last executing test programs: 7m22.873007236s ago: executing program 0 (id=228): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, r0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fanotify_mark(r2, 0x221, 0x4800003e, r1, 0x0) 7m19.725650077s ago: executing program 0 (id=233): r0 = socket$inet_sctp(0x2, 0x5, 0x84) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x61c28}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x3f01) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 7m18.245774802s ago: executing program 0 (id=240): ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000180)=0x4) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32=r2, @ANYBLOB="60005080110001004abee339084eeef16f162471f40000000800030001ac0f00050002"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0) 7m16.855496407s ago: executing program 0 (id=247): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000240)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1a8584c, 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00') 7m15.590380723s ago: executing program 0 (id=254): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r0, &(0x7f0000000280)={&(0x7f0000000040), 0x10, 0x0}, 0x0) sendmsg$tipc(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x0, 0x0, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x20000080) 7m4.7290826s ago: executing program 0 (id=282): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x0, @private2={0xfc, 0x2, '\x00', 0xff}}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 7m2.432581076s ago: executing program 32 (id=282): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x0, @private2={0xfc, 0x2, '\x00', 0xff}}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 6m13.354966772s ago: executing program 1 (id=471): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x2c, &(0x7f00000003c0)=[@in6={0xa, 0x4e24, 0x0, @private1}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}}, 0x90) 6m12.637515915s ago: executing program 1 (id=474): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0xe) setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) bind$l2tp(r1, &(0x7f0000000080)={0x2, 0x0, @broadcast, 0x2}, 0x10) 6m11.960194958s ago: executing program 1 (id=476): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") lsetxattr$trusted_overlay_nlink(&(0x7f0000000240)='./file1\x00', &(0x7f00000002c0), 0x0, 0x0, 0x1) listxattr(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchown(r0, 0x0, 0xee01) 6m10.805285745s ago: executing program 1 (id=481): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@barrier_val={'barrier', 0x3d, 0x101}}, {@errors_remount}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") mkdir(&(0x7f0000000040)='./bus\x00', 0x10b) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) chdir(&(0x7f0000000140)='./file0\x00') lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100), &(0x7f00000001c0)=ANY=[], 0x28, 0x0) openat(0xffffffffffffff9c, 0x0, 0x441, 0x14a) 6m8.937148904s ago: executing program 1 (id=486): r0 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@rand_addr=0x64010101, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x3f}, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 6m7.945325967s ago: executing program 1 (id=490): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map=0x1, r1, 0x2f, 0x0, 0xffffffffffffffff, @void, @value=0x0}, 0x20) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@fallback, 0xffffffffffffffff, 0x7}, 0x20) 6m5.870664373s ago: executing program 33 (id=490): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map=0x1, r1, 0x2f, 0x0, 0xffffffffffffffff, @void, @value=0x0}, 0x20) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@fallback, 0xffffffffffffffff, 0x7}, 0x20) 4.814344034s ago: executing program 3 (id=2136): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000340)=[{&(0x7f00000002c0)='/', 0x1}], 0x1, 0x0, 0x0, 0x40}, 0x0) accept4(r0, 0x0, 0x0, 0x0) 3.890690844s ago: executing program 2 (id=2140): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01005ee1fadefcdbdf250100000008000100", @ANYRES32=r3, @ANYBLOB="3c00028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004"], 0x58}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840) 3.777508381s ago: executing program 6 (id=2141): unshare(0x6020400) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x4d, 0xffffffffffffffff, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe) connect$vsock_stream(r0, &(0x7f0000000280)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r0, 0x1) 3.564325752s ago: executing program 3 (id=2142): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20) readahead(r0, 0x8, 0x7f) 3.453038402s ago: executing program 4 (id=2143): r0 = socket$inet6(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000c80)={'batadv_slave_0\x00', 0x0}) r2 = dup(r0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd2c, 0x25dfdbfd, {0x2, 0x20, 0x0, 0x0, r1}, [@IFA_BROADCAST={0x8, 0x4, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IFA_LOCAL={0x8, 0x2, @rand_addr=0x64010301}, @IFA_FLAGS={0x8, 0x8, 0xa0}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x4}, @IFA_ADDRESS={0x8, 0x1, @loopback}, @IFA_RT_PRIORITY={0x8, 0x9, 0x103}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000050}, 0x200000c4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 3.189371642s ago: executing program 2 (id=2145): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="110114008cdc18"], 0xdd12}], 0x1, 0x0, 0x0, 0x8050}, 0x20040051) 3.144271541s ago: executing program 6 (id=2146): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'wp512\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0) r2 = memfd_create(&(0x7f0000000000)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x06\x00\x00\x00\x97A\xc2\xd8\xf0Uq!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19\xe5\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\x16\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xf1k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9k\x83\xfc\xa4\xad4\x03\xa2X\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xdfY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96?\x00\x00\x00\x00\x00\x00\x00\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKl\xcc\xa4:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcb\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93>m\xd7q\'\xdf\xfajo\xd8n\xa7\xecJi\xde\xdf\x7f\xe3\xc4*Z 4\xe8S$\xa1H=\xdf\x05\xf3\xc3T\xd1\xdd\xc6f\xa4\xb4\x96\\\xa0\xf9\x0f\x17\x11{\xb6\x9d\xd21\xc1\x90Vj\x13r\x00\x00\xde\x03\xab\xff\x8as0\xc6E\xca\"\xd9*\x9a\x15\xb95r\x8f\xaaj\x82\xd6\xd2%\xed\xa2WQ\xec2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xccX\xfdRB\xffU\xe9\xfa\x1f\xf6\xce\b\xde@\x061\xc6z\xe4\xe0\xc9?