393.443846][ T8816] loop3: detected capacity change from 0 to 512 [ 393.462322][ T8816] EXT4-fs (loop3): Test dummy encryption mode enabled [ 393.469355][ T8816] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 393.585155][ T5922] usb 3-1: Using ep0 maxpacket: 32 [ 394.009170][ T5922] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 394.022773][ T8816] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.656: bad orphan inode 131083 [ 394.033332][ T8816] loop3: lost filesystem error report for type 5 error -117 [ 394.033669][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 394.047538][ C0] EXT4-fs (loop3): initial error at time 1774553822: ext4_orphan_get:1417 [ 394.056085][ C0] EXT4-fs (loop3): last error at time 1774553822: ext4_orphan_get:1417 [ 394.205562][ T8816] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 394.229130][ T5922] usb 3-1: config 0 has no interface number 0 [ 394.443980][ T5922] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 394.459048][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.471826][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 394.537061][ T5922] usb 3-1: Product: syz [ 394.584112][ T5922] usb 3-1: Manufacturer: syz [ 394.610194][ T5922] usb 3-1: SerialNumber: syz [ 394.647843][ T5922] usb 3-1: config 0 descriptor?? [ 394.733164][ T5922] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 394.789008][ T5922] usb 3-1: selecting invalid altsetting 1 [ 394.814323][ T5922] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 394.909201][ T5922] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 394.944826][ T5922] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 394.978767][ T5922] usb 3-1: media controller created [ 395.102828][ T5922] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 397.007205][ T8811] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 397.240992][ T8851] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 397.294513][ T8851] loop1: detected capacity change from 0 to 512 [ 397.305143][ T8851] EXT4-fs (loop1): Test dummy encryption mode enabled [ 397.312030][ T8851] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 397.343115][ T8851] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.683: bad orphan inode 131083 [ 397.353527][ T8851] loop1: lost filesystem error report for type 5 error -117 [ 397.354902][ T8851] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 397.402669][ T5922] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 397.495136][ T5922] zl10353_read_register: readreg error (reg=127, ret==-32) [ 397.670784][ T5922] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 397.672429][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 397.747870][ T8860] loop2: detected capacity change from 0 to 512 [ 397.772141][ T8860] EXT4-fs: Ignoring removed oldalloc option [ 397.807104][ T8860] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.688: invalid block [ 397.813502][ T8858] loop3: detected capacity change from 0 to 4096 [ 397.831086][ T8860] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 397.832789][ T8860] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.688: invalid indirect mapped block 4294967295 (level 1) [ 397.842297][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 397.842321][ C1] EXT4-fs (loop2): initial error at time 1774553826: ext4_get_branch:178: inode 11: block 4294967295 [ 397.842358][ C1] EXT4-fs (loop2): last error at time 1774553826: ext4_get_branch:178: inode 11: block 4294967295 [ 397.886191][ T8860] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 397.890200][ T8860] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.688: invalid indirect mapped block 4294967295 (level 1) [ 397.973935][ T8860] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 398.007084][ T8860] EXT4-fs (loop2): 2 truncates cleaned up [ 398.125660][ T5922] usb 3-1: USB disconnect, device number 5 [ 398.126145][ T5840] Bluetooth: hci3: ACL packet for unknown connection handle 205 [ 398.503980][ T8860] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 398.549896][ T8864] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 398.556551][ T8864] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 398.566339][ T8867] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 398.597393][ T8864] vhci_hcd vhci_hcd.0: Device attached [ 398.648271][ T8858] syz.3.686: attempt to access beyond end of device [ 398.648271][ T8858] loop3: rw=0, sector=8589934592, nr_sectors = 2 limit=4096 [ 398.687675][ T8866] vhci_hcd: connection closed [ 398.687996][ T6826] vhci_hcd vhci_hcd.1: stop threads [ 398.708185][ T8858] NILFS (loop3): I/O error reading data block for GC (ino=9, vblocknr=42075) [ 398.721626][ T6826] vhci_hcd vhci_hcd.1: release socket [ 398.733442][ T6826] vhci_hcd vhci_hcd.1: disconnect device [ 398.742209][ T8858] NILFS (loop3): error -5 preparing GC: cannot read source blocks [ 398.744243][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 398.789012][ T5914] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 399.390570][ T8890] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 399.488412][ T8890] loop3: detected capacity change from 0 to 512 [ 399.526392][ T8890] EXT4-fs (loop3): Test dummy encryption mode enabled [ 399.533292][ T8890] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 399.755586][ T8890] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.699: bad orphan inode 131083 [ 399.766026][ T8890] loop3: lost filesystem error report for type 5 error -117 [ 399.794889][ T8890] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 400.251237][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 400.314114][ T8895] capability: warning: `syz.5.701' uses deprecated v2 capabilities in a way that may be insecure [ 400.552207][ T1670] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 401.644438][ T1670] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 401.663497][ T1670] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.680827][ T1670] usb 2-1: config 0 descriptor?? [ 401.933309][ T808] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 401.943765][ T8886] loop2: detected capacity change from 0 to 40427 [ 401.979761][ T8886] F2FS-fs (loop2): invalid crc value [ 402.009419][ T8910] loop3: detected capacity change from 0 to 64 [ 402.034483][ T8910] hfs: request for non-existent node -252 in B*Tree [ 402.041265][ T8910] hfs: request for non-existent node -252 in B*Tree [ 402.124058][ T808] usb 5-1: Using ep0 maxpacket: 16 [ 402.188783][ T808] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 402.236159][ T808] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.261656][ T808] usb 5-1: Product: syz [ 402.273756][ T808] usb 5-1: Manufacturer: syz [ 402.289560][ T808] usb 5-1: SerialNumber: syz [ 402.359312][ T808] usb 5-1: config 0 descriptor?? [ 402.388015][ T808] visor 5-1:0.0: Sony Clie 3.5 converter detected [ 402.432915][ T5914] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 402.441014][ T1670] usb 2-1: Cannot set autoneg [ 402.474543][ T8886] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 402.557606][ T8886] F2FS-fs (loop2): Start checkpoint disabled! [ 402.627949][ T5914] usb 4-1: Using ep0 maxpacket: 32 [ 402.655149][ T5914] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 402.676369][ T8886] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 402.689403][ T5914] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 402.727306][ T5914] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 402.756414][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.797120][ T5914] usb 4-1: Product: syz [ 402.811922][ T5914] usb 4-1: Manufacturer: syz [ 402.831129][ T5914] usb 4-1: SerialNumber: syz [ 402.854364][ T808] usb 5-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 402.868494][ T5914] usb 4-1: config 0 descriptor?? [ 402.892587][ T1670] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 402.963773][ T1670] usb 2-1: USB disconnect, device number 6 [ 403.045134][ T5914] usb 5-1: USB disconnect, device number 7 [ 403.144798][ T5914] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 403.187258][ T5914] visor 5-1:0.0: device disconnected [ 403.279137][ T8922] veth3: entered promiscuous mode [ 403.284559][ T8922] veth3: entered allmulticast mode [ 403.307248][ T8922] team0: Port device veth3 added [ 403.389090][ T8925] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 403.473203][ T8925] loop1: detected capacity change from 0 to 512 [ 403.520279][ T8925] EXT4-fs (loop1): Test dummy encryption mode enabled [ 403.527476][ T8925] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 404.039643][ T8925] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.712: bad orphan inode 131083 [ 404.050580][ T8925] loop1: lost filesystem error report for type 5 error -117 [ 404.057114][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 404.071021][ C1] EXT4-fs (loop1): initial error at time 1774553832: ext4_orphan_get:1417 [ 404.079602][ C1] EXT4-fs (loop1): last error at time 1774553832: ext4_orphan_get:1417 [ 404.173759][ T8925] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 404.388076][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 404.661232][ T8939] IPVS: set_ctl: invalid protocol: 2 10.1.1.1:20000 [ 404.981822][ T1670] usb 4-1: USB disconnect, device number 7 [ 405.619565][ T8954] loop1: detected capacity change from 0 to 256 [ 405.702848][ T8957] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 405.781795][ T8957] loop4: detected capacity change from 0 to 512 [ 405.803857][ T8957] EXT4-fs (loop4): Test dummy encryption mode enabled [ 405.811087][ T8957] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 405.882743][ T8954] exfat: Deprecated parameter 'utf8' [ 405.986481][ T8954] exfat: Deprecated parameter 'utf8' [ 406.032622][ T8957] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.724: bad orphan inode 131083 [ 406.043748][ T8957] loop4: lost filesystem error report for type 5 error -117 [ 406.044702][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 406.058628][ C1] EXT4-fs (loop4): initial error at time 1774553833: ext4_orphan_get:1417 [ 406.067190][ C1] EXT4-fs (loop4): last error at time 1774553833: ext4_orphan_get:1417 [ 406.242444][ T8957] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 406.595441][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 406.677569][ T8954] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 406.821930][ T8967] loop4: detected capacity change from 0 to 1024 [ 407.865388][ T8974] loop2: detected capacity change from 0 to 2048 [ 407.963980][ T8978] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 408.199544][ T30] audit: type=1800 audit(1774553835.912:41): pid=8974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.731" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 408.336043][ T8951] loop3: detected capacity change from 0 to 32768 [ 408.368492][ T8951] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 408.381055][ T8991] IPVS: set_ctl: invalid protocol: 2 10.1.1.1:20000 [ 408.437281][ T8951] XFS (loop3): Ending clean mount [ 408.873198][ T8981] loop4: detected capacity change from 0 to 40427 [ 408.884993][ T8981] F2FS-fs (loop4): build fault injection rate: 771 [ 408.904587][ T8981] F2FS-fs (loop4): invalid crc value [ 409.012937][ T8978] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 409.026568][ T8981] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 409.039076][ T8978] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4) [ 409.079613][ T8981] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 409.095528][ T5835] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 409.103173][ T8978] Remounting filesystem read-only [ 409.138655][ T5844] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer [ 409.302392][ T5841] syz-executor: attempt to access beyond end of device [ 409.302392][ T5841] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 409.333546][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 409.333575][ T5841] Tainted: [L]=SOFTLOCKUP [ 409.333580][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 409.333594][ T5841] Call Trace: [ 409.333604][ T5841] [ 409.333611][ T5841] dump_stack_lvl+0xe8/0x150 [ 409.333642][ T5841] f2fs_stop_checkpoint+0x3c7/0x590 [ 409.333672][ T5841] f2fs_write_end_io+0x12e5/0x17a0 [ 409.333710][ T5841] __submit_merged_bio+0x256/0x6a0 [ 409.333741][ T5841] __submit_merged_write_cond+0x3c9/0x4e0 [ 409.333772][ T5841] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 409.333816][ T5841] f2fs_write_data_pages+0x287e/0x34f0 [ 409.333840][ T5841] ? unwind_next_frame+0xa6/0x2550 [ 409.333891][ T5841] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 409.333915][ T5841] ? is_bpf_text_address+0x26/0x2b0 [ 409.333947][ T5841] ? arch_stack_walk+0xfb/0x150 [ 409.333995][ T5841] ? add_lock_to_list+0xc7/0x100 [ 409.334017][ T5841] ? lockdep_unlock+0x5d/0xd0 [ 409.334033][ T5841] ? __lock_acquire+0x146e/0x2cf0 [ 409.334080][ T5841] ? do_raw_spin_lock+0x12b/0x2f0 [ 409.334107][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 409.334131][ T5841] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 409.334157][ T5841] do_writepages+0x32e/0x550 [ 409.334186][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 409.334210][ T5841] filemap_fdatawrite+0x1e9/0x2f0 [ 409.334235][ T5841] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 409.334305][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 409.334330][ T5841] f2fs_sync_dirty_inodes+0x30e/0x830 [ 409.334361][ T5841] f2fs_write_checkpoint+0x9df/0x26a0 [ 409.334408][ T5841] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 409.334471][ T5841] ? kfree+0x1c5/0x640 [ 409.334493][ T5841] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 409.334522][ T5841] kill_f2fs_super+0x314/0x730 [ 409.334544][ T5841] ? __pfx_kill_f2fs_super+0x10/0x10 [ 409.334573][ T5841] ? lockdep_hardirqs_on+0x7a/0x110 [ 409.334606][ T5841] deactivate_locked_super+0xbc/0x130 [ 409.334630][ T5841] cleanup_mnt+0x437/0x4d0 [ 409.334654][ T5841] ? _raw_spin_unlock_irq+0x23/0x50 [ 409.334675][ T5841] task_work_run+0x1d9/0x270 [ 409.334698][ T5841] ? __pfx_task_work_run+0x10/0x10 [ 409.334725][ T5841] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.334744][ T5841] exit_to_user_mode_loop+0xed/0x480 [ 409.334762][ T5841] ? rcu_is_watching+0x15/0xb0 [ 409.334778][ T5841] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.334794][ T5841] do_syscall_64+0x33e/0xf80 [ 409.334810][ T5841] ? trace_irq_disable+0x3b/0x140 [ 409.334827][ T5841] ? clear_bhb_loop+0x40/0x90 [ 409.334844][ T5841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.334857][ T5841] RIP: 0033:0x7fb737f9d9d7 [ 409.334881][ T5841] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 409.334894][ T5841] RSP: 002b:00007ffe9935da28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 409.334910][ T5841] RAX: 0000000000000000 RBX: 00007fb738032050 RCX: 00007fb737f9d9d7 [ 409.334919][ T5841] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe9935dae0 [ 409.334927][ T5841] RBP: 00007ffe9935dae0 R08: 00007ffe9935eae0 R09: 00000000ffffffff [ 409.334936][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe9935eb70 [ 409.334945][ T5841] R13: 00007fb738032050 R14: 0000000000062fbc R15: 00007ffe9935ebb0 [ 409.334970][ T5841] [ 409.683752][ T5841] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 409.713920][ T30] audit: type=1326 audit(1774553837.316:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9003 comm="syz.2.735" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f202b59c799 code=0x0 [ 409.746734][ T1670] loop4: lost filesystem error report for type 5 error -108 [ 409.934510][ T808] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 410.097124][ T808] usb 2-1: device descriptor read/64, error -71 [ 410.205725][ T9013] netlink: 'syz.4.740': attribute type 10 has an invalid length. [ 410.223673][ T9013] netlink: 'syz.4.740': attribute type 29 has an invalid length. [ 410.272003][ T9010] loop3: detected capacity change from 0 to 32768 [ 410.320043][ T9022] program syz.2.743 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 410.346736][ T9010] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 410.351751][ T808] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 410.434196][ T9010] XFS (loop3): Ending clean mount [ 410.533827][ T808] usb 2-1: device descriptor read/64, error -71 [ 410.558176][ T9010] XFS (loop3): Quotacheck needed: Please wait. [ 410.665853][ T808] usb usb2-port1: attempt power cycle [ 410.725755][ T9010] XFS (loop3): Quotacheck: Done. [ 411.033329][ T5840] Bluetooth: hci4: ACL packet for unknown connection handle 205 [ 411.081006][ T5835] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 411.102811][ T808] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 411.115316][ T9044] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 411.121868][ T9044] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 411.133397][ T9044] vhci_hcd vhci_hcd.0: Device attached [ 411.326712][ T808] usb 2-1: device descriptor read/8, error -71 [ 411.417712][ T9045] vhci_hcd: connection closed [ 411.417985][ T7224] vhci_hcd vhci_hcd.2: stop threads [ 411.457412][ T7224] vhci_hcd vhci_hcd.2: release socket [ 411.471636][ T7224] vhci_hcd vhci_hcd.2: disconnect device [ 411.505932][ T5922] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 411.623252][ T808] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 411.689434][ T808] usb 2-1: device descriptor read/8, error -71 [ 411.839405][ T9050] loop3: detected capacity change from 0 to 32768 [ 411.849600][ T9050] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.752 (9050) [ 411.865050][ T808] usb usb2-port1: unable to enumerate USB device [ 411.878630][ T9050] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 411.888922][ T9050] BTRFS info (device loop3): using xxhash64 checksum algorithm [ 411.896582][ T9050] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 412.077559][ T9050] BTRFS info (device loop3): rebuilding free space tree [ 412.107779][ T9050] BTRFS info (device loop3): disabling free space tree [ 412.114838][ T9050] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 412.126311][ T9050] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 412.143192][ T9050] BTRFS info (device loop3): setting nodatasum [ 412.152919][ T9050] BTRFS info (device loop3): allowing degraded mounts [ 412.159792][ T9050] BTRFS info (device loop3): turning on async discard [ 412.166645][ T9050] BTRFS info (device loop3): enabling disk space caching [ 412.173684][ T9050] BTRFS info (device loop3): force clearing of disk cache [ 412.180833][ T9050] BTRFS info (device loop3): force zlib compression, level 3 [ 412.241274][ T9050] BTRFS info (device loop3): balance: start -susage=1,usage=1..0,drange=6..6,vrange=8..15,limit=2,stripes=7..3 [ 412.254280][ T9050] BTRFS info (device loop3): balance: ended with status: 0 [ 412.314633][ T5835] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 412.651826][ T9052] loop4: detected capacity change from 0 to 32768 [ 412.740064][ T9052] [ 412.740064][ T9052] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 412.740064][ T9052] [ 412.969170][ T9052] ERROR: (device loop4): diWrite: ixpxd invalid [ 412.969170][ T9052] [ 413.041929][ T9052] ERROR: (device loop4): txCommit: [ 413.041929][ T9052] [ 413.151922][ T9081] ERROR: (device loop4): diWrite: ixpxd invalid [ 413.151922][ T9081] [ 413.236802][ T9081] ERROR: (device loop4): txCommit: [ 413.236802][ T9081] [ 413.248218][ T9084] loop3: detected capacity change from 0 to 4096 [ 413.424515][ T5841] [ 413.424515][ T5841] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 413.424515][ T5841] [ 413.472286][ T5841] [ 413.472286][ T5841] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 413.472286][ T5841] [ 413.490832][ T9090] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 413.883224][ T9101] loop1: detected capacity change from 0 to 1024 [ 413.928696][ T9099] loop2: detected capacity change from 0 to 32768 [ 413.938031][ T9099] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.766 (9099) [ 413.956880][ T9099] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 413.967869][ T9099] BTRFS info (device loop2): using xxhash64 checksum algorithm [ 413.977948][ T9099] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 414.199570][ T9099] BTRFS info (device loop2): rebuilding free space tree [ 414.269521][ T9084] NILFS error (device loop3): nilfs_dotdot: directory #12 missing '.' [ 414.289868][ T9099] BTRFS info (device loop2): disabling free space tree [ 414.296886][ T9099] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 414.307265][ T9099] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 414.328779][ T9084] Remounting filesystem read-only [ 414.337463][ T9099] BTRFS info (device loop2): setting nodatasum [ 414.344923][ T9099] BTRFS info (device loop2): allowing degraded mounts [ 414.351839][ T9099] BTRFS info (device loop2): turning on async discard [ 414.358695][ T9099] BTRFS info (device loop2): enabling disk space caching [ 414.365738][ T9099] BTRFS info (device loop2): force clearing of disk cache [ 414.372942][ T9099] BTRFS info (device loop2): force zlib compression, level 3 [ 414.453643][ T9099] BTRFS info (device loop2): balance: start -susage=0,usage=0..0,drange=6..0,vrange=8..15,limit=5,stripes=7..3 [ 414.468547][ T9099] BTRFS info (device loop2): balance: ended with status: 0 [ 414.517440][ T5844] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 414.553799][ T9119] loop1: detected capacity change from 0 to 512 [ 414.660798][ T9119] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 414.698729][ T9119] ext4 filesystem being mounted at /145/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 414.866359][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 414.945861][ T9109] loop4: detected capacity change from 0 to 32768 [ 415.105160][ T9109] add_index: next_index = 0. Resetting! [ 415.154647][ T9109] find_entry called with index >= next_index [ 415.169943][ T9130] loop1: detected capacity change from 0 to 64 [ 415.184887][ T9109] find_entry called with index >= next_index [ 415.247368][ T9109] find_entry called with index >= next_index [ 415.277380][ T9109] find_entry called with index >= next_index [ 415.350495][ T9109] non-latin1 character 0x3ff found in JFS file name [ 415.390841][ T9109] mount with iocharset=utf8 to access [ 415.566357][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 415.801377][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 415.825012][ T9] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 416.127708][ T9127] loop2: detected capacity change from 0 to 32768 [ 416.219667][ T9127] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 416.298878][ T9127] XFS (loop2): Ending clean mount [ 416.334520][ T9127] XFS (loop2): Quotacheck needed: Please wait. [ 416.633704][ T9127] XFS (loop2): Quotacheck: Done. [ 416.668412][ T30] audit: type=1800 audit(1774553843.811:43): pid=9149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.776" name="file1" dev="tmpfs" ino=538 res=0 errno=0 [ 416.814101][ T9] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 416.827238][ T9] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 416.843682][ T9] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 416.863510][ T9] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 416.866317][ T5844] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 417.581778][ T9157] loop2: detected capacity change from 0 to 512 [ 417.689786][ T9137] loop1: detected capacity change from 0 to 262144 [ 417.697510][ T9137] f2fs: Unexpected value for 'grpquota' [ 417.703946][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.728874][ T9] usb 4-1: Product: syz [ 417.734291][ T9] usb 4-1: Manufacturer: syz [ 417.739660][ T9] usb 4-1: SerialNumber: syz [ 417.776377][ C0] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 417.861759][ T9] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input10 [ 418.023854][ T9] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 418.047264][ T9] (id 0x00) [ 418.163325][ T5914] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 418.210675][ T9] rc_core: IR keymap rc-imon-pad not found [ 418.226516][ T9] Registered IR keymap rc-empty [ 418.244089][ T9] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 418.279430][ T9] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 418.336216][ T9] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0 [ 418.349555][ T5914] usb 2-1: config 0 has an invalid interface number: 66 but max is 0 [ 418.388064][ T5914] usb 2-1: config 0 has no interface number 0 [ 418.394931][ T9] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0/input11 [ 418.416046][ T5914] usb 2-1: too many endpoints for config 0 interface 66 altsetting 71: 66, using maximum allowed: 30 [ 418.486284][ T5914] usb 2-1: config 0 interface 66 altsetting 71 has 0 endpoint descriptors, different from the interface descriptor's value: 66 [ 418.525631][ T9] imon 4-1:155.0: iMON device (15c2:ffdc, intf0) on usb<4:8> initialized [ 418.537927][ T5914] usb 2-1: config 0 interface 66 has no altsetting 0 [ 418.560441][ T5914] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 418.574189][ T9] usb 4-1: USB disconnect, device number 8 [ 418.594560][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.731059][ T5914] usb 2-1: config 0 descriptor?? [ 418.779646][ T5914] cp210x 2-1:0.66: cp210x converter detected [ 418.999217][ T9166] loop2: detected capacity change from 0 to 40427 [ 419.029072][ T9166] F2FS-fs (loop2): Image doesn't support compression [ 419.054973][ T9166] F2FS-fs (loop2): build fault injection rate: 684 [ 419.077383][ T9166] F2FS-fs (loop2): build fault injection type: 0x35f7 [ 419.093807][ T9166] F2FS-fs (loop2): invalid crc value [ 419.212614][ T5914] cp210x 2-1:0.66: failed to get vendor val 0x000e size 3: -71 [ 419.306694][ T5914] usb 2-1: cp210x converter now attached to ttyUSB0 [ 419.323725][ T9166] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 419.339032][ T5914] usb 2-1: USB disconnect, device number 11 [ 419.386253][ T9172] loop3: detected capacity change from 0 to 64 [ 419.444540][ T5914] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 419.457336][ T9169] loop4: detected capacity change from 0 to 32768 [ 419.468806][ T9166] F2FS-fs (loop2): Start checkpoint disabled! [ 419.501963][ T5914] cp210x 2-1:0.66: device disconnected [ 419.621106][ T9166] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 419.635191][ T9166] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 419.663125][ T5835] hfs: node 4:3 still has 1 user(s)! [ 419.927647][ T6063] kworker/u8:10: attempt to access beyond end of device [ 419.927647][ T6063] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 420.062983][ T6063] CPU: 0 UID: 0 PID: 6063 Comm: kworker/u8:10 Tainted: G L syzkaller #0 PREEMPT(full) [ 420.063014][ T6063] Tainted: [L]=SOFTLOCKUP [ 420.063021][ T6063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 420.063032][ T6063] Workqueue: writeback