\xa7\x94>\x9c\xd1\xa5o\x04\xaaim\xae\xfe\xc7f\xa3\x96\xd7\xb4c)r{\r#\xddI&\n\xf2\xec\xd4\xff\x9f\x136zZ-2\x80\xfbH+\x9b8\xf3\xed\xdf\xa2my\xb28c[\xc3\xfe\xb5M\x84\x97\xa5\'s\xe9\xdc=)I\xabLt2\x9c\v\xd9S', 0x6) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) 3.041504741s ago: executing program 3 (id=2147): r0 = socket$unix(0x1, 0x1, 0x0) r1 = syz_io_uring_setup(0x114, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000300)=0xfefffffc, 0x0, 0x4) unshare(0x20000400) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x48, 0x0, r0, 0x0, 0x0}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 2.809704207s ago: executing program 5 (id=2148): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050affffffff000000000000020000000c00024000000000000000010900010073797a30"], 0x54}}, 0x0) 2.751996255s ago: executing program 4 (id=2149): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2, 0x0, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {}, 0x2, 0x4}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r2, 0x8004745a, &(0x7f0000005280)) 2.611041176s ago: executing program 2 (id=2150): timer_create(0x0, 0x0, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) rt_sigaction(0x1d, &(0x7f0000000400)={0x0, 0x80000000, 0x0, {[0xfffffffffffffe0f]}}, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x8, &(0x7f0000000900)) 2.416892575s ago: executing program 6 (id=2151): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f00000000c0)='./bus\x00', 0x13) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, 0x0) 2.301500362s ago: executing program 3 (id=2152): r0 = socket(0x200000100000011, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4) sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="34000000020000feffff7f0000000000d96e6c8d5e85080045f0"], 0x34}], 0x1}, 0x0) 2.243768863s ago: executing program 4 (id=2153): set_mempolicy(0x4005, &(0x7f0000000080)=0x4, 0x8) madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x12) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0) mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x2, 0x0) mprotect(&(0x7f0000a15000/0x1000)=nil, 0x1000, 0x5) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) 2.201616975s ago: executing program 5 (id=2154): unshare(0x2a020480) r0 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff) pipe2$watch_queue(&(0x7f0000000240)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0) pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0x9f) 2.03360898s ago: executing program 2 (id=2155): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./file1\x00') mount$9p_virtio(0x0, &(0x7f00000003c0)='./file1\x00', 0x0, 0x202020, 0x0) 1.795844442s ago: executing program 6 (id=2156): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in6={{0xa, 0x3, 0x4, @mcast1, 0x7}}}, &(0x7f0000000000)=0x84) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x82, &(0x7f0000000000)=@assoc_value, &(0x7f00000001c0)=0x8) 1.716230276s ago: executing program 4 (id=2157): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20) readahead(r0, 0x8, 0x7f) 1.672221006s ago: executing program 3 (id=2158): r0 = gettid() r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r1, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000500)=""/18, 0x12, 0x3, 0x4, 0x0, 0x0, 0xc04}}, 0x120) readv(r1, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 1.617486826s ago: executing program 5 (id=2159): prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000100)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) 1.520419887s ago: executing program 2 (id=2160): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x66032, 0xffffffffffffffff, 0x3fffd000) read(r0, &(0x7f00000002c0)=""/153, 0x99) 1.424422933s ago: executing program 6 (id=2161): listen(0xffffffffffffffff, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x8000000004) setresuid(0x0, 0xee00, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 1.029262875s ago: executing program 5 (id=2162): r0 = creat(&(0x7f0000000140)='./bus\x00', 0x80) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000180)='./bus\x00', 0x0, 0x63d014, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./bus\x00', 0x0, &(0x7f00000021c0)=ANY=[@ANYBLOB="f46b820b44a1130334836fd5f530e99b5da2e31cf3dbe599e2e36e75c22d05a8cabdfb0195db6f1207e734737a1afbad1e92224da86e1af3b60bbd3d14ff69a9cb7e30b5587f2e94cf1764925120e17e57c78a89758a283fb653300950b89eb03d250f34288746c120d6ca10e0af613dfc30fa4b924e509fe450720e39b99221c264232edc96903c69e1128e583728d9995ad18b2fc2645ebf2415af77e1349e6da1849af9e1ed70e1db1465f58e7820ce020b87eeabc6789db3166270cc69d18ea7e361c27b315ffedaf7f62711dcde47b0bc8b5134ee76a7474b42dc9b10f6e4be5ffe28bbc17c4e93e247ad24d711f00c9eb75424bdb3dfe9b88218284a", @ANYBLOB="105164efe2c57346e166dbd92721e616239e39fe2e6d007f72a0f2b826e6ec37f3a83d7a7a3487a3638eca1c7b708387eb64dfd8ad12907b9ef824c9766ad83bcb606e40f276825a419dae9f781dd215fcf267fca43ebe5d307de276929a2fdebf0f7a966bf8bf1cb00fea15d138b066de4dfe76be8ae2b97fc569607c89bf8cddf100c8dd10187f50f9099b5ccbe988b6b73ff68ce03970806b7d8c22699efeea4a438aabe28ca0ea53dad835ac63af85e6220ca11b090e648260b01e91b49685062945853283c307c124e7e810b08d18a960b1ad7729a5c08dc6c23b9bf772e3e36b653a9de5c37ef0112db1ea5f086323940f6a5e9921df5f9efa71dabec94852659c81089fcf4c4c455e6b08702c284a187b0dbd6acfc81811c59447fd9e9a8737fd9034ba143c97f1ba59ac31346f5bc758cc43122598e7a236f9f499fd8d371f0df277b1127718547ad092d97bf42f71294d99509f4dc54ea79f6c89542141947a00d8c12e3225aecc11f03c13fab3eb60304edb2e91733cefbe9cf5ac6773296d88c572172cf9e0640e9a1be2d985601abc941bd5bd65f873442849193e0e366d8a5bf79e02d28c5e0b7931288860d46bc96236bcaa3a0c798973d172e4ae6e68cec2f1d31f4431c2ee1bc1aee118557ae46a82f6d2417ab708aa74d4bbf53ff0ed16593c3318c4ef9bd4f6c9fe13a5d0c4f9c2fa73f6d245cb1e8be4a35d0582804c39ae87d4ed161b40dcc95136fe2b141ebcb631bc19af2ff9b0548eebc64ada0b9862c6f02aeda4dbf8ba29ebbc2673387b0557183302b13e6a9132981789d51ad6f46c450c7a48ea0138b5e25bdcc0d2606a9590419e62fd75e9cc591e53efc1e03206299e76c98683adf35a3fc3e7005734cf25ded5b2fe2730bb382e6594b8f23fbc5c8fb7604123e110474cd67f1940110f50c356cfe7d6e74247c652903eee5d726b057191173d460ca50adaab49b8281ce4481ff83a57f03803f64064897ee6cc9450ddb139daafc0e2252cf3b17b709888a5ae4bada79ea0e2e0328bfde9d3efdbdcd782f2322a8bfaeccbd02786d9a7b0a5e6583ad3e013429d51b2509aac4e4dce08f12ece11cbc56aa79d895a9e30e8850ca8cfd761cf7b7b835d98e1c37756a301bfe086c8fdee9c73c203b059ef8db265899b4edb9d9451f6c459fcfaf66845e4ec1046ceb5c7a781e76f3cb6540b407e5406b4498a1a7fdde560a1acb7daefaca6d32a9e34e4d42c115a90a84b17ef33bdc7241e352b58d0f7a21494cbc0e03881e432978b8391faa8a6de8a275f9289acfa3fb1182f553f4d312cb82963cb93e9a962ca16b47114ece1de3c23c113a4de1a6c5e88a11f0ab36d78eb4dcbb15a0f354d52a42363278f40b7105a08840e7aa7e54223e950aef165c8a76a79edb4486790812401fc9dc6a7d2a638e84f21ffcc0c7039c2687726c8c589ac340fb0608a635c41e8ae67b3e80d44e75ac7577bc3a0b2c0392e39698e5d79e262aa7327697db87924f560ede08eb305f20dacac34b542be3cde89891b3fe472b37c4e397f654def436415f086546ff0c8ae100378f5ea2cba4927cd211dc38b41215bbf30cf057f884694fba117d368d18a1fa65727b889fa2faf37aabc57987505930eb5814e0af151cb0872a76cacffc39176eb75652fa20c66157f9b4ad034d9da74ad32f594740c1611ad9cc2486a022e915e932f23350860d5cc14e466c237dc2b62c75fb9c764070b0ba247112ca063583665098bd389f7e0817f736ce9c0e5509d88f68970bfd0c83276d8f82dcfbd9b1f4ed3c8ea548ddbb50445113d5ae0393c131916439d14c1dff0e26ef45308ebb87b9b5f372812f032cfd9d93738789056736095e56521eae4fef5028810f621cf081e9b5a57815ed7b47d8fe2c9909edf5e413daa07afb110f5e795189ad5880c60788f8c9517668b33a2bcbed0a03fd189c0af9761e6b128bf4dac104dca2b96929f80fb0ca42cdd658f290bd349ff2c1f24a7256ef1b3e803ace44bda8e2f5d911fe35be71525056d9dd5f2e4afa1bdba2a2cd724f4d55135ef5610b22de128f6bd101351f177b25a539d3817a902bbfcc714f8611aba66755ffc55f5f4a34f80fc8b11985ca91f9f6d08f16421488bcef18c1ccd319dbe0ca7d2ff736cdf904fa126dfaf0d02f4eba03cc3c1b967fee964883aff406fbaf2280625e239fba59b9bbb354e508239ca3ead1f4f633d390b1fbfc25fb852a74229e25d46b2207598964ae5935787b28b696ff03c595db2502d1f97f71e28317dec66de03c95cab509703a6212e78769aa11ca4c9fb5feb68a1613df3480074cf1bfd84154c63e08449f9ddd0cb750ea1a2b056847533a94f0cc4765cfa85ba906b8137b87f7eb56ede6186aff70cf3cd75606099140d94ab80624870d89c79745d658403e72896a7e7e576fef216f215c130776c725eb12e764557a74d938e85c2242757bd00297485c243a899c477bd0ed401e804aa259