wb_workfn (flush-7:2) [ 420.063060][ T6063] Call Trace: [ 420.063067][ T6063] [ 420.063075][ T6063] dump_stack_lvl+0xe8/0x150 [ 420.063104][ T6063] f2fs_stop_checkpoint+0x3c7/0x590 [ 420.063134][ T6063] f2fs_write_end_io+0x12e5/0x17a0 [ 420.063173][ T6063] __submit_merged_bio+0x256/0x6a0 [ 420.063203][ T6063] __submit_merged_write_cond+0x3c9/0x4e0 [ 420.063236][ T6063] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 420.063281][ T6063] f2fs_write_data_pages+0x287e/0x34f0 [ 420.063352][ T6063] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 420.063434][ T6063] ? ktime_get+0x45/0x220 [ 420.063454][ T6063] ? lock_acquire+0x106/0x350 [ 420.063522][ T6063] ? ktime_get+0x45/0x220 [ 420.063542][ T6063] ? seqcount_lockdep_reader_access+0xd4/0x100 [ 420.063564][ T6063] ? ktime_get+0x1f5/0x220 [ 420.063598][ T6063] ? __lock_acquire+0x6b5/0x2cf0 [ 420.063625][ T6063] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 420.063651][ T6063] do_writepages+0x32e/0x550 [ 420.063679][ T6063] ? reacquire_held_locks+0x104/0x190 [ 420.063697][ T6063] ? writeback_sb_inodes+0x463/0x19d0 [ 420.063724][ T6063] __writeback_single_inode+0x133/0x10e0 [ 420.063747][ T6063] ? do_raw_spin_unlock+0xf5/0x210 [ 420.063772][ T6063] writeback_sb_inodes+0x979/0x19d0 [ 420.063792][ T6063] ? __lock_acquire+0x6b5/0x2cf0 [ 420.063845][ T6063] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 420.063865][ T6063] ? do_raw_spin_lock+0x12b/0x2f0 [ 420.063924][ T6063] ? rcu_is_watching+0x15/0xb0 [ 420.063950][ T6063] wb_writeback+0x445/0xb00 [ 420.063975][ T6063] ? queue_io+0x2b1/0x470 [ 420.064003][ T6063] ? __pfx_wb_writeback+0x10/0x10 [ 420.064021][ T6063] ? do_raw_spin_lock+0x12b/0x2f0 [ 420.064056][ T6063] wb_workfn+0x3f8/0xf10 [ 420.064070][ T6063] ? look_up_lock_class+0x57/0x110 [ 420.064108][ T6063] ? __pfx_wb_workfn+0x10/0x10 [ 420.064133][ T6063] ? do_raw_spin_unlock+0xf5/0x210 [ 420.064159][ T6063] ? process_scheduled_works+0xa70/0x1860 [ 420.064185][ T6063] ? process_scheduled_works+0xa70/0x1860 [ 420.064216][ T6063] ? process_scheduled_works+0xa70/0x1860 [ 420.064239][ T6063] ? process_scheduled_works+0xa70/0x1860 [ 420.064265][ T6063] process_scheduled_works+0xb5d/0x1860 [ 420.064321][ T6063] ? __pfx_process_scheduled_works+0x10/0x10 [ 420.064352][ T6063] ? assign_work+0x3d5/0x5e0 [ 420.064382][ T6063] worker_thread+0xa53/0xfc0 [ 420.064434][ T6063] kthread+0x388/0x470 [ 420.064455][ T6063] ? __pfx_worker_thread+0x10/0x10 [ 420.064477][ T6063] ? __pfx_kthread+0x10/0x10 [ 420.064504][ T6063] ret_from_fork+0x514/0xb70 [ 420.064531][ T6063] ? __pfx_ret_from_fork+0x10/0x10 [ 420.064554][ T6063] ? __switch_to+0xc7d/0x1420 [ 420.064580][ T6063] ? __pfx_kthread+0x10/0x10 [ 420.064601][ T6063] ret_from_fork_asm+0x1a/0x30 [ 420.064635][ T6063] [ 420.385486][ T6063] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 420.721991][ T5922] loop2: lost filesystem error report for type 5 error -108 [ 421.042064][ T9189] loop4: detected capacity change from 0 to 4096 [ 421.124950][ T9177] loop3: detected capacity change from 0 to 32768 [ 421.174171][ T9177] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 421.229719][ T9199] loop1: detected capacity change from 0 to 1024 [ 421.252608][ T9177] XFS (loop3): Ending clean mount [ 421.268892][ T9199] EXT4-fs: Ignoring removed oldalloc option [ 421.279214][ T9199] EXT4-fs: Ignoring removed bh option [ 421.343193][ T9199] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 421.397414][ T9199] EXT4-fs (loop1): shut down requested (0) [ 421.638312][ T5835] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 421.696300][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.001221][ T5922] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 422.061981][ T9218] bridge0: port 3(team0) entered disabled state [ 422.070282][ T9218] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.079189][ T9218] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.191408][ T5922] usb 3-1: Using ep0 maxpacket: 32 [ 422.221501][ T5922] usb 3-1: New USB device found, idVendor=1039, idProduct=2120, bcdDevice= 2.a7 [ 422.257882][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.281865][ T5922] usb 3-1: Product: syz [ 422.286109][ T5922] usb 3-1: Manufacturer: syz [ 422.292716][ T5922] usb 3-1: SerialNumber: syz [ 422.315801][ T5922] usb 3-1: config 0 descriptor?? [ 422.378086][ T9225] loop1: detected capacity change from 0 to 4096 [ 422.552570][ T9236] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 422.571000][ T5922] usb 3-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2120) Rev (0X2A7): Eagle II [ 422.596526][ T9237] IPVS: set_ctl: invalid protocol: 2 10.1.1.1:20000 [ 422.705616][ T9238] NILFS (loop1): nilfs_palloc_freev (ino=3): entry number 32 already freed [ 422.746473][ T9238] NILFS (loop1): nilfs_sufile_do_free: segment 9 is already clean [ 423.211067][ T5922] usb 3-1: reset high-speed USB device number 6 using dummy_hcd [ 423.618736][ T9254] loop3: detected capacity change from 0 to 512 [ 423.641341][ T9254] EXT4-fs: Ignoring removed oldalloc option [ 423.730500][ T9254] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 423.765951][ T9254] ext4 filesystem being mounted at /157/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 423.777293][ T5922] usb 3-1: [UEAGLE-ATM] interface 1 not found [ 423.820158][ T5922] ueagle-atm 3-1:0.0: usbatm_usb_probe: bind failed: -19! [ 424.013160][ T9248] loop1: detected capacity change from 0 to 32768 [ 424.022395][ T5922] usb 3-1: USB disconnect, device number 6 [ 424.059890][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 424.090033][ T9248] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 424.149253][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 424.256444][ T9248] XFS (loop1): Ending clean mount [ 424.314713][ T9272] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 424.317476][ T9248] XFS (loop1): Quotacheck needed: Please wait. [ 424.374845][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 424.392712][ T9] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 424.402672][ T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 424.414072][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.432287][ T9258] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 424.466081][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 424.531383][ T9248] XFS (loop1): Quotacheck: Done. [ 424.773954][ T9] usb 5-1: USB disconnect, device number 8 [ 424.901547][ T5842] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 425.087659][ T5922] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 425.266894][ T5922] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 425.290706][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.340329][ T5922] usb 3-1: config 0 descriptor?? [ 425.364977][ T5922] cp210x 3-1:0.0: cp210x converter detected [ 425.568236][ T9290] nbd0: detected capacity change from 0 to 63 [ 425.613209][ T5840] block nbd0: Receive control failed (result -32) [ 425.632047][ T5855] block nbd0: Send control failed (result -32) [ 425.665026][ T5855] block nbd0: Request send failed, requeueing [ 425.790187][ T2267] block nbd0: Dead connection, failed to find a fallback [ 425.802572][ T2267] block nbd0: shutting down sockets [ 425.809405][ T2267] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 425.825087][ T2267] Buffer I/O error on dev nbd0, logical block 0, async page read [ 425.856818][ T5855] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 425.884254][ T5855] Buffer I/O error on dev nbd0, logical block 1, async page read [ 425.901934][ T5855] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 425.920809][ T5855] Buffer I/O error on dev nbd0, logical block 2, async page read [ 425.940306][ T5855] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 425.973302][ T5855] Buffer I/O error on dev nbd0, logical block 3, async page read [ 425.996756][ T5855] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 426.018211][ T5855] Buffer I/O error on dev nbd0, logical block 0, async page read [ 426.027767][ T5922] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 426.047451][ T5922] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 426.055114][ T5855] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 426.081103][ T9288] loop1: detected capacity change from 0 to 32768 [ 426.089470][ T5855] Buffer I/O error on dev nbd0, logical block 1, async page read [ 426.102025][ T5922] usb 3-1: cp210x converter now attached to ttyUSB0 [ 426.111476][ T5855] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 426.128377][ T5922] usb 3-1: USB disconnect, device number 7 [ 426.146226][ T5855] Buffer I/O error on dev nbd0, logical block 2, async page read [ 426.158439][ T9288] XFS (loop1): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 426.188201][ T5855] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 426.215403][ T9306] netlink: 40 bytes leftover after parsing attributes in process `syz.4.826'. [ 426.229915][ T9288] XFS (loop1): Ending clean mount [ 426.240341][ T5855] Buffer I/O error on dev nbd0, logical block 3, async page read [ 426.252545][ T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 426.268889][ T5855] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 426.280247][ T5922] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 426.290414][ T5855] Buffer I/O error on dev nbd0, logical block 0, async page read [ 426.298848][ T5922] cp210x 3-1:0.0: device disconnected [ 426.306404][ T5855] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 426.317027][ T5855] Buffer I/O error on dev nbd0, logical block 1, async page read [ 426.330626][ T5855] ldm_validate_partition_table(): Disk read failed. [ 426.342919][ T5855] Dev nbd0: unable to read RDB block 0 [ 426.351312][ T5855] nbd0: unable to read partition table [ 426.398556][ T5855] ldm_validate_partition_table(): Disk read failed. [ 426.410957][ T5855] Dev nbd0: unable to read RDB block 0 [ 426.426637][ T5855] nbd0: unable to read partition table [ 426.446929][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 426.466046][ T9] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 426.500996][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 426.511276][ T5842] XFS (loop1): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 426.535655][ T9] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 426.569463][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.610371][ T9] usb 4-1: config 0 descriptor?? [ 427.007835][ T9319] syz_tun: entered promiscuous mode [ 427.018537][ T9319] macvtap1: entered promiscuous mode [ 427.023941][ T808] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 427.182429][ T808] usb 3-1: Using ep0 maxpacket: 16 [ 427.195513][ T808] usb 3-1: config 0 has an invalid interface number: 4 but max is 0 [ 427.208964][ T808] usb 3-1: config 0 has no interface number 0 [ 427.225653][ T808] usb 3-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 427.248970][ T808] usb 3-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 427.281307][ T808] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 427.281416][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 427.307692][ T808] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.333999][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 427.336471][ T808] usb 3-1: config 0 descriptor?? [ 427.389581][ T9] usb 4-1: USB disconnect, device number 9 [ 427.595709][ T9324] loop4: detected capacity change from 0 to 32768 [ 427.656764][ T9324] (syz.4.834,9324,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 427.685927][ T9324] (syz.4.834,9324,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 427.869383][ T808] hid (null): bogus close delimiter [ 427.899291][ T808] hid (null): global environment stack underflow [ 427.942958][ T808] hid (null): unknown global tag 0xc [ 427.985193][ T808] hid (null): bogus close delimiter [ 428.009786][ T808] hid (null): report_id 2102703267 is invalid [ 428.075980][ T808] hid (null): usage index exceeded [ 428.156318][ T808] usb 3-1: USB disconnect, device number 8 [ 428.179251][ T9344] loop3: detected capacity change from 0 to 512 [ 428.181040][ T9324] JBD2: Ignoring recovery information on journal [ 428.206899][ T9344] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 428.271981][ T9344] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.840: iget: bad i_size value: 38620345925642 [ 428.337048][ T9344] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 428.337825][ T9344] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.840: couldn't read orphan inode 15 (err -117) [ 428.347213][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 428.347235][ C0] EXT4-fs (loop3): initial error at time 1774553854: ext4_orphan_get:1391: inode 15 [ 428.347264][ C0] EXT4-fs (loop3): last error at time 1774553854: ext4_orphan_get:1391: inode 15 [ 428.404890][ T9344] loop3: lost filesystem error report for type 5 error -117 [ 428.420063][ T9344] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 428.535171][ T9324] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 428.620153][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 429.117808][ T808] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 429.160925][ T9371] sctp: [Deprecated]: syz.3.852 (pid 9371) Use of int in max_burst socket option deprecated. [ 429.160925][ T9371] Use struct sctp_assoc_value instead [ 429.303929][ T808] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 429.342745][ T808] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 429.398876][ T808] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 429.422282][ T808] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.721337][ T808] usb 3-1: usb_control_msg returned -32 [ 429.754856][ T808] usbtmc 3-1:16.0: can't read capabilities [ 429.779747][ T9378] loop3: detected capacity change from 0 to 32768 [ 429.791755][ T9378] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.857 (9378) [ 429.832576][ T5841] ocfs2: Unmounting device (7,4) on (node local) [ 429.918407][ T9378] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 429.928665][ T9378] BTRFS info (device loop3): using sha256 checksum algorithm [ 429.936098][ T9378] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 429.980542][ T9385] netlink: 16 bytes leftover after parsing attributes in process `syz.1.858'. [ 430.112037][ T9378] BTRFS info (device loop3): rebuilding free space tree [ 430.251906][ T9378] BTRFS info (device loop3): disabling free space tree [ 430.258890][ T9378] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 430.270090][ T9378] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 430.286540][ T9378] BTRFS info (device loop3): enabling ssd optimizations [ 430.293701][ T9378] BTRFS info (device loop3): enabling disk space caching [ 430.300839][ T9378] BTRFS info (device loop3): force clearing of disk cache [ 430.308031][ T9378] BTRFS info (device loop3): enabling auto defrag [ 430.315778][ T9378] BTRFS info (device loop3): max_inline set to 0 [ 430.584657][ T5835] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 430.613126][ T7224] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 430.921225][ T9400] loop1: detected capacity change from 0 to 32768 [ 431.216014][ T9400] UFO tlock:0xffffc900029968d8 [ 431.448855][ T9411] loop4: detected capacity change from 0 to 512 [ 431.480849][ T9411] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 431.539678][ T9411] EXT4-fs (loop4): 1 truncate cleaned up [ 431.578195][ T9411] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 431.617223][ T808] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 431.727049][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 431.832201][ T808] usb 4-1: Using ep0 maxpacket: 16 [ 431.876746][ T808] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 431.919627][ T808] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 431.945665][ T808] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 431.964504][ T808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.987315][ T9426] Invalid argument reading file caps for ./file0 [ 431.988331][ T808] usb 4-1: Product: syz [ 432.025595][ T808] usb 4-1: Manufacturer: syz [ 432.038688][ T808] usb 4-1: SerialNumber: syz [ 432.085656][ T808] usb 4-1: 0:2 : does not exist [ 432.119587][ T24] usb 3-1: USB disconnect, device number 9 [ 432.663301][ T808] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 433.104565][ T9424] loop1: detected capacity change from 0 to 32768 [ 433.210392][ T9424] JBD2: Ignoring recovery information on journal [ 433.266026][ T808] usb 4-1: USB disconnect, device number 10 [ 433.284327][ T9424] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 433.520845][ T6039] udevd[6039]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 433.593471][ T24] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 433.593643][ T9424] (syz.1.868,9424,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options [ 433.801826][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 433.822199][ T24] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 433.841790][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 433.869083][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 433.909203][ T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 433.950398][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.967606][ T24] usb 3-1: Product: syz [ 433.982752][ T24] usb 3-1: Manufacturer: syz [ 433.994084][ T5842] ocfs2: Unmounting device (7,1) on (node local) [ 434.007147][ T24] usb 3-1: SerialNumber: syz [ 434.089072][ T24] usb 3-1: 0:2 : does not exist [ 434.822592][ T9470] loop1: detected capacity change from 0 to 1024 [ 434.873739][ T9470] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 434.920938][ T9470] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 435.018723][ T24] usb 3-1: USB disconnect, device number 10 [ 435.039296][ T9470] EXT4-fs error (device loop1): ext4_map_blocks:821: inode #15: block 1: comm syz.1.882: lblock 1 mapped to illegal pblock 1 (length 5) [ 435.139872][ T9470] EXT4-fs error (device loop1): ext4_map_blocks:821: inode #15: comm syz.1.882: lblock 0 mapped to illegal pblock 0 (length 1) [ 435.183599][ T9470] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 435.207543][ T9470] EXT4-fs (loop1): This should not happen!! Data will be lost [ 435.207543][ T9470] [ 435.226184][ T5855] udevd[5855]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 435.333176][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 435.437688][ T9486] loop2: detected capacity change from 0 to 128 [ 436.908445][ T5840] Bluetooth: hci5: ACL packet for unknown connection handle 205 [ 436.959503][ T9] usb 5-1: new low-speed USB device number 9 using dummy_hcd [ 437.040508][ T9525] loop1: detected capacity change from 0 to 1024 [ 437.129614][ T9525] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 437.145106][ T9525] ext4 filesystem being mounted at /174/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 437.171409][ T9525] EXT4-fs error (device loop1): ext4_map_blocks:821: inode #15: block 3: comm syz.1.909: lblock 3 mapped to illegal pblock 3 (length 3) [ 437.200848][ T9525] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 437.216268][ T9525] EXT4-fs (loop1): This should not happen!! Data will be lost [ 437.216268][ T9525] [ 437.219192][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 437.288048][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 437.307182][ T6063] EXT4-fs error (device loop1): ext4_map_blocks:821: inode #15: block 8: comm kworker/u8:10: lblock 8 mapped to illegal pblock 8 (length 8) [ 437.346630][ T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 437.366753][ T6063] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 437.392792][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 437.405990][ T6063] EXT4-fs (loop1): This should not happen!! Data will be lost [ 437.405990][ T6063] [ 437.431419][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 437.458403][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 437.473750][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 437.507374][ T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 437.527147][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 437.539827][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 437.621053][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 437.634125][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 437.695974][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 437.741135][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.759525][ T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 437.796954][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 437.832359][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 437.873959][ T9] usb 5-1: string descriptor 0 read error: -22 [ 437.887217][ T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 437.915960][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.988561][ T9] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 438.178737][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.234753][ T5852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 438.258289][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 438.267637][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 438.287423][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 438.300517][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 438.372027][ T9] usb 5-1: USB disconnect, device number 9 [ 438.578885][ T9542] loop1: detected capacity change from 0 to 131072 [ 438.674935][ T9542] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 438.696980][ T9542] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 438.721926][ T9542] F2FS-fs (loop1): lookup inode (7) has corrupted xattr [ 438.736493][ T29] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 438.745950][ T9542] F2FS-fs (loop1): lookup inode (7) has corrupted xattr [ 438.951728][ T29] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 438.988637][ T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.013149][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.028240][ T29] usb 4-1: Product: syz [ 439.046696][ T29] usb 4-1: Manufacturer: syz [ 439.053693][ T29] usb 4-1: SerialNumber: syz [ 439.055738][ T9560] loop4: detected capacity change from 0 to 2048 [ 439.062052][ T29] usb 4-1: config 0 descriptor?? [ 439.109373][ T9560] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 439.151352][ T29] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 439.154446][ T9545] chnl_net:caif_netlink_parms(): no params data found [ 439.326291][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.527453][ T9562] loop4: detected capacity change from 0 to 256 [ 439.561198][ T9562] exfat: Deprecated parameter 'namecase' [ 439.638101][ T9562] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x18d51376, utbl_chksum : 0xe619d30d) [ 439.843583][ T9545] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.863600][ T9545] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.877795][ T9545] bridge_slave_0: entered allmulticast mode [ 439.902354][ T9545] bridge_slave_0: entered promiscuous mode [ 440.076919][ T9569] loop4: detected capacity change from 0 to 512 [ 440.087403][ T9545] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.103230][ T9545] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.116763][ T9545] bridge_slave_1: entered allmulticast mode [ 440.135345][ T9545] bridge_slave_1: entered promiscuous mode [ 440.209997][ T29] gspca_stk1135: reg_w 0x7 err -71 [ 440.217504][ T9545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 440.223647][ T9569] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 440.269714][ T29] gspca_stk1135: serial bus timeout: status=0x00 [ 440.282040][ T9545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 440.309805][ T29] gspca_stk1135: Sensor write failed [ 440.329015][ T9569] ext4 filesystem being mounted at /174/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 440.342237][ T36] bridge_slave_1: left allmulticast mode [ 440.343510][ T29] gspca_stk1135: serial bus timeout: status=0x00 [ 440.355922][ T36] bridge_slave_1: left promiscuous mode [ 440.356305][ T29] gspca_stk1135: Sensor write failed [ 440.369654][ T29] gspca_stk1135: serial bus timeout: status=0x00 [ 440.374518][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.376749][ T29] gspca_stk1135: Sensor read failed [ 440.396047][ T29] gspca_stk1135: serial bus timeout: status=0x00 [ 440.407875][ T29] gspca_stk1135: Sensor read failed [ 440.418987][ T36] bridge_slave_0: left allmulticast mode [ 440.421390][ T29] gspca_stk1135: Detected sensor type unknown (0x0) [ 440.432497][ T36] bridge_slave_0: left promiscuous mode [ 440.443866][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.459075][ T29] gspca_stk1135: serial bus timeout: status=0x00 [ 440.471388][ T29] gspca_stk1135: Sensor read failed [ 440.478513][ T29] gspca_stk1135: serial bus timeout: status=0x00 [ 440.511538][ T29] gspca_stk1135: Sensor read failed [ 440.519161][ T5852] Bluetooth: hci0: command tx timeout [ 440.531837][ T29] gspca_stk1135: serial bus timeout: status=0x00 [ 440.539003][ T9578] loop1: detected capacity change from 0 to 512 [ 440.555504][ T29] gspca_stk1135: Sensor write failed [ 440.555570][ T5852] Bluetooth: hci5: ACL packet for unknown connection handle 205 [ 440.589907][ T29] gspca_stk1135: serial bus timeout: status=0x00 [ 440.610684][ T9578] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 440.625612][ T29] gspca_stk1135: Sensor write failed [ 440.631117][ T9578] ext4 filesystem being mounted at /176/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 440.643602][ T29] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 440.657864][ T29] usb 4-1: USB disconnect, device number 11 [ 440.708076][ T9578] EXT4-fs error (device loop1): ext4_do_update_inode:5572: inode #2: comm syz.1.918: corrupted inode contents [ 440.711059][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 440.732652][ T9578] EXT4-fs error (device loop1): ext4_dirty_inode:6453: inode #2: comm syz.1.918: mark_inode_dirty error [ 440.746253][ T9578] EXT4-fs error (device loop1): ext4_do_update_inode:5572: inode #2: comm syz.1.918: corrupted inode contents [ 440.812516][ T9578] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #2: comm syz.1.918: mark_inode_dirty error [ 440.849604][ T9578] EXT4-fs warning (device loop1): ext4_es_cache_extent:1082: inode #2: comm syz.1.918: ES cache extent failed: add [0,1,21,0x1] conflict with existing [0,8,576460752303423487,0x18] [ 440.849604][ T9578] [ 440.909895][ T9585] EXT4-fs error (device loop1): ext4_find_dest_de:2050: inode #2: block 21: comm syz.1.918: bad entry in directory: directory entry overrun - offset=0, inode=3312915219, rec_len=13820, size=2048 fake=0 [ 440.973683][ T9586] loop4: detected capacity change from 0 to 4096 [ 441.060457][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.345920][ T36] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 441.419162][ T36] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 441.437367][ T36] .` (unregistering): Released all slaves [ 441.444398][ T36] bond0 (unregistering): Released all slaves [ 441.516138][ T9545] team0: Port device team_slave_0 added [ 441.525988][ T9545] team0: Port device team_slave_1 added [ 441.783725][ T9545] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 441.783744][ T9545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 441.783768][ T9545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 441.941435][ T9598] loop4: detected capacity change from 0 to 4096 [ 442.002044][ T9598] ntfs3(loop4): ino=3, ntfs_set_state failed, -22. [ 442.024049][ T9598] ntfs3(loop4): Failed to initialize $Extend/$ObjId. [ 442.147500][ T9545] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 442.183640][ T9545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 442.210269][ T9604] loop3: detected capacity change from 0 to 1024 [ 442.239916][ T9604] EXT4-fs: Ignoring removed bh option [ 442.259909][ T9604] EXT4-fs: Ignoring removed bh option [ 442.267199][ T58] ntfs3(loop4): ino=3, ntfs3_write_inode failed, -22. [ 442.281166][ T9604] EXT4-fs: Ignoring removed oldalloc option [ 442.292653][ T9545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 442.307375][ T5841] ntfs3(loop4): ino=3, ntfs_set_state failed, -22. [ 442.330375][ T5841] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 442.337451][ T9604] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 442.343972][ T5841] ntfs3(loop4): ino=3, ntfs_set_state failed, -22. [ 442.358855][ T6031] ntfs3(loop4): ino=3, ntfs3_write_inode failed, -22. [ 442.649788][ T9611] Bluetooth: MGMT ver 1.23 [ 442.740789][ T5852] Bluetooth: hci0: command tx timeout [ 442.848490][ T9545] hsr_slave_0: entered promiscuous mode [ 442.874371][ T9545] hsr_slave_1: entered promiscuous mode [ 443.003562][ T5835] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2858: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 443.102930][ T9602] loop1: detected capacity change from 0 to 32768 [ 443.215408][ T9602] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 443.229163][ T5835] EXT4-fs error (device loop3): ext4_read_inline_dir:1486: inode #12: block 7: comm syz-executor: path /188/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 443.284714][ T5835] EXT4-fs (loop3): Remounting filesystem read-only [ 443.330523][ T9602] XFS (loop1): Ending clean mount [ 443.363885][ T36] hsr_slave_0: left promiscuous mode [ 443.377923][ T36] hsr_slave_1: left promiscuous mode [ 443.378600][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 443.393278][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 443.426649][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 443.482275][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 443.533728][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 443.541788][ T5842] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 443.643210][ T36] veth1_macvtap: left promiscuous mode [ 443.658147][ T36] veth0_macvtap: left promiscuous mode [ 443.671159][ T36] veth1_vlan: left promiscuous mode [ 443.677003][ T36] veth0_vlan: left promiscuous mode [ 444.476457][ T9665] netlink: 4 bytes leftover after parsing attributes in process `syz.3.948'. [ 444.963386][ T5852] Bluetooth: hci0: command tx timeout [ 445.014605][ T36] team0 (unregistering): Port device team_slave_1 removed [ 445.034223][ T36] team0 (unregistering): Port device team_slave_0 removed [ 445.236896][ T9665] hsr_slave_0: left promiscuous mode [ 445.249269][ T9665] hsr_slave_1: left promiscuous mode [ 446.165714][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 446.174631][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.314263][ T5914] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 446.875005][ T24] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 446.951031][ T5914] usb 5-1: Using ep0 maxpacket: 8 [ 446.964872][ T5914] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 446.990217][ T5914] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 447.012487][ T5914] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 447.023160][ T5914] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 447.034673][ T5914] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 447.048400][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 447.053599][ T5914] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 447.066560][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.076098][ T24] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 447.087635][ T24] usb 4-1: config 0 has no interface number 0 [ 447.094285][ T24] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 447.138061][ T24] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 447.141301][ T9545] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 447.174007][ T9545] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 447.187202][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 447.200044][ T5852] Bluetooth: hci0: command tx timeout [ 447.206133][ T24] usb 4-1: Product: syz [ 447.228778][ T24] usb 4-1: Manufacturer: syz [ 447.261913][ T24] usb 4-1: SerialNumber: syz [ 447.295446][ T24] usb 4-1: config 0 descriptor?? [ 447.313318][ T9545] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 447.330406][ T9689] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 447.357444][ T5914] usb 5-1: usb_control_msg returned -32 [ 447.371378][ T5914] usbtmc 5-1:16.0: can't read capabilities [ 447.396495][ T9545] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 447.475159][ T29] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 447.578366][ T9545] 8021q: adding VLAN 0 to HW filter on device bond0 [ 447.613160][ T9689] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 447.646293][ T29] usb 2-1: Using ep0 maxpacket: 8 [ 447.663827][ T29] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 447.678312][ T9545] 8021q: adding VLAN 0 to HW filter on device team0 [ 447.686526][ T29] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 447.697660][ T29] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 447.703705][ T1231] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.708252][ T29] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 447.714774][ T1231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 447.734898][ T29] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 447.745014][ T1231] bridge0: port 2(bridge_slave_1) entered blocking state [ 447.755146][ T1231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 447.762546][ T29] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 447.786194][ T9717] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 447.796805][ T5914] usb 5-1: USB disconnect, device number 10 [ 447.830739][ T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.954273][ T9720] overlayfs: failed to clone upperpath [ 448.115393][ T29] usb 2-1: usb_control_msg returned -32 [ 448.126162][ T29] usbtmc 2-1:16.0: can't read capabilities [ 448.275577][ T9545] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 448.427488][ T24] asix 4-1:0.188 (unnamed net_device) (uninitialized): invalid hw address, using random [ 448.625035][ T9744] loop4: detected capacity change from 0 to 1024 [ 448.646097][ T24] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 448.662566][ T9744] EXT4-fs: inline encryption not supported [ 448.707037][ T24] asix 4-1:0.188 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 448.749488][ T9744] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 448.766093][ T24] asix 4-1:0.188: probe with driver asix failed with error -71 [ 448.872241][ T24] usb 4-1: USB disconnect, device number 12 [ 448.929554][ T9758] 9p: Bad value for 'rfdno' [ 449.033241][ T9756] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 449.248125][ T24] usb 2-1: USB disconnect, device number 12 [ 449.595254][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 449.860414][ T9545] veth0_vlan: entered promiscuous mode [ 449.902979][ T9771] loop4: detected capacity change from 0 to 512 [ 450.021918][ T9545] veth1_vlan: entered promiscuous mode [ 450.070150][ T9771] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.970: bad orphan inode 11862016 [ 450.151428][ T9771] loop4: lost filesystem error report for type 5 error -117 [ 450.156692][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 450.170605][ C0] EXT4-fs (loop4): initial error at time 1774553875: ext4_orphan_get:1417 [ 450.179202][ C0] EXT4-fs (loop4): last error at time 1774553875: ext4_orphan_get:1417 [ 450.195785][ T9545] veth0_macvtap: entered promiscuous mode [ 450.234453][ T9771] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 450.241187][ T9545] veth1_macvtap: entered promiscuous mode [ 450.283547][ T9771] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 450.362374][ T9545] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 450.409903][ T9545] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 450.473568][ T6826] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.507830][ T6826] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.539820][ T6826] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.565389][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 450.571475][ T6826] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.953387][ T1231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 450.986666][ T1231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 451.162074][ T283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 451.181718][ T283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 451.393250][ T9782] loop1: detected capacity change from 0 to 40427 [ 451.405995][ T9778] loop3: detected capacity change from 0 to 40427 [ 451.421795][ T9782] F2FS-fs (loop1): Wrong segment_count / block_count (31 > 0) [ 451.445956][ T9778] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 451.447544][ T9782] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 451.487299][ T9782] F2FS-fs (loop1): invalid crc value [ 451.490007][ T9778] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 451.571206][ T9778] F2FS-fs (loop3): invalid crc_offset: 33558524 [ 451.721790][ T9782] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 451.783845][ T9782] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 451.800297][ T9782] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 451.811789][ T9778] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 451.869195][ T9778] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 451.887052][ T9778] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 451.960805][ T5842] syz-executor: attempt to access beyond end of device [ 451.960805][ T5842] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 452.050967][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 452.050999][ T5842] Tainted: [L]=SOFTLOCKUP [ 452.051005][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 452.051015][ T5842] Call Trace: [ 452.051022][ T5842] [ 452.051030][ T5842] dump_stack_lvl+0xe8/0x150 [ 452.051063][ T5842] f2fs_stop_checkpoint+0x3c7/0x590 [ 452.051096][ T5842] f2fs_write_end_io+0x12e5/0x17a0 [ 452.051140][ T5842] __submit_merged_bio+0x256/0x6a0 [ 452.051173][ T5842] f2fs_submit_page_write+0xeaa/0x24f0 [ 452.051230][ T5842] ? __pfx_f2fs_submit_page_write+0x10/0x10 [ 452.051277][ T5842] do_write_page+0x40f/0xab0 [ 452.051299][ T5842] ? uplift_priority+0xdb/0x700 [ 452.051328][ T5842] f2fs_do_write_node_page+0x3b/0x60 [ 452.051350][ T5842] __write_node_folio+0x1395/0x1c70 [ 452.051392][ T5842] ? __pfx___write_node_folio+0x10/0x10 [ 452.051451][ T5842] ? folio_clear_dirty_for_io+0x570/0x710 [ 452.051473][ T5842] ? folio_clear_dirty_for_io+0x1d4/0x710 [ 452.051498][ T5842] f2fs_sync_node_pages+0xdd6/0x13c0 [ 452.051543][ T5842] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 452.051616][ T5842] f2fs_write_checkpoint+0xeb8/0x26a0 [ 452.051630][ T5842] ? __lock_acquire+0x6b5/0x2cf0 [ 452.051689][ T5842] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 452.051766][ T5842] kill_f2fs_super+0x314/0x730 [ 452.051791][ T5842] ? __pfx_kill_f2fs_super+0x10/0x10 [ 452.051823][ T5842] ? lockdep_hardirqs_on+0x7a/0x110 [ 452.051858][ T5842] deactivate_locked_super+0xbc/0x130 [ 452.051884][ T5842] cleanup_mnt+0x437/0x4d0 [ 452.051906][ T5842] ? _raw_spin_unlock_irq+0x23/0x50 [ 452.051929][ T5842] task_work_run+0x1d9/0x270 [ 452.051953][ T5842] ? __pfx_task_work_run+0x10/0x10 [ 452.051983][ T5842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.052000][ T5842] exit_to_user_mode_loop+0xed/0x480 [ 452.052022][ T5842] ? rcu_is_watching+0x15/0xb0 [ 452.052037][ T5842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.052053][ T5842] do_syscall_64+0x33e/0xf80 [ 452.052071][ T5842] ? trace_irq_disable+0x3b/0x140 [ 452.052092][ T5842] ? clear_bhb_loop+0x40/0x90 [ 452.052112][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.052127][ T5842] RIP: 0033:0x7f3618d9d9d7 [ 452.052143][ T5842] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 452.052156][ T5842] RSP: 002b:00007ffc0766f248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 452.052175][ T5842] RAX: 0000000000000000 RBX: 00007f3618e32050 RCX: 00007f3618d9d9d7 [ 452.052186][ T5842] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc0766f300 [ 452.052197][ T5842] RBP: 00007ffc0766f300 R08: 00007ffc07670300 R09: 00000000ffffffff [ 452.052208][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc07670390 [ 452.052219][ T5842] R13: 00007f3618e32050 R14: 000000000006cba3 R15: 00007ffc076703d0 [ 452.052251][ T5842] [ 452.349198][ T5842] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 452.358495][ T5842] syz-executor: attempt to access beyond end of device [ 452.358495][ T5842] loop1: rw=2049, sector=41000, nr_sectors = 8 limit=40427 [ 452.377584][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 452.377615][ T5842] Tainted: [L]=SOFTLOCKUP [ 452.377622][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 452.377632][ T5842] Call Trace: [ 452.377639][ T5842] [ 452.377647][ T5842] dump_stack_lvl+0xe8/0x150 [ 452.377679][ T5842] f2fs_stop_checkpoint+0x3c7/0x590 [ 452.377710][ T5842] f2fs_write_end_io+0x12e5/0x17a0 [ 452.377751][ T5842] __submit_merged_bio+0x256/0x6a0 [ 452.377783][ T5842] f2fs_submit_merged_write+0x284/0x390 [ 452.377812][ T5842] ? __pfx_f2fs_submit_merged_write+0x10/0x10 [ 452.377847][ T5842] ? trace_lock_elapsed_time_end+0xf3/0xbc0 [ 452.377870][ T5842] ? f2fs_up_read_trace+0x1b/0x40 [ 452.377896][ T5842] ? folio_unlock+0x101/0x160 [ 452.377922][ T5842] __write_node_folio+0x16a6/0x1c70 [ 452.377963][ T5842] ? __pfx___write_node_folio+0x10/0x10 [ 452.378013][ T5842] ? folio_clear_dirty_for_io+0x570/0x710 [ 452.378035][ T5842] ? folio_clear_dirty_for_io+0x1d4/0x710 [ 452.378058][ T5842] f2fs_sync_node_pages+0xdd6/0x13c0 [ 452.378104][ T5842] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 452.378175][ T5842] f2fs_write_checkpoint+0xeb8/0x26a0 [ 452.378192][ T5842] ? __lock_acquire+0x6b5/0x2cf0 [ 452.378249][ T5842] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 452.378326][ T5842] kill_f2fs_super+0x314/0x730 [ 452.378350][ T5842] ? __pfx_kill_f2fs_super+0x10/0x10 [ 452.378382][ T5842] ? lockdep_hardirqs_on+0x7a/0x110 [ 452.378418][ T5842] deactivate_locked_super+0xbc/0x130 [ 452.378445][ T5842] cleanup_mnt+0x437/0x4d0 [ 452.378469][ T5842] ? _raw_spin_unlock_irq+0x23/0x50 [ 452.378492][ T5842] task_work_run+0x1d9/0x270 [ 452.378518][ T5842] ? __pfx_task_work_run+0x10/0x10 [ 452.378547][ T5842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.378567][ T5842] exit_to_user_mode_loop+0xed/0x480 [ 452.378588][ T5842] ? rcu_is_watching+0x15/0xb0 [ 452.378607][ T5842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.378626][ T5842] do_syscall_64+0x33e/0xf80 [ 452.378646][ T5842] ? trace_irq_disable+0x3b/0x140 [ 452.378667][ T5842] ? clear_bhb_loop+0x40/0x90 [ 452.378689][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.378706][ T5842] RIP: 0033:0x7f3618d9d9d7 [ 452.378724][ T5842] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 452.378738][ T5842] RSP: 002b:00007ffc0766f248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 452.378757][ T5842] RAX: 0000000000000000 RBX: 00007f3618e32050 RCX: 00007f3618d9d9d7 [ 452.378769][ T5842] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc0766f300 [ 452.378780][ T5842] RBP: 00007ffc0766f300 R08: 00007ffc07670300 R09: 00000000ffffffff [ 452.378792][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc07670390 [ 452.378803][ T5842] R13: 00007f3618e32050 R14: 000000000006cba3 R15: 00007ffc076703d0 [ 452.378840][ T5842] [ 452.378847][ T5842] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 452.716696][ T5914] loop1: lost filesystem error report for type 5 error -108 [ 452.777648][ T9778] F2FS-fs (loop3): Stopped filesystem due to reason: 0 [ 453.768953][ T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 453.874186][ T9848] loop6: detected capacity change from 0 to 2048 [ 453.924366][ T9853] loop3: detected capacity change from 0 to 64 [ 453.943061][ T9853] hfs: request for non-existent node -252 in B*Tree [ 453.950496][ T9853] hfs: request for non-existent node -252 in B*Tree [ 453.967595][ T9854] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 454.051644][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 454.074067][ T9] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 454.089836][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 454.130199][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 454.164267][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 454.193295][ T9] usb 2-1: Product: syz [ 454.212686][ T9] usb 2-1: Manufacturer: syz [ 454.218149][ T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 454.227340][ T9] usb 2-1: SerialNumber: syz [ 454.593691][ T9860] loop6: detected capacity change from 0 to 32768 [ 454.633015][ T9] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 454.658412][ T9860] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 454.666724][ T9860] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 454.712282][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 454.722970][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 454.733331][ T24] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 454.746977][ T24] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 454.756546][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.757076][ T9860] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 454.764761][ T24] usb 4-1: Product: syz [ 454.764782][ T24] usb 4-1: Manufacturer: syz [ 454.764797][ T24] usb 4-1: SerialNumber: syz [ 454.767735][ T24] usb 4-1: config 0 descriptor?? [ 454.788509][ T9] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 454.827191][ T9] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 454.909010][ T24] usb 2-1: USB disconnect, device number 13 [ 454.927143][ T24] usblp0: removed [ 454.952469][ T9] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 117ms [ 454.982520][ T9] gfs2: fsid=syz:syz.0: jid=0: Done [ 454.990248][ T9860] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 455.066543][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 455.412015][ T9870] overlayfs: failed to clone upperpath [ 456.988832][ T24] usb 4-1: USB disconnect, device number 13 [ 457.796821][ T9913] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 458.393840][ T24] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 458.718355][ T24] usb 4-1: config 0 has no interfaces? [ 458.733293][ T24] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 459.129549][ T9909] loop4: detected capacity change from 0 to 262144 [ 459.137494][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.145711][ T24] usb 4-1: Product: syz [ 459.149421][ T9909] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1009 (9909) [ 459.151140][ T24] usb 4-1: Manufacturer: syz [ 459.263420][ T24] usb 4-1: SerialNumber: syz [ 459.271516][ T24] usb 4-1: config 0 descriptor?? [ 459.301811][ T9909] BTRFS info (device loop4): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 459.313028][ T9909] BTRFS info (device loop4): using xxhash64 checksum algorithm [ 460.268358][ T9932] loop6: detected capacity change from 0 to 131072 [ 460.450462][ T9932] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 460.473721][ T9932] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 460.519106][ T9932] F2FS-fs (loop6): access invalid blkaddr:0 [ 460.530444][ T9932] CPU: 0 UID: 0 PID: 9932 Comm: syz.6.1015 Tainted: G L syzkaller #0 PREEMPT(full) [ 460.530476][ T9932] Tainted: [L]=SOFTLOCKUP [ 460.530483][ T9932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 460.530495][ T9932] Call Trace: [ 460.530503][ T9932] [ 460.530511][ T9932] dump_stack_lvl+0xe8/0x150 [ 460.530549][ T9932] __f2fs_is_valid_blkaddr+0xe52/0x14f0 [ 460.530580][ T9932] ? __pfx_f2fs_need_inode_block_update+0x10/0x10 [ 460.530611][ T9932] sanity_check_extent_cache+0x1a3/0x620 [ 460.530644][ T9932] ? f2fs_sanity_check_inline_data+0x75/0x780 [ 460.530667][ T9932] ? set_nlink+0x5f/0x170 [ 460.530691][ T9932] f2fs_iget+0x4013/0x5f30 [ 460.530743][ T9932] f2fs_lookup+0x3ff/0x9c0 [ 460.530766][ T9932] ? make_vfsuid+0x49/0xa0 [ 460.530787][ T9932] ? generic_permission+0x2e4/0x690 [ 460.530811][ T9932] ? __pfx_f2fs_lookup+0x10/0x10 [ 460.530842][ T9932] ? security_inode_permission+0xb7/0x2e0 [ 460.530867][ T9932] ? may_o_create+0x2d2/0x370 [ 460.530885][ T9932] ? bpf_lsm_inode_create+0x9/0x20 [ 460.530915][ T9932] path_openat+0x11ac/0x3860 [ 460.530948][ T9932] ? __pfx_stack_trace_save+0x10/0x10 [ 460.530989][ T9932] ? __pfx_path_openat+0x10/0x10 [ 460.531005][ T9932] ? __x64_sys_creat+0x8f/0xc0 [ 460.531050][ T9932] do_file_open+0x23e/0x4a0 [ 460.531074][ T9932] ? __pfx_do_file_open+0x10/0x10 [ 460.531122][ T9932] ? _raw_spin_unlock+0x28/0x50 [ 460.531142][ T9932] ? alloc_fd+0x64b/0x6c0 [ 460.531176][ T9932] do_sys_openat2+0x113/0x200 [ 460.531199][ T9932] ? __se_sys_futex+0x3a8/0x450 [ 460.531217][ T9932] ? __pfx_do_sys_openat2+0x10/0x10 [ 460.531243][ T9932] ? __pfx___se_sys_futex+0x10/0x10 [ 460.531270][ T9932] ? rcu_is_watching+0x15/0xb0 [ 460.531287][ T9932] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.531306][ T9932] __x64_sys_creat+0x8f/0xc0 [ 460.531331][ T9932] do_syscall_64+0x15f/0xf80 [ 460.531352][ T9932] ? trace_irq_disable+0x3b/0x140 [ 460.531376][ T9932] ? clear_bhb_loop+0x40/0x90 [ 460.531399][ T9932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.531419][ T9932] RIP: 0033:0x7f7d3659c799 [ 460.531438][ T9932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 460.531454][ T9932] RSP: 002b:00007f7d3747f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 460.531474][ T9932] RAX: ffffffffffffffda RBX: 00007f7d36815fa0 RCX: 00007f7d3659c799 [ 460.531488][ T9932] RDX: 0000000000000000 RSI: 0000000000000108 RDI: 0000200000000280 [ 460.531500][ T9932] RBP: 00007f7d36632c99 R08: 0000000000000000 R09: 0000000000000000 [ 460.531512][ T9932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 460.531523][ T9932] R13: 00007f7d36816038 R14: 00007f7d36815fa0 R15: 00007ffd78ab5588 [ 460.531550][ T9932] [ 460.805062][ T9955] loop1: detected capacity change from 0 to 64 [ 460.806313][ T9932] F2FS-fs (loop6): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 460.866034][ T9955] hfs: request for non-existent node -252 in B*Tree [ 460.872688][ T9955] hfs: request for non-existent node -252 in B*Tree [ 460.909505][ T9909] BTRFS info (device loop4): deleted orphan free space tree entries [ 460.917991][ T9909] BTRFS info (device loop4): checking UUID tree [ 460.924599][ T9909] BTRFS error (device loop4): failed to check the UUID tree: -4 [ 460.999589][ T9904] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.086589][ T9909] BTRFS error (device loop4): open_ctree failed: -4 [ 461.177777][ T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 461.321682][ T24] usb 4-1: USB disconnect, device number 14 [ 461.400333][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 461.411272][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 461.440009][ T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 461.469529][ T9] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 461.489743][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.507118][ T9] usb 2-1: Product: syz [ 461.518171][ T9] usb 2-1: Manufacturer: syz [ 461.533117][ T9] usb 2-1: SerialNumber: syz [ 461.581105][ T9] usb 2-1: config 0 descriptor?? [ 463.195941][ T9981] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 463.256281][ T9979] trusted_key: syz.5.1026 sent an empty control message without MSG_MORE. [ 463.616215][ T10] usb 2-1: USB disconnect, device number 14 [ 463.707226][ T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 463.890088][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.920414][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.930266][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 463.949524][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 463.958913][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.970009][ T24] usb 5-1: config 0 descriptor?? [ 464.425624][ T24] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd [ 464.433812][ T24] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 464.441257][ T24] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 464.448980][ T24] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 464.458932][ T24] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 464.467235][ T24] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 464.527706][ T24] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 464.782485][ T24] usb 5-1: USB disconnect, device number 11 [ 465.044918][ T9968] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 465.270904][T10021] warning: `syz.5.1038' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 465.290110][T10019] loop3: detected capacity change from 0 to 512 [ 465.324766][T10019] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 465.379695][T10019] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.1041: bad orphan inode 131083 [ 465.453623][T10019] loop3: lost filesystem error report for type 5 error -117 [ 465.463415][T10019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 465.850137][ T10] usb 7-1: new low-speed USB device number 2 using dummy_hcd [ 466.006680][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 466.064676][ T10] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 466.089635][ T10] usb 7-1: config 0 has no interface number 0 [ 466.121176][ T10] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 466.334651][ T10] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 466.349599][ T10] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 466.361573][T10059] loop1: detected capacity change from 0 to 64 [ 466.381574][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.392542][T10059] hfs: request for non-existent node -252 in B*Tree [ 466.399197][T10059] hfs: request for non-existent node -252 in B*Tree [ 466.501023][ T10] usb 7-1: config 0 descriptor?? [ 466.527491][T10028] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 