e8aeedddda1cf518c4c6dcb82db0dbdf0fd949982e3b13909dcdbacdae71a1286e31632f5c0bb9eb7340b3ef15217fa2d0d9a909ad40d839e58ea3e010d9bc2055462203d595c2480db6b4d83a79aa24296f248b93f39d21baf13a2439750a86c22060ab65b8afd8a84963faed878ac8519187325d3d42c768f2ac0bf3d056fc466dba0bae20d695908966facb4b4da87c7d98a4fe47bcf4ea95335fca6a2d7401a2f5fffbaaf7404a32bc04da5443cc7ea661bf7bad13938204d4bc7575edcf6ac886835600802db628dfb3621206d0d3a0df75fd663d01b311c362442b9b157577e475db01ad540c1d17e429708f050af7251fbd32af91dafcef77156e9204e1bab30345b82c823a159af9017623b4481e5d5f302a63cee613e517b2498c7e81dd5b98e5835e7285fed8ed9bb1011cf97f668246c7315f1546c22e7f30d13c14205fbab553a83e39baddf32a55d1bbf9166fa7ce679fb9289cdd06ecb326894cfb3c07a57fe4579eeae860f22289f4a9201b617b850759ec74757f815d761100d5317b3958dc6557db40df9bae3a10a7f9b2af13d1cd8a70628e6d2e9edbffa46893842a28cbef9300699e81d1c3a6d8affc3b6866d3bdd7394671aaa589569e6825e3a1feb4f269efe50142302ae74f952aa97aed7a2a4f70657f6950d890e6e7701405f4a33ec19b5328288223efb50354f12d2bebc78f01855f3764058fd1526cf4b808ebb649fe68776ef0b58feb0a15b28414e4f3e8402f2c39dab0dbca7c956ae8f7b1a9954e54239a3bb40afce93d3aba44a4aa859d75900386c3f8814ee9eb5b7fbf8d8157bc3dfe71d82998485ad9570cdf891b79d96e3ddcbfba6ad6e439b4b370648ff554fab7b892266286835a42b900722549a886d2a35ae8360c4f776d35607a9a90539a90f0f056fab9eeeebc1182c1f3fbcb61b957ce8f56d9fd9844d619db41353ab8d6c8c3056ec8e43787b74a76d0cd34a3139c6885d7494b51f4084f8c073b242409257ddae8159a7310e4c62df505fbd8e1a93c714509a0c8da41730aa3b67b30baa709451e8f8c7e5bb2f98dc3f4fb2d8245f63582bb03409c247c260a3b165fb38b2074264301d891db9c6dbb1eaadded5cc02048719d7bc304429b1cc7f3814e40bb947c99f282d1160974bb68a0a84f35512972d15f184c67a8b0c79d819f10928bdeefa66e972e0b119a7a70dec1ac9086c9d45b5ba091738f09aeb672dad4619107d8c836146418726678751d073444372403be1f68dd912b8670fe374447e3b04457ac8e864eae9475c16cbed2db723d14775a749432644fcc7cc1eef5c78b13c795c681cbffe49f32681e3c276c0d521ff09ad089b77c1ed951c92e36d59d8101a5e2aac6e70b622bf08caab5717f467eb01980d3dbfd5a1e0935e597871bb9e47b07b8b4aa97dbf37d321399df96a6adadb203a69717a28c9e3d937cff45ecdee58ee66bb77fe2436f40bcb1053cd1ceec4c26b3d756cdf65da02ffd1e18341fb5731b08593d3e821b82375ce226d1a27bfcbdf8878454cb101e80c92a7315162cc7c28c44282f27c25cfcc8f326126d214cab26a009b16b88d2e84db2622061c3fa0ddfb586776749cde2acb5953d5b746e232f1c25c217b4dc98a742e84f240d30f8d9bd824ba123e69e3acb0bdc31934187ea05fe2c25dd7daabd54b39bd55cc233cb9101fd6b3646202cc277457eae7a00467f70492f37bd08e3e00e33b49673f51342b7fe44230a4000da2085c70df56a180c47760cbc44174ba661c63138af084cf56ebf4e19c4a79eff55ab10ce789ffd9ab4631d28b7eafa62929c057691e99b6de19e7359d2d0a70957dbb42830e0da73f6fbe98e9364b5d68317c9d486cf4798ad84b30c598911964a898919664be549dc47e23886b2e203eb6bf021f87b09bb711218b00b3c031f20a897c120186ea0b05e2962d8bca04423aa48a033254cf24c776c8a33b0c59a828278e35175c0e3f821842f4d5f20ed6129a9e566f10435159a7d706584e7eca401c2056c5935415643034ea585aedd56eabbe801d8b5e52788a696bc4f475ddb7d7020a872c54f201b9c11b911048e538f1e46d49e646ef1e6c19454c44d3817223762b5ecd2a46e4e6f325a4e87e49a74dd639c8ba8b690cd37697b16f2cde3764d8bad333aa1452b2c0008ba7f2a031d40d750349fd239f6cb2b64df56f7b4a28ca0571b91078cbaf03c8809a6449a6981a6d307c7d5e612ec663948d6352d01c7e3656a9b34e2cb9df8f1e1002d503f0480d22ae68d25dfb5145c208288aa8909a2359f12215e0da04653882b590c0f8e16a79bcfde82f3bd7a1f99c1ed25e28684d6e70c93c032c50caa20ceedde9247ebfe59df0e128a3d06569a3147cf1395a6936f888889e0aa9bf13eaf5af1ba3e99c7e89d5d608e05603b6e88c4ffb41c08932878bf968311897ef9f1b97e4d417a3e88284bb6876569f455c699cbaef38c79f3aa8a21199b9e2d0c1725874b3f785b8faa54f01f6255d0950993b0dc081efb768196e2b69ab514286bb669c8d30fcf68d44caea0517230358cf67f71bbbad796b4102b593e883448cf552b694900956a5e58f5c0edfa8c88d3c6ca61777700fb040f5be2df308d74ff480b5e3a66eba25ff9e420d552a080d055c860fd7d20cfb59ae033087cff46932514a00fab9bc10cf3cfd1577316fa918324c027cef7821fb6da6c7240ded57044f4ffc70d541e8faa28734f1e95bbc7096757abae27e3a3ab45f4c2c3c9489e2cb3bf359e11ad2b099aa290b5c8044ddff3998b6ea236994dab99f0de1cebb2ac6f38544f2dd02ab527030d453a4494743bf720a2efff6c207d4ab6a2b9154337c365946a8d7e38b024ae99f12304e8bb3749409bc180c10098035e07eb7f62608e7cc419f7a15bb92f994d46f45b864733e9e98b7294b804683ab20a8334c3d0758dc890593c05b5f6ecfd834c7180e68752dbfefd681ecc9765033849147d7e4ba7c503f2b9a194cc935c5a577032d2ce48e9d7aa265395151030ee1d1fbae37309484db1c0a1ff91ab6e6d5c563e47d7a14056b73cd889beb01ddf8cbd3f2beca6670ac6bf67f5d9c6d2ab89b50a9d46ccd32c77ff537275b67c410f95e917487be87dc90e60c98b0b191ee45bd148b5cd517b3d23de89074ae8f43df35d49df81a0330a62151c3159040077dec8d89ef5cd2b363a73eaf7fc1fb775f922631673d31efccefd8ebaaa511d4cfa6d025b690c37da0606c290df3a9b3fc26fda7565d3188", @ANYRESDEC=r0, @ANYBLOB="38976644452149a8557327060f23c4112cc40f604f48475541803aae06e9bdd94a66059de8f8f791a3293f3c636df928b2a8f53a70821b6db278e97cd0edc09bad3cd52b83e4a43c6c07a8440945b67486082c336acab9158b9408e72f245768271139a062a653ec42fe475d0cd58c03392b61bbb69b110b1e5c11585ce5a9cba9a686084099d542d77f5caceb3d8b8f7502078fd15fb7133beded7e947935b191cc1effba18835f9194d8ea9410c837818557770f5f8b568ed3c3a179e5a6ecdffeecf86820a0740a7b51a28ef88b3a9e2e5e823cdc"], 0x0, 0x4b4, &(0x7f0000000a00)="$eJzs20tsVFUcx/Hff+50mA5Vy8MChkCjJlYQ6AMLpCaGh40mPLRQjcRHKp1ipQ/SKUoJCEt154KlS7cuXBm3hsSlcWEwhoUJsnEzK3GHOfc9Q2lnpJ2h9PshcM6987/DOec/d845kxkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADp0GsHu3us2a0AAACNdPzkUHcf8z8AAKvKKfb/AAAAq4nJ0x8y7TpXtmP+cSB/dHzqwsXhI4PzX9ZqMmXk+fHub76nt2/vy/379kflwtcvtS06cfLUwc7D05PnZ4qlUnG0c3hq/Mz0aLHmZ3jY66vt8Aegc/LchdGxsVJn7+6+iocvtt9Zs7ajfaD//cO5KHb4yODgyVRMtuV//+/3edAKPydPL8r0yQ/f2XFJGT38WCzy2llurX4ndvidGD4y6HdkYnxkatY9aJkwKlM5JrlojBqQi4eSkVy7LLc0e7YWefpRpkN7ynZCkheNw07/g+Ga2tMYz+bTR1m3dZXUpRWQs0fYGnn6UKYbe9r1Zjiufv5z0uVmNw7LLhve/9NWtrf89wN3P7m3zaNvd74xNTadirVMeEet9PmhkR7x96a8PJ3w7/iyDWl7s5uDBmuVp0mZcl9/6q8r5K9LnxrYt237gfQKY9Miz+Nid4c3Vy1zcku4dLCM+7P0/UJt8ubpL5nu/h4sr7qiOUC6dm+hC/9sSPOw3MzThEz/XimbVe1LvdT+PrbS5/7lbX9r/vD0+bmZ8bMfz877eCF/8KPS7MzImfkfDvauXvrMYvvYapn6tmQFC3Z8X3xWjq8L9wBPBEdJa769nLwWuqrKSPr1U0u95l1sHeso1yYzT7dlGvtgczDPqFD32KwGLv+DMpXKv1iU6TD/2eAolf9XkvHLW2UZ83P7ZPC5VrSW2HJ644POL0f+XZtc/t+V6dA/m8PPNIL8e1WxLq5Dpveubw3jMjkXl426Ezzj2PhEsdvF3pNp/c9RrPzYQhi7IYntcbElmb68URm7NozdmMT2utibMt36bf7Yp5PYPhc75/J1qzOKLbjYbWFsRxK7+8z0xOhiw+ry3yvTO1dft6jPD8x/6v6/VlXG7sv5wvWlyn976ty1MK+nw/xnF8n/VzLN/b016rc/9tHLap3/b5J/t1b+/nplbLShXJ/E9tTarWZz+V8n051Xb8Z9DvsWHiYZSuf/mWxlGY9rk/K/LnWuPWxXrs6xWI1Kc5fOjUxMFGeoUKFCJa40+50JjeDm/yE3q/d7Fq1jwvm/LThKVkx3P0/m/4GqMtak+X996txAuGppyUr52cnzLZukfGnu0q7xyZGzxbPFqb69/d29B/Z29+1vyUWLu6RW89g9Dlz+d8p05adf431M5fpv/vV/oaqMNSn/G9J9qljX1DwUq5LLf5tM/bdvxvvNhdb/0f6/67nKMr7/Gpr/ZPO/MRXaHrarrb6hAAAAAAAAAAAAAAAAAIAVpWCenpfp4tBLFv2GqJbv/41WlbGl//5X8MPkRb7/15E6N9qg3zXUNdAAAAAAAAAAAAANkpGnb2R6QWW76k60ScfSJR5r/wUAAP//D7BIJg==") mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 934.448594ms ago: executing program 4 (id=2163): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r0}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b4000000190001002dbd70000000000000000000000000000000000000000001ac1414aa00000000000000000000000000000000000000000a"], 0xfc}}, 0x0) 591.467239ms ago: executing program 5 (id=2164): r0 = fsopen(&(0x7f0000000240)='sysfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x1) unshare(0x60600) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000580)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1) 332.007195ms ago: executing program 4 (id=2165): r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4) recvmmsg(r1, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1}}], 