466.571257][T10038] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 466.576845][ T10] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 466.781718][ T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 467.031847][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 467.083555][ T5939] usb 7-1: USB disconnect, device number 2 [ 467.083631][ C0] iowarrior 7-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 467.116582][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 467.170644][ T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 467.243186][ T9] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 467.314277][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.345040][ T9] usb 2-1: Product: syz [ 467.365258][ T9] usb 2-1: Manufacturer: syz [ 467.375489][ T30] audit: type=1326 audit(1774553891.284:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10073 comm="syz.3.1054" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f26a5b9c799 code=0x0 [ 467.376059][ T9] usb 2-1: SerialNumber: syz [ 467.446520][ T9] usb 2-1: config 0 descriptor?? [ 467.720766][ T808] usb 2-1: USB disconnect, device number 15 [ 467.762577][T10095] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1058'. [ 469.509249][ T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 469.680178][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 469.696991][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 469.823565][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 469.856089][ T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 469.888462][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 469.924506][ T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 469.962460][ T10] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 469.989734][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.025203][ T10] usb 7-1: config 0 descriptor?? [ 470.067136][T10144] loop4: detected capacity change from 0 to 131072 [ 470.096142][T10144] F2FS-fs (loop4): Test dummy encryption mode enabled [ 470.107452][T10144] F2FS-fs (loop4): invalid crc value [ 470.256766][T10144] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 470.278506][T10144] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 470.366395][T10144] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 470.413800][ T5852] Bluetooth: hci4: urb ffff8880671fe600 submission failed (90) [ 470.420423][ T30] audit: type=1800 audit(1774553894.110:45): pid=10144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1069" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 470.477812][T10170] loop3: detected capacity change from 0 to 512 [ 470.512347][ T10] usb 7-1: USB disconnect, device number 3 [ 470.539923][T10170] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 470.606982][T10170] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.1071: iget: bad i_size value: 38620345925642 [ 470.669266][T10170] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 470.669959][T10170] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1071: couldn't read orphan inode 15 (err -117) [ 470.679207][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 470.679232][ C0] EXT4-fs (loop3): initial error at time 1774553894: ext4_orphan_get:1391: inode 15 [ 470.679266][ C0] EXT4-fs (loop3): last error at time 1774553894: ext4_orphan_get:1391: inode 15 [ 470.754327][T10170] loop3: lost filesystem error report for type 5 error -117 [ 470.793678][T10170] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 471.050802][T10187] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.1071: bg 0: block 5: invalid block bitmap [ 471.145129][T10187] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 28 with error 28 [ 471.192134][T10187] EXT4-fs (loop3): This should not happen!! Data will be lost [ 471.192134][T10187] [ 471.222358][T10187] EXT4-fs (loop3): Total free blocks count 0 [ 471.246847][T10187] EXT4-fs (loop3): Free/Dirty block details [ 471.252864][T10193] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 471.284943][T10187] EXT4-fs (loop3): free_blocks=0 [ 471.296252][T10187] EXT4-fs (loop3): dirty_blocks=32 [ 471.307670][T10187] EXT4-fs (loop3): Block reservation details [ 471.320647][T10187] EXT4-fs (loop3): i_reserved_data_blocks=32 [ 471.511503][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.131580][T10211] syz_tun: entered allmulticast mode [ 472.404345][T10218] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 472.422593][T10218] loop3: detected capacity change from 0 to 512 [ 472.436878][T10218] EXT4-fs (loop3): Test dummy encryption mode enabled [ 472.444292][T10218] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 472.460189][T10218] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.1087: bad orphan inode 131083 [ 472.470653][T10218] loop3: lost filesystem error report for type 5 error -117 [ 472.472081][T10218] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 472.572124][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 473.699934][T10216] loop6: detected capacity change from 0 to 32768 [ 473.764184][T10216] ocfs2: Slot 0 on device (7,6) was already allocated to this node! [ 473.793113][T10238] fuse: Bad value for 'fd' [ 473.845962][T10216] JBD2: Ignoring recovery information on journal [ 473.969155][T10216] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 474.113467][T10248] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1094'. [ 474.328297][T10250] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.336003][T10250] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.835637][T10250] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 474.864311][T10250] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 475.094347][ T9545] ocfs2: Unmounting device (7,6) on (node local) [ 475.413181][T10250] macvtap1: left promiscuous mode [ 475.513969][ T5852] Bluetooth: hci2: ACL packet for unknown connection handle 205 [ 475.640871][T10264] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 475.647423][T10264] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 475.657558][T10264] vhci_hcd vhci_hcd.0: Device attached [ 475.963764][ T9] usb 41-1: new low-speed USB device number 4 using vhci_hcd [ 475.969326][T10252] bridge1: entered promiscuous mode [ 476.000985][T10266] vhci_hcd: connection reset by peer [ 476.010878][ T6063] vhci_hcd vhci_hcd.4: stop threads [ 476.016239][ T6063] vhci_hcd vhci_hcd.4: release socket [ 476.033723][ T6063] vhci_hcd vhci_hcd.4: disconnect device [ 476.048363][T10252] bridge1: port 1(macvtap1) entered blocking state [ 476.057765][T10252] bridge1: port 1(macvtap1) entered disabled state [ 476.065212][T10252] macvtap1: entered allmulticast mode [ 476.071084][T10252] bridge1: entered allmulticast mode [ 476.079131][T10252] macvtap1: left allmulticast mode [ 476.086733][T10252] bridge1: left allmulticast mode [ 476.107103][T10270] xt_hashlimit: size too large, truncated to 1048576 [ 476.126787][T10252] bridge1: left promiscuous mode [ 476.214446][T10274] loop3: detected capacity change from 0 to 512 [ 476.257893][T10274] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 476.290026][T10274] ext4 filesystem being mounted at /216/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 476.325799][ T1231] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.346936][ T1231] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.393944][ T1231] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.440951][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.458916][ T1231] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.691992][T10303] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1108'. [ 477.920043][ T10] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 478.156380][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 478.171341][ T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 478.207262][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 478.248964][ T10] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 478.277363][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 478.314792][ T10] usb 4-1: Product: syz [ 478.325378][ T10] usb 4-1: Manufacturer: syz [ 478.341355][ T10] usb 4-1: SerialNumber: syz [ 478.348275][T10312] fuse: Bad value for 'fd' [ 478.358195][ T10] usb 4-1: config 0 descriptor?? [ 478.385577][ T10] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 478.422493][ T10] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 478.924372][ T30] audit: type=1326 audit(1774553902.102:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10325 comm="syz.5.1117" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7015f9c799 code=0x0 [ 479.061027][ T10] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 479.072514][T10334] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1120'. [ 479.087041][ T10] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 479.116988][T10334] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1120'. [ 479.978150][ T10] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 480.034333][ T10] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 480.073322][ T10] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 480.091255][ T10] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 480.106957][ T10] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 480.117140][ T10] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 480.122168][T10356] overlayfs: failed to clone upperpath [ 480.135125][ T10] usb 4-1: USB disconnect, device number 15 [ 480.303586][ T29] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 480.312791][ T5939] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 480.484447][ T29] usb 2-1: Using ep0 maxpacket: 16 [ 480.485475][ T5939] usb 7-1: config 0 has no interfaces? [ 480.497074][ T29] usb 2-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 480.512333][ T5939] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 480.520282][ T29] usb 2-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 480.538382][ T5939] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.560056][ T29] usb 2-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 480.592694][ T29] usb 2-1: config 1 interface 0 has no altsetting 0 [ 480.610667][ T29] usb 2-1: New USB device found, idVendor=0521, idProduct=b1a8, bcdDevice= 0.40 [ 480.615700][ T5939] usb 7-1: config 0 descriptor?? [ 480.629148][ T29] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.647034][ T29] usb 2-1: Product: syz [ 480.668830][ T29] usb 2-1: Manufacturer: syz [ 480.680013][ T29] usb 2-1: SerialNumber: syz [ 480.949103][ T29] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 255 proto 1 vid 0x0521 pid 0xB1A8 [ 481.209468][ T5939] usb 7-1: USB disconnect, device number 4 [ 481.782562][ T24] usb 2-1: USB disconnect, device number 16 [ 481.840991][ T9] vhci_hcd vhci_hcd.4: vhci_device speed not set [ 482.046599][T10353] usblp0: removed [ 482.211207][T10376] #! ./file0 [ 483.076503][T10388] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1137'. [ 483.309356][T10393] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 483.546926][T10404] loop6: detected capacity change from 0 to 128 [ 483.593107][T10404] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 483.618992][T10404] hpfs: filesystem error: improperly stopped [ 483.644601][T10404] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 483.694005][T10404] hpfs: You really don't want any checks? You are crazy... [ 483.727476][T10404] hpfs: Code page index out of array [ 483.756655][T10404] hpfs: code page support is disabled [ 483.778453][T10404] hpfs: hpfs_map_4sectors(): unaligned read [ 483.797047][T10404] hpfs: hpfs_map_4sectors(): unaligned read [ 483.802288][T10406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 483.813915][T10404] hpfs: filesystem error: unable to find root dir [ 483.895849][T10406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 483.999659][T10411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 485.106603][T10435] bridge0: port 2(bridge_slave_1) entered disabled state [ 485.117200][T10435] bridge0: port 1(bridge_slave_0) entered disabled state [ 485.522537][T10443] loop6: detected capacity change from 0 to 32768 [ 485.538310][T10443] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1156 (10443) [ 485.562951][T10443] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 485.574387][T10443] BTRFS info (device loop6): using crc32c checksum algorithm [ 485.707608][T10443] BTRFS info (device loop6): setting nodatasum [ 485.713869][T10443] BTRFS info (device loop6): setting nodatacow [ 485.720544][T10443] BTRFS info (device loop6): turning on async discard [ 485.727321][T10443] BTRFS info (device loop6): enabling free space tree [ 485.734230][T10443] BTRFS info (device loop6): enabling auto defrag [ 485.740670][T10443] BTRFS info (device loop6): max_inline set to 0 [ 485.864651][T10471] fuse: Bad value for 'fd' [ 485.987074][T10466] loop4: detected capacity change from 0 to 32768 [ 485.994518][T10466] btrfs: Deprecated parameter 'usebackuproot' [ 486.000738][T10466] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 486.010804][T10466] BTRFS info: device /dev/loop4 (7:4) using temp-fsid d329eb66-6fe5-4a66-ae0b-0528cfbcf000 [ 486.021803][T10466] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1160 (10466) [ 486.151806][T10476] BTRFS info (device loop6 state M): max_inline set to 0 [ 486.321088][T10466] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 486.331502][T10466] BTRFS info (device loop4): using crc32c checksum algorithm [ 486.478283][ T6826] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 486.516022][ T9545] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 486.530133][T10466] BTRFS error (device loop4): failed to load root extent [ 486.537309][T10466] BTRFS warning (device loop4): try to load backup roots slot 1 [ 486.545551][ T6826] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 486.658208][T10466] BTRFS warning (device loop4): couldn't read tree root [ 486.670280][T10466] BTRFS warning (device loop4): try to load backup roots slot 2 [ 486.685338][ T36] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 486.722321][T10466] BTRFS warning (device loop4): couldn't read tree root [ 486.734175][T10466] BTRFS warning (device loop4): try to load backup roots slot 3 [ 486.862378][T10466] BTRFS info (device loop4): rebuilding free space tree [ 487.445627][T10466] BTRFS info (device loop4): checking UUID tree [ 487.462372][T10466] BTRFS info (device loop4): enabling ssd optimizations [ 487.469465][T10466] BTRFS info (device loop4): turning on async discard [ 487.476252][T10466] BTRFS info (device loop4): enabling free space tree [ 487.483073][T10466] BTRFS info (device loop4): force clearing of disk cache [ 487.490162][T10466] BTRFS info (device loop4): enabling auto defrag [ 487.496592][T10466] BTRFS info (device loop4): trying to use backup root at mount time [ 487.504715][T10466] BTRFS info (device loop4): use zstd compression, level 3 [ 487.671391][T10514] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 487.789600][T10516] A link change request failed with some changes committed already. Interface ip6gre0 may have been left with an inconsistent configuration, please check. [ 487.894783][T10517] sch_tbf: burst 6281 is lower than device lo mtu (65550) ! [ 488.288857][ T5841] BTRFS info (device loop4): last unmount of filesystem d329eb66-6fe5-4a66-ae0b-0528cfbcf000 [ 488.454711][T10523] loop5: detected capacity change from 0 to 7 [ 488.510672][T10523] Dev loop5: unable to read RDB block 7 [ 488.545996][T10523] loop5: unable to read partition table [ 488.581651][T10523] loop5: partition table beyond EOD, truncated [ 488.614265][T10523] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 490.572485][T10557] loop1: detected capacity change from 0 to 64 [ 490.587707][T10557] hfs: request for non-existent node -252 in B*Tree [ 490.594476][T10557] hfs: request for non-existent node -252 in B*Tree [ 491.105723][ T24] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 491.885099][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 491.932972][ T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 491.979912][ T24] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 491.995418][ T24] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 492.007688][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.016271][ T24] usb 2-1: Product: syz [ 492.020553][ T24] usb 2-1: Manufacturer: syz [ 492.025590][ T24] usb 2-1: SerialNumber: syz [ 492.044184][ T24] usb 2-1: config 0 descriptor?? [ 492.278081][ T5939] usb 2-1: USB disconnect, device number 17 [ 492.402999][T10578] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1192'. [ 492.478346][T10578] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1192'. [ 495.190434][T10596] fuse: Bad value for 'fd' [ 495.499029][T10614] loop1: detected capacity change from 0 to 64 [ 495.513240][T10614] hfs: request for non-existent node -252 in B*Tree [ 495.519998][T10614] hfs: request for non-existent node -252 in B*Tree [ 495.767087][ T5939] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 495.787627][ T24] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 495.968071][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 495.985551][ T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 496.547109][ T24] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 496.591231][ T24] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 496.609018][ T5939] usb 7-1: Using ep0 maxpacket: 8 [ 496.626290][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.639475][ T5939] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 496.758630][ T5939] usb 7-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 496.778257][ T24] usb 2-1: Product: syz [ 496.791406][ T5939] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.810942][ T24] usb 2-1: Manufacturer: syz [ 496.829434][ T5939] usb 7-1: config 0 descriptor?? [ 496.877279][ T24] usb 2-1: SerialNumber: syz [ 496.938827][ T5939] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 496.977465][ T24] usb 2-1: config 0 descriptor?? [ 497.073939][T10601] misc userio: The device must be registered before sending interrupts [ 497.142000][ T5939] gspca_vc032x: reg_r err -71 [ 497.171875][ T5939] vc032x 7-1:0.0: probe with driver vc032x failed with error -71 [ 497.219279][ T5939] usb 7-1: USB disconnect, device number 5 [ 497.244523][ T10] usb 2-1: USB disconnect, device number 18 [ 499.476741][T10653] loop3: detected capacity change from 0 to 4096 [ 499.506696][T10655] loop4: detected capacity change from 0 to 16 [ 499.564984][T10655] erofs (device loop4): mounted with root inode @ nid 36. [ 499.611364][T10659] overlayfs: failed to clone upperpath [ 499.682123][T10653] NILFS error (device loop3): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 499.693302][T10661] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 499.862675][T10662] erofs (device loop4): bogus lookback distance 1 @ lcn 0 of nid 89 [ 499.871338][T10662] erofs (device loop4): readahead error at folio 0 @ nid 89 [ 499.888305][T10662] syz.4.1220: attempt to access beyond end of device [ 499.888305][T10662] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 500.046992][T10662] erofs (device loop4): bogus lookback distance 1 @ lcn 0 of nid 89 [ 500.072123][T10662] erofs (device loop4): read error -117 @ 0 of nid 89 [ 500.225176][ T30] audit: type=1800 audit(1774553921.912:47): pid=10662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1220" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 500.653957][T10653] NILFS (loop3): mounting fs with errors [ 500.744612][T10653] netlink: 'syz.3.1218': attribute type 12 has an invalid length. [ 503.908737][T10693] syzkaller0: entered promiscuous mode [ 503.944875][T10693] syzkaller0: entered allmulticast mode [ 504.372667][T10707] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1236'. [ 508.074872][T10749] syzkaller0: entered promiscuous mode [ 508.081156][T10749] syzkaller0: entered allmulticast mode [ 509.170544][T10760] ------------[ cut here ]------------ [ 509.176058][T10760] workqueue: cannot queue hci_rx_work on wq hci0 [ 509.182437][T10760] WARNING: kernel/workqueue.c:2274 at __queue_work+0xd1f/0xfc0, CPU#1: syz.6.1249/10760 [ 509.192269][T10760] Modules linked in: [ 509.196268][T10760] CPU: 1 UID: 0 PID: 10760 Comm: syz.6.1249 Tainted: G L syzkaller #0 PREEMPT(full) [ 509.207216][T10760] Tainted: [L]=SOFTLOCKUP [ 509.211543][T10760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 509.221619][T10760] RIP: 0010:__queue_work+0xd4a/0xfc0 [ 509.226933][T10760] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 f7 9a a1 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc [ 509.246655][T10760] RSP: 0018:ffffc90006ebfb20 EFLAGS: 00010082 [ 509.252737][T10760] RAX: 1ffff1100b295178 RBX: 0000000000000008 RCX: 0000000000080000 [ 509.260726][T10760] RDX: ffff88802cd00970 RSI: ffffffff8aa23370 RDI: ffffffff90157450 [ 509.268723][T10760] RBP: 0000000000000000 R08: ffff8880594a8baf R09: 1ffff1100b295175 [ 509.276717][T10760] R10: dffffc0000000000 R11: ffffed100b295176 R12: dffffc0000000000 [ 509.284794][T10760] R13: ffff8880594a8bc0 R14: ffffffff90157450 R15: ffff88802cd00970 [ 509.292777][T10760] FS: 00007f7d3743d6c0(0000) GS:ffff888125542000(0000) knlGS:0000000000000000 [ 509.301695][T10760] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 509.308262][T10760] CR2: 00007f7d3743cff8 CR3: 000000002586a000 CR4: 00000000003526f0 [ 509.316219][T10760] Call Trace: [ 509.319480][T10760] [ 509.322393][T10760] ? ktime_get_with_offset+0x93/0x2d0 [ 509.327757][T10760] ? rcu_is_watching+0x15/0xb0 [ 509.332564][T10760] queue_work_on+0x106/0x1d0 [ 509.337155][T10760] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 509.342955][T10760] hci_recv_frame+0x625/0x7c0 [ 509.347616][T10760] ? skb_pull+0xc1/0x1d0 [ 509.351878][T10760] vhci_write+0x358/0x4a0 [ 509.356193][T10760] vfs_write+0x61d/0xb90 [ 509.360426][T10760] ? __pfx_vfs_write+0x10/0x10 [ 509.365176][T10760] ? __fget_files+0x2a/0x420 [ 509.369877][T10760] ksys_write+0x150/0x270 [ 509.374302][T10760] ? __pfx_ksys_write+0x10/0x10 [ 509.379143][T10760] ? __pfx_kcov_ioctl+0x10/0x10 [ 509.383981][T10760] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.390028][T10760] do_syscall_64+0x15f/0xf80 [ 509.394598][T10760] ? trace_irq_disable+0x3b/0x140 [ 509.399615][T10760] ? clear_bhb_loop+0x40/0x90 [ 509.404272][T10760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.410147][T10760] RIP: 0033:0x7f7d3655cfce [ 509.414646][T10760] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 509.434234][T10760] RSP: 002b:00007f7d3743cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 509.442654][T10760] RAX: ffffffffffffffda RBX: 00007f7d3743d6c0 RCX: 00007f7d3655cfce [ 509.450611][T10760] RDX: 0000000000000007 RSI: 00002000000000c0 RDI: 00000000000000ca [ 509.458562][T10760] RBP: 00007f7d36632c99 R08: 0000000000000000 R09: 0000000000000000 [ 509.466514][T10760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 509.474566][T10760] R13: 00007f7d36816218 R14: 00007f7d36816180 R15: 00007ffd78ab5588 [ 509.482539][T10760] [ 509.485565][T10760] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 509.492843][T10760] CPU: 1 UID: 0 PID: 10760 Comm: syz.6.1249 Tainted: G L syzkaller #0 PREEMPT(full) [ 509.503771][T10760] Tainted: [L]=SOFTLOCKUP [ 509.508089][T10760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 509.518146][T10760] Call Trace: [ 509.521410][T10760] [ 509.524320][T10760] vpanic+0x56c/0xa60 [ 509.528296][T10760] ? __pfx__printk+0x10/0x10 [ 509.532882][T10760] ? __pfx_vpanic+0x10/0x10 [ 509.537370][T10760] ? is_bpf_text_address+0x292/0x2b0 [ 509.542642][T10760] ? is_bpf_text_address+0x26/0x2b0 [ 509.547829][T10760] panic+0xc5/0xd0 [ 509.551534][T10760] ? __pfx_panic+0x10/0x10 [ 509.555944][T10760] __warn+0x315/0x4c0 [ 509.559909][T10760] ? __queue_work+0xd1f/0xfc0 [ 509.564581][T10760] ? __queue_work+0xd1f/0xfc0 [ 509.569276][T10760] __report_bug+0x29a/0x540 [ 509.573773][T10760] ? __queue_work+0xd1f/0xfc0 [ 509.578449][T10760] ? __pfx___report_bug+0x10/0x10 [ 509.583538][T10760] ? __pfx_hci_rx_work+0x10/0x10 [ 509.588457][T10760] ? do_syscall_64+0x15f/0xf80 [ 509.593206][T10760] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.599259][T10760] ? __lock_acquire+0x6b5/0x2cf0 [ 509.604283][T10760] report_bug_entry+0x19a/0x290 [ 509.609119][T10760] ? __queue_work+0xd4a/0xfc0 [ 509.613800][T10760] ? __queue_work+0xd4f/0xfc0 [ 509.618466][T10760] handle_bug+0xce/0x200 [ 509.622689][T10760] exc_invalid_op+0x1a/0x50 [ 509.627172][T10760] asm_exc_invalid_op+0x1a/0x20 [ 509.632004][T10760] RIP: 0010:__queue_work+0xd4a/0xfc0 [ 509.637264][T10760] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 f7 9a a1 00 49 8b 75 00 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc [ 509.656864][T10760] RSP: 0018:ffffc90006ebfb20 EFLAGS: 00010082 [ 509.662957][T10760] RAX: 1ffff1100b295178 RBX: 0000000000000008 RCX: 0000000000080000 [ 509.670906][T10760] RDX: ffff88802cd00970 RSI: ffffffff8aa23370 RDI: ffffffff90157450 [ 509.678856][T10760] RBP: 0000000000000000 R08: ffff8880594a8baf R09: 1ffff1100b295175 [ 509.686810][T10760] R10: dffffc0000000000 R11: ffffed100b295176 R12: dffffc0000000000 [ 509.694864][T10760] R13: ffff8880594a8bc0 R14: ffffffff90157450 R15: ffff88802cd00970 [ 509.702840][T10760] ? __pfx_hci_rx_work+0x10/0x10 [ 509.707780][T10760] ? ktime_get_with_offset+0x93/0x2d0 [ 509.713144][T10760] ? rcu_is_watching+0x15/0xb0 [ 509.717893][T10760] queue_work_on+0x106/0x1d0 [ 509.722548][T10760] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 509.728336][T10760] hci_recv_frame+0x625/0x7c0 [ 509.732989][T10760] ? skb_pull+0xc1/0x1d0 [ 509.737239][T10760] vhci_write+0x358/0x4a0 [ 509.741556][T10760] vfs_write+0x61d/0xb90 [ 509.745780][T10760] ? __pfx_vfs_write+0x10/0x10 [ 509.750538][T10760] ? __fget_files+0x2a/0x420 [ 509.755116][T10760] ksys_write+0x150/0x270 [ 509.759428][T10760] ? __pfx_ksys_write+0x10/0x10 [ 509.764345][T10760] ? __pfx_kcov_ioctl+0x10/0x10 [ 509.769178][T10760] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.775220][T10760] do_syscall_64+0x15f/0xf80 [ 509.779792][T10760] ? trace_irq_disable+0x3b/0x140 [ 509.784806][T10760] ? clear_bhb_loop+0x40/0x90 [ 509.789469][T10760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.795348][T10760] RIP: 0033:0x7f7d3655cfce [ 509.799743][T10760] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 509.819346][T10760] RSP: 002b:00007f7d3743cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 509.827845][T10760] RAX: ffffffffffffffda RBX: 00007f7d3743d6c0 RCX: 00007f7d3655cfce [ 509.835795][T10760] RDX: 0000000000000007 RSI: 00002000000000c0 RDI: 00000000000000ca [ 509.843834][T10760] RBP: 00007f7d36632c99 R08: 0000000000000000 R09: 0000000000000000 [ 509.851874][T10760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 509.859855][T10760] R13: 00007f7d36816218 R14: 00007f7d36816180 R15: 00007ffd78ab5588 [ 509.867853][T10760] [ 509.871345][T10760] Kernel Offset: disabled [ 509.875665][T10760] Rebooting in 86400 seconds..