0x1, 0x40002000, 0x0) write$binfmt_misc(r0, &(0x7f0000000040), 0xffc1) 329.399643ms ago: executing program 6 (id=2166): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SPLICE={0x1e, 0x48, 0x0, @fd, 0x3, {}, 0xa6, 0x3}) r3 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x6842, 0x80, 0x2, 0x12}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r3, 0x11, &(0x7f0000000d40)="01", 0x1) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) 233.090951ms ago: executing program 3 (id=2167): syz_mount_image$hfs(&(0x7f00000007c0), &(0x7f0000000280)='./file1\x00', 0x30008c0, &(0x7f0000000800)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030373737372c6469725f756d61736b3d30303030303030303030303030303030303030303030302c696f636861727365743d69736f383835392d362c636f6465706167653d63703835352c63726561746f723d4ddd71752c00eeabc72a9832436950c6116498dda8be60a94746ea68766f63d1d63944fbda2a9337439b37b6f2a694ba98f40070d09c3890bd28a2018f1adfe1e0a630020a9cac1a43800a70a9328ddb2a2f2e207da7cd3caf243b39eaff4966b7aa97cb6cc7d2cfc59e7a976de0a00d23c7ffaaa056cc4f8bc7b4c0f9a21db642b3e832e30a90ba1b9e7933b77c60f6a1b9ca9128f0a2d0e23373c9d15c79865bae97ddd82b98001b6aa9c5390e4deaf5f0ee492c6842b1c08486e479a889491459a257e9d4083634dac6cd58520f72e6c2f11bbd5b03655bb1863b16f3"], 0x11, 0x301, &(0x7f0000000980)="$eJzs3U1rE08cB/Dv7KbN9v8vdbUVwYNINWAvovUiXiIlL8KTqE0KxaWitviAhyqeROzdu0evvgbxogie68mTeK4HGZmHZJ83qWR3E/1+oGGzszP7m8zOzkygWRDRP2uts//m0jf1JwAXLvDiCuAA8IAGgOM44e1sbW9uB71uUUEuTjVNLgGTU6SOWd/qZWX1YHNYvnrXwHx0H5VDSnn1a91BUO1075dufOdpfSdo2t6pE72a4svz9PBZfswB2C0jmIlS3FLiAAd4iIXKwiEiookkzPju2HF+3s7fHQdo2cFEz8Ynbfz/Uwd1B1A6WZgaGf91u0qh2v2ITgrXe3oJp9Kd/ioxq6y3ifczifezMFdWbHYphq0qdSzO3MZm0Du/fifoOniGthU5bEm/ds2l2xeLtpkqejljbVpgUNpc7iEie0b5v67DjKrDqon/AYBY/IuFZyyB+CA+ievCx2t0B/O/hhSqmXRL+YmWMvFfyC9R19JXR8HeNtrtthM75Kg+yUl7BmtILT24eWectWXGviDwh8Wpcx1L5DK1uzgk12JmrlW9vQInJ9dSLJeqzcZm8D7/VJUQr8Q1sYzveIdOZP7vqPhaKOyZYa8RLTMU6E9c9c54y0Y0WjZFjxw7X/afmP3p7jL4FNMd1vpZfE+jQ3iJW7iMhfuPHt92g6B3T23cDNTlqjcGe+7O242gN/MciCZNygZ2wz1NSC11cH9QqjKwlbEWqO4fGUmqY4V7VC8rvV7qPjAB7V7fRufjeC6k/rQhlvRLSllhdfZsx0gm1XdrouqEjT7a8RlTHZpuqkmFWf+F65WGmeypFz9znj7iFwG2RKnm2IMVXJhXmhk5gP8KVnBZxeau4NJrrtSaUa+5zpwDzo5+Rt/G+ZcQHXzGDX7/T0REREREREREREREREREREREREQ0bar4f4m660hERERERERERERERERERERERERERERENO3WPJjfvUb/+b8Y7fm/yUexuOYnwcfy/N+9LfD5v0Tl+x0AAP//l0Z3OQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) read$FUSE(r0, &(0x7f0000002cc0)={0x2020}, 0x2020) 3.960637ms ago: executing program 5 (id=2168): r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000001c0)={'vxcan1\x00', 0x0}) connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10) sendmsg$can_bcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r0, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x0) 0s ago: executing program 2 (id=2169): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local}) close(r0) kernel console output (not intermixed with test programs): ng to 1024 [ 353.020220][ T6527] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 353.035014][ T6527] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 353.047175][ T6527] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 353.061322][ T6527] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 353.071186][ T6527] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.088986][ T7258] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 353.490135][ T6527] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input9 [ 353.611212][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 353.729257][ T7258] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 353.739693][ T7258] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 354.207359][ T24] usb 6-1: USB disconnect, device number 2 [ 354.207486][ C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 354.222621][ C0] dummy_hcd dummy_hcd.5: timer fired with no URBs pending? [ 355.678729][ T7285] netlink: 160 bytes leftover after parsing attributes in process `syz.5.459'. [ 356.070450][ T6527] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 356.284203][ T6527] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 356.296322][ T6527] usb 2-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.00 [ 356.306855][ T6527] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.428744][ T6527] usb 2-1: config 0 descriptor?? [ 356.439417][ T7289] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 356.915646][ T6521] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 356.964019][ T6527] betop 0003:8380:1850.0006: unknown main item tag 0x3 [ 356.972874][ T6527] betop 0003:8380:1850.0006: unknown main item tag 0x3 [ 356.980557][ T6527] betop 0003:8380:1850.0006: item fetching failed at offset 3/5 [ 357.072149][ T6527] betop 0003:8380:1850.0006: parse failed [ 357.081708][ T6527] betop 0003:8380:1850.0006: probe with driver betop failed with error -22 [ 357.153967][ T6521] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 357.164966][ T6521] usb 3-1: config 0 interface 0 has no altsetting 0 [ 357.220282][ T24] usb 2-1: USB disconnect, device number 8 [ 357.253659][ T6521] usb 3-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=b1.f9 [ 357.264118][ T6521] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.272956][ T6521] usb 3-1: Product: syz [ 357.278483][ T6521] usb 3-1: Manufacturer: syz [ 357.284007][ T6521] usb 3-1: SerialNumber: syz [ 357.419322][ T6521] usb 3-1: config 0 descriptor?? [ 357.450835][ T6521] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 357.519229][ T7306] loop5: detected capacity change from 0 to 128 [ 357.644475][ T6521] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 357.721263][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 357.729869][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 357.760748][ T6521] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 357.770364][ T6521] usb 3-1: media controller created [ 357.844408][ T6521] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 358.605126][ T6521] DVB: Unable to find symbol tda10046_attach() [ 358.613478][ T6521] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 358.631887][ T6521] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 359.048898][ T6521] dvb_usb_m920x 3-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 359.092706][ T6521] usb 3-1: USB disconnect, device number 3 [ 359.923701][ T7330] loop1: detected capacity change from 0 to 512 [ 360.140562][ T7330] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 360.155328][ T7330] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 360.399216][ T5150] udevd[5150]: worker [5975] terminated by signal 33 (Unknown signal 33) [ 360.428291][ T5150] udevd[5150]: worker [5975] failed while handling '/devices/virtual/block/loop1' [ 360.801590][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 361.125982][ T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 361.335125][ T24] usb 6-1: Using ep0 maxpacket: 16 [ 361.362226][ T7351] loop1: detected capacity change from 0 to 512 [ 361.385880][ T24] usb 6-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 361.398028][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.472368][ T24] usb 6-1: config 0 descriptor?? [ 361.505323][ T7351] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 361.556839][ T24] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 361.618499][ T7351] EXT4-fs (loop1): 1 truncate cleaned up [ 361.629534][ T7351] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 362.083246][ T7358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.483'. [ 362.236857][ T7358] team0 (unregistering): Port device team_slave_0 removed [ 362.266848][ T7361] mmap: syz.3.482 (7361) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 362.323875][ T7358] team0 (unregistering): Port device team_slave_1 removed [ 362.607823][ T5792] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 362.815210][ T5792] EXT4-fs (loop1): Remounting filesystem read-only [ 362.905331][ T24] gspca_sonixj: reg_w1 err -71 [ 362.928179][ T24] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 362.996176][ T24] usb 6-1: USB disconnect, device number 3 [ 363.357892][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 363.923547][ T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 364.116356][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.128397][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 364.140405][ T24] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 364.150817][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.171773][ T24] usb 3-1: config 0 descriptor?? [ 364.822262][ T24] steelseries 0003:1038:1410.0007: not enough fields in HID_OUTPUT_REPORT 0 [ 365.008922][ T24] usb 3-1: USB disconnect, device number 4 [ 366.060943][ T7381] binder: 7379:7381 ioctl c0306201 80000640 returned -22 [ 366.828038][ T5803] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 366.838253][ T5803] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 366.850835][ T5803] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 366.867388][ T5803] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 367.055597][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 367.138089][ T7391] netlink: 8 bytes leftover after parsing attributes in process `syz.5.498'. [ 367.977736][ T7387] loop2: detected capacity change from 0 to 40427 [ 368.075543][ T7387] F2FS-fs (loop2): build fault injection rate: 771 [ 368.101283][ T7387] F2FS-fs (loop2): invalid crc value [ 368.438129][ T7387] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 368.470856][ T7387] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 368.697648][ T5805] syz-executor: attempt to access beyond end of device [ 368.697648][ T5805] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 368.715344][ T5805] CPU: 1 UID: 0 PID: 5805 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 368.715497][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 368.715599][ T5805] Call Trace: [ 368.715657][ T5805] [ 368.715710][ T5805] __dump_stack+0x26/0x30 [ 368.715919][ T5805] dump_stack_lvl+0x1df/0x270 [ 368.716135][ T5805] dump_stack+0x1e/0x25 [ 368.716332][ T5805] f2fs_handle_critical_error+0xa6f/0xc20 [ 368.716539][ T5805] f2fs_stop_checkpoint+0x65/0x80 [ 368.716709][ T5805] f2fs_write_end_io+0x101c/0x1bc0 [ 368.716931][ T5805] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 368.717105][ T5805] bio_endio+0xeb4/0x1010 [ 368.717292][ T5805] submit_bio_noacct+0x2009/0x2930 [ 368.717532][ T5805] submit_bio+0x57c/0x630 [ 368.717723][ T5805] f2fs_submit_write_bio+0x92/0x250 [ 368.717959][ T5805] __submit_merged_bio+0x16f/0x6a0 [ 368.718287][ T5805] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 368.718483][ T5805] __submit_merged_write_cond+0x458/0x9a0 [ 368.718735][ T5805] f2fs_write_data_pages+0x4bb2/0x5480 [ 368.719048][ T5805] ? kmsan_get_metadata+0xfb/0x160 [ 368.719231][ T5805] ? folio_batch_move_lru+0x6a6/0x6e0 [ 368.719419][ T5805] ? __msan_warning+0x1b/0x30 [ 368.719570][ T5805] ? filter_irq_stacks+0x13f/0x190 [ 368.719802][ T5805] ? stack_depot_save_flags+0x35/0x7b0 [ 368.719974][ T5805] ? lru_gen_add_folio+0xd66/0x1190 [ 368.720185][ T5805] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 368.720428][ T5805] ? kmsan_get_metadata+0xfb/0x160 [ 368.720602][ T5805] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 368.720783][ T5805] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 368.720956][ T5805] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 368.721126][ T5805] do_writepages+0x3f2/0x860 [ 368.721342][ T5805] ? _raw_spin_unlock+0x30/0x50 [ 368.721519][ T5805] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 368.721731][ T5805] filemap_fdatawrite+0x207/0x260 [ 368.722038][ T5805] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 368.722272][ T5805] f2fs_write_checkpoint+0x10a4/0x3730 [ 368.722633][ T5805] kill_f2fs_super+0x31b/0x990 [ 368.722866][ T5805] ? __pfx_kill_f2fs_super+0x10/0x10 [ 368.723050][ T5805] deactivate_locked_super+0xcb/0x3c0 [ 368.723289][ T5805] deactivate_super+0x12f/0x140 [ 368.723514][ T5805] cleanup_mnt+0x6fb/0x780 [ 368.723676][ T5805] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 368.723927][ T5805] ? __pfx___cleanup_mnt+0x10/0x10 [ 368.724102][ T5805] __cleanup_mnt+0x22/0x30 [ 368.724272][ T5805] task_work_run+0x209/0x2b0 [ 368.724457][ T5805] exit_to_user_mode_loop+0x2d1/0x370 [ 368.724642][ T5805] __do_fast_syscall_32+0x12a/0x150 [ 368.724857][ T5805] ? irqentry_exit_to_user_mode+0x7f/0xa0 [ 368.725075][ T5805] do_fast_syscall_32+0x38/0x80 [ 368.725285][ T5805] do_SYSENTER_32+0x1f/0x30 [ 368.725483][ T5805] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 368.725690][ T5805] RIP: 0023:0xf703d539 [ 368.725814][ T5805] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 368.725942][ T5805] RSP: 002b:00000000ff882048 EFLAGS: 00000206 ORIG_RAX: 0000000000000034 [ 368.726083][ T5805] RAX: 0000000000000000 RBX: 00000000ff8820f0 RCX: 0000000000000009 [ 368.726173][ T5805] RDX: 00000000f73d6ff4 RSI: 00000000f7227ae8 RDI: 00000000ff883184 [ 368.726276][ T5805] RBP: 00000000ff8820f0 R08: 0000000000000000 R09: 0000000000000000 [ 368.726366][ T5805] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 368.726453][ T5805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 368.726580][ T5805] [ 369.083888][ T5805] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 369.163491][ T6521] kernel read not supported for file /dsp (pid: 6521 comm: kworker/0:17) [ 369.321480][ T5800] Bluetooth: hci0: command tx timeout [ 369.801870][ T7388] chnl_net:caif_netlink_parms(): no params data found [ 371.105309][ T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 371.405836][ T5800] Bluetooth: hci0: command tx timeout [ 371.605427][ T24] usb 4-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 371.615689][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.768452][ T24] usb 4-1: config 0 descriptor?? [ 372.135302][ T24] kaweth 4-1:0.0: Firmware present in device. [ 372.614468][ T24] kaweth 4-1:0.0: Statistics collection: 0 [ 372.620939][ T24] kaweth 4-1:0.0: Multicast filter limit: 0 [ 372.627436][ T24] kaweth 4-1:0.0: MTU: 0 [ 372.632877][ T24] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00 [ 372.679960][ T7388] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.688517][ T7388] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.696930][ T7388] bridge_slave_0: entered allmulticast mode [ 372.707817][ T7388] bridge_slave_0: entered promiscuous mode [ 372.943551][ T7388] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.951820][ T7388] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.969274][ T7388] bridge_slave_1: entered allmulticast mode [ 372.979784][ T7388] bridge_slave_1: entered promiscuous mode [ 373.351019][ T24] kaweth 4-1:0.0: Error setting receive filter [ 373.358861][ T24] kaweth 4-1:0.0: probe with driver kaweth failed with error -5 [ 373.437477][ T24] usb 4-1: USB disconnect, device number 9 [ 373.452150][ T5800] Bluetooth: hci0: command tx timeout [ 373.805620][ T7388] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 373.924443][ T7388] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 374.359722][ T7388] team0: Port device team_slave_0 added [ 374.457823][ T7388] team0: Port device team_slave_1 added [ 375.043593][ T7388] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 375.052216][ T7388] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 375.084209][ T7388] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 375.191601][ T7388] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 375.201923][ T7388] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 375.239385][ T7388] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 375.527791][ T5800] Bluetooth: hci0: command tx timeout [ 375.718679][ T7388] hsr_slave_0: entered promiscuous mode [ 375.739009][ T7388] hsr_slave_1: entered promiscuous mode [ 375.748713][ T7388] debugfs: 'hsr0' already exists in 'hsr' [ 375.759967][ T7388] Cannot create hsr debugfs directory [ 375.954311][ T7447] geneve2: entered promiscuous mode [ 376.025671][ T6602] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 53558 - 0 [ 376.194073][ T6602] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 53558 - 0 [ 376.265440][ T6602] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 53558 - 0 [ 376.395489][ T6602] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 53558 - 0 [ 377.095931][ T7455] loop3: detected capacity change from 0 to 1024 [ 377.333381][ T7388] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 377.442063][ T7388] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 377.579169][ T7388] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 377.690638][ T7455] hfsplus: xattr searching failed [ 377.698685][ T7388] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 378.391327][ T3718] hfsplus: bad catalog file entry [ 378.445772][ T3718] hfsplus: b-tree write err: -5, ino 3 [ 379.164052][ T7388] 8021q: adding VLAN 0 to HW filter on device bond0 [ 379.221141][ T6521] libceph: connect (1)[c::]:6789 error -101 [ 379.227780][ T6521] libceph: mon0 (1)[c::]:6789 connect error [ 379.335034][ T7388] 8021q: adding VLAN 0 to HW filter on device team0 [ 379.393741][ T3797] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.401668][ T3797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 379.507048][ T6521] libceph: connect (1)[c::]:6789 error -101 [ 379.521658][ T6521] libceph: mon0 (1)[c::]:6789 connect error [ 379.527534][ T3797] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.536285][ T3797] bridge0: port 2(bridge_slave_1) entered forwarding state [ 379.911955][ T7473] ceph: No mds server is up or the cluster is laggy [ 380.826719][ T7490] netlink: 'syz.3.533': attribute type 1 has an invalid length. [ 380.835121][ T7490] netlink: 'syz.3.533': attribute type 6 has an invalid length. [ 380.843067][ T7490] netlink: 52 bytes leftover after parsing attributes in process `syz.3.533'. [ 381.931474][ T7388] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 382.496208][ T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 382.729063][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 382.743652][ T24] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 382.754431][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.871699][ T24] usb 6-1: config 0 descriptor?? [ 383.551001][ T24] usb 6-1: language id specifier not provided by device, defaulting to English [ 383.990419][ T24] letsketch 0003:6161:4D15.0008: Device info: [ 384.281561][ T24] usb 6-1: Max retries (5) exceeded reading string descriptor 201 [ 384.290865][ T24] letsketch 0003:6161:4D15.0008: probe with driver letsketch failed with error -71 [ 384.387253][ T24] usb 6-1: USB disconnect, device number 4 [ 384.884042][ T7527] loop4: detected capacity change from 0 to 4096 [ 385.009307][ T7388] veth0_vlan: entered promiscuous mode [ 385.172193][ T7388] veth1_vlan: entered promiscuous mode [ 385.600237][ T7534] loop3: detected capacity change from 0 to 1024 [ 385.702581][ T7388] veth0_macvtap: entered promiscuous mode [ 385.783061][ T7388] veth1_macvtap: entered promiscuous mode [ 386.015434][ T7534] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 386.183795][ T7388] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 386.292746][ T7388] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 386.417747][ T3827] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.450237][ T3827] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.511157][ T3827] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.620481][ T59] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.757629][ T7544] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #2: comm syz.3.549: missing EA_INODE flag [ 387.037758][ T7544] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.549: error while reading EA inode 2 err=-117 [ 387.838563][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 390.260674][ T7587] warning: `syz.2.566' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 390.376102][ T7587] netlink: 132 bytes leftover after parsing attributes in process `syz.2.566'. [ 391.227233][ T6521] libceph: connect (1)[c::]:6789 error -101 [ 391.234463][ T6521] libceph: mon0 (1)[c::]:6789 connect error [ 391.309870][ T7597] ceph: No mds server is up or the cluster is laggy [ 393.782141][ T3895] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 393.793944][ T3895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.085040][ T3895] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.095585][ T3895] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.250788][ T7625] netlink: 'syz.2.577': attribute type 1 has an invalid length. [ 394.267626][ T7625] netlink: 'syz.2.577': attribute type 4 has an invalid length. [ 394.278676][ T7625] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.577'. [ 394.697036][ T7630] Invalid ELF header magic: != ELF [ 395.502341][ T7632] loop3: detected capacity change from 0 to 2048 [ 396.067380][ T7632] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 396.297484][ T7632] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 396.355504][ T7632] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 396.368762][ T7632] EXT4-fs (loop3): This should not happen!! Data will be lost [ 396.368762][ T7632] [ 396.380717][ T7632] EXT4-fs (loop3): Total free blocks count 0 [ 396.387783][ T7632] EXT4-fs (loop3): Free/Dirty block details [ 396.394412][ T7632] EXT4-fs (loop3): free_blocks=4096 [ 396.401030][ T7632] EXT4-fs (loop3): dirty_blocks=32 [ 396.407421][ T7632] EXT4-fs (loop3): Block reservation details [ 396.423727][ T7632] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 396.436842][ T6527] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 396.611714][ T6527] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 396.628284][ T6527] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 396.640194][ T6527] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 396.654229][ T6527] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 396.663839][ T6527] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.852652][ T6527] usb 6-1: config 0 descriptor?? [ 396.908436][ T3895] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 65793 with max blocks 1 with error 28 [ 397.194671][ T7657] netlink: 'syz.2.587': attribute type 16 has an invalid length. [ 397.203061][ T7657] netlink: 'syz.2.587': attribute type 17 has an invalid length. [ 397.289528][ T7653] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.318228][ T7653] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.727779][ T6527] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 397.899059][ T7657] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 399.009063][ T7661] loop6: detected capacity change from 0 to 4096 [ 399.082179][ T7661] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512). [ 399.307816][ T6521] usb 6-1: USB disconnect, device number 5 [ 399.406312][ T7661] ntfs3(loop6): ino=19, mi_enum_attr [ 399.411911][ T7661] ntfs3(loop6): Mark volume as dirty due to NTFS errors [ 399.613580][ T7661] ntfs3(loop6): failed to convert name for inode 20. [ 400.290678][ T7675] loop5: detected capacity change from 0 to 2048 [ 400.392275][ T7675] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 400.540211][ T7675] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 401.691366][ T7684] veth0_to_bridge: entered promiscuous mode [ 401.758179][ T7683] veth0_to_bridge: left promiscuous mode [ 402.628220][ T7695] lo speed is unknown, defaulting to 1000 [ 402.639077][ T7695] lo speed is unknown, defaulting to 1000 [ 402.647008][ T7695] lo speed is unknown, defaulting to 1000 [ 402.840121][ T7698] loop5: detected capacity change from 0 to 64 [ 403.310190][ T7695] infiniband sz1: set active [ 403.315364][ T7695] infiniband sz1: added lo [ 403.336043][ T6521] lo speed is unknown, defaulting to 1000 [ 403.526633][ T30] audit: type=1800 audit(1762522525.818:436): pid=7698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.606" name="file2" dev="loop5" ino=22 res=0 errno=0 [ 403.618218][ T7695] RDS/IB: sz1: added [ 403.622597][ T7695] smc: adding ib device sz1 with port count 1 [ 403.630333][ T7695] smc: ib device sz1 port 1 has no pnetid [ 403.639054][ T7695] lo speed is unknown, defaulting to 1000 [ 403.685078][ T6521] lo speed is unknown, defaulting to 1000 [ 404.150514][ T7708] netlink: 35 bytes leftover after parsing attributes in process `syz.4.608'. [ 404.159867][ T7708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.608'. [ 404.691589][ T7695] lo speed is unknown, defaulting to 1000 [ 405.026200][ T7714] netlink: 12 bytes leftover after parsing attributes in process `syz.5.611'. [ 405.432363][ T7695] lo speed is unknown, defaulting to 1000 [ 406.353203][ T7695] lo speed is unknown, defaulting to 1000 [ 407.110097][ T7695] lo speed is unknown, defaulting to 1000 [ 407.902380][ T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 408.108375][ T7695] lo speed is unknown, defaulting to 1000 [ 408.311096][ T24] usb 7-1: config 220 has an invalid interface number: 76 but max is 2 [ 408.321429][ T24] usb 7-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 408.331032][ T24] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 408.341787][ T24] usb 7-1: config 220 has no interface number 2 [ 408.348473][ T24] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 408.362239][ T24] usb 7-1: config 220 interface 0 has no altsetting 0 [ 408.369477][ T24] usb 7-1: config 220 interface 76 has no altsetting 0 [ 408.376843][ T24] usb 7-1: config 220 interface 1 has no altsetting 0 [ 408.569889][ T24] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 408.580012][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.588613][ T24] usb 7-1: Product: syz [ 408.593459][ T24] usb 7-1: Manufacturer: syz [ 408.602948][ T24] usb 7-1: SerialNumber: syz [ 409.097898][ T24] uvcvideo 7-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 409.110251][ T24] uvcvideo 7-1:220.0: No valid video chain found. [ 409.118493][ T24] usb 7-1: selecting invalid altsetting 0 [ 409.302122][ T24] usb 7-1: selecting invalid altsetting 0 [ 409.308956][ T24] usbtest 7-1:220.1: probe with driver usbtest failed with error -22 [ 409.401305][ T24] usb 7-1: USB disconnect, device number 2 [ 409.835430][ T6521] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 410.105385][ T6521] usb 4-1: Using ep0 maxpacket: 8 [ 410.215432][ T6521] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 410.317084][ T6521] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 410.326746][ T6521] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.341098][ T6521] usb 4-1: Product: syz [ 410.347376][ T6521] usb 4-1: Manufacturer: syz [ 410.352350][ T6521] usb 4-1: SerialNumber: syz [ 410.394282][ T6521] usb 4-1: config 0 descriptor?? [ 410.470500][ T6521] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 411.216489][ T6521] gspca_zc3xx: reg_w_i err -71 [ 411.815264][ T6521] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 411.822043][ T6521] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 411.919988][ T6521] usb 4-1: USB disconnect, device number 10 [ 413.216478][ T24] libceph: connect (1)[c::]:6789 error -101 [ 413.223054][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 413.325800][ T7783] ceph: No mds server is up or the cluster is laggy [ 414.318197][ T7797] netlink: 12 bytes leftover after parsing attributes in process `syz.2.646'. [ 414.987609][ T7798] loop6: detected capacity change from 0 to 4096 [ 415.048917][ T7798] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512). [ 415.228721][ T7809] netlink: 204 bytes leftover after parsing attributes in process `syz.5.651'. [ 415.429943][ T7798] ntfs3(loop6): ino=0, attr_set_size [ 415.464341][ T7798] ntfs3(loop6): ino=0, attr_set_size [ 415.489631][ T7798] ntfs3(loop6): ino=0, attr_set_size [ 416.706059][ T7819] netlink: 8 bytes leftover after parsing attributes in process `syz.3.654'. [ 419.158230][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 419.165780][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 421.839328][ T30] audit: type=1326 audit(1762522544.148:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.687" exe="/root/syz-executor" sig=9 arch=40000003 syscall=20 compat=1 ip=0xf703d539 code=0x0 [ 422.164383][ T7892] netlink: 'syz.3.688': attribute type 12 has an invalid length. [ 422.949380][ T7900] loop5: detected capacity change from 0 to 256 [ 423.188460][ T7900] exFAT-fs (loop5): failed to load upcase table (idx : 0x00012c80, chksum : 0x8ff561f5, utbl_chksum : 0xe619d30d) [ 423.997609][ T7910] loop6: detected capacity change from 0 to 1024 [ 424.100374][ T7913] netlink: 4276 bytes leftover after parsing attributes in process `syz.4.698'. [ 424.110392][ T7913] netlink: 4276 bytes leftover after parsing attributes in process `syz.4.698'. [ 424.121525][ T7913] netlink: 396 bytes leftover after parsing attributes in process `syz.4.698'. [ 424.212040][ T7910] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 424.225445][ T7910] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 424.380035][ T5800] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 424.483593][ T7910] EXT4-fs error (device loop6): ext4_map_blocks:814: inode #15: comm syz.6.696: lblock 0 mapped to illegal pblock 0 (length 6) [ 424.490710][ T30] audit: type=1800 audit(1762522546.788:438): pid=7910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.696" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 424.609499][ T7910] EXT4-fs error (device loop6): ext4_ext_remove_space:2955: inode #15: comm syz.6.696: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 425.092440][ T7388] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 425.477187][ T7936] netlink: 'syz.6.705': attribute type 6 has an invalid length. [ 426.356436][ T6521] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 426.387446][ T6521] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 426.623906][ T6527] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 426.709954][ T7948] loop2: detected capacity change from 0 to 128 [ 426.848144][ T6527] usb 7-1: config 0 has no interfaces? [ 426.853357][ T7948] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 426.906177][ T6527] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 426.919158][ T6527] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 426.934182][ T6527] usb 7-1: SerialNumber: syz [ 426.960227][ T7948] ext4 filesystem being mounted at /162/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 426.971344][ T6527] usb 7-1: config 0 descriptor?? [ 427.257593][ T24] usb 7-1: USB disconnect, device number 3 [ 427.518485][ T5805] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 428.113470][ T7960] netlink: 28 bytes leftover after parsing attributes in process `syz.2.715'. [ 428.123388][ T7960] netlink: 32 bytes leftover after parsing attributes in process `syz.2.715'. [ 428.133504][ T7960] netlink: 28 bytes leftover after parsing attributes in process `syz.2.715'. [ 428.143535][ T7960] netlink: 32 bytes leftover after parsing attributes in process `syz.2.715'. [ 429.057706][ T7970] netlink: 4 bytes leftover after parsing attributes in process `syz.5.720'. [ 429.101529][ T7973] netlink: 72 bytes leftover after parsing attributes in process `syz.5.720'. [ 429.899059][ T7976] loop3: detected capacity change from 0 to 2048 [ 430.009935][ T7976] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 430.127490][ T7985] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 430.747696][ T7992] dvmrp0: entered allmulticast mode [ 430.796303][ T7985] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 430.808126][ T7985] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4) [ 430.875634][ T7985] Remounting filesystem read-only [ 430.899589][ T5793] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 431.791481][ T8004] dvmrp1: entered allmulticast mode [ 431.865189][ T6527] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 431.902076][ T8004] dvmrp1: left allmulticast mode [ 432.134511][ T6527] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 432.144233][ T6527] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.157513][ T6527] usb 4-1: Product: syz [ 432.162014][ T6527] usb 4-1: Manufacturer: syz [ 432.168782][ T6527] usb 4-1: SerialNumber: syz [ 432.236167][ T6527] usb 4-1: config 0 descriptor?? [ 432.400573][ T8011] netlink: 'syz.4.737': attribute type 6 has an invalid length. [ 432.409628][ T8011] netlink: 14615 bytes leftover after parsing attributes in process `syz.4.737'. [ 432.534617][ T6527] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 433.166390][ T8015] loop5: detected capacity change from 0 to 2048 [ 433.321449][ T8015] loop5: p1 < > p3 [ 433.340970][ T8015] loop5: p3 size 134217728 extends beyond EOD, truncated [ 433.609623][ T6527] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 433.672792][ T6527] usb 4-1: USB disconnect, device number 11 [ 433.956506][ T6088] udevd[6088]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 433.983930][ T6687] udevd[6687]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 434.714990][ T6088] udevd[6088]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 434.765173][ T6687] udevd[6687]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 434.812333][ T8035] netlink: 'syz.3.748': attribute type 1 has an invalid length. [ 434.902900][ T8035] 8021q: adding VLAN 0 to HW filter on device bond1 [ 435.074063][ T8038] bond1: (slave geneve2): making interface the new active one [ 435.091246][ T8038] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 435.103008][ T8039] fuse: Bad value for 'fd' [ 436.575131][ T5803] Bluetooth: hci3: command 0x0406 tx timeout [ 436.792840][ T8063] netlink: 28 bytes leftover after parsing attributes in process `syz.2.758'. [ 437.205545][ T5803] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 437.214255][ T5803] Bluetooth: hci3: Injecting HCI hardware error event [ 437.222397][ T5803] Bluetooth: hci3: hardware error 0x00 [ 437.384547][ T8069] loop6: detected capacity change from 0 to 512 [ 437.396230][ T8069] EXT4-fs: Ignoring removed i_version option [ 437.402813][ T8069] EXT4-fs: Ignoring removed nobh option [ 437.656706][ T8069] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 437.668322][ T8077] netlink: 12 bytes leftover after parsing attributes in process `syz.3.764'. [ 437.670382][ T8069] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 437.708773][ T8074] netlink: 60 bytes leftover after parsing attributes in process `syz.2.762'. [ 437.884592][ T30] audit: type=1800 audit(1762522560.178:439): pid=8069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.761" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 437.949018][ T30] audit: type=1800 audit(1762522560.238:440): pid=8069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.761" name="file2" dev="loop6" ino=16 res=0 errno=0 [ 438.433424][ T7388] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 439.285558][ T5803] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 440.055854][ T24] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 440.235596][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 440.306579][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 440.318136][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 440.328830][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 440.341737][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.478036][ T24] usb 3-1: config 0 descriptor?? [ 440.513474][ T24] hub 3-1:0.0: USB hub found [ 440.733653][ T24] hub 3-1:0.0: 1 port detected [ 440.893761][ T8113] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 440.903625][ T8113] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 441.378714][ T24] hub 3-1:0.0: activate --> -90 [ 441.631857][ T6527] usb 3-1: USB disconnect, device number 5 [ 441.635455][ T24] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 441.863534][ T8122] netlink: 8 bytes leftover after parsing attributes in process `syz.5.782'. [ 443.540651][ T8146] netlink: 4 bytes leftover after parsing attributes in process `syz.2.792'. [ 443.587519][ T8149] netlink: 4 bytes leftover after parsing attributes in process `syz.2.792'. [ 444.583522][ T8164] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 444.595512][ T8164] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 444.608031][ T8164] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 445.003877][ T8169] loop3: detected capacity change from 0 to 256 [ 446.635710][ T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 446.833627][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 446.845373][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 446.855743][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 446.869156][ T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 446.879055][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.958466][ T24] usb 3-1: config 0 descriptor?? [ 447.532788][ T24] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 447.835625][ T24] usb 3-1: USB disconnect, device number 6 [ 448.305875][ T8198] fido_id[8198]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 449.565313][ T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 449.750200][ T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 449.767562][ T24] usb 7-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 449.778108][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.896215][ T24] usb 7-1: config 0 descriptor?? [ 450.612613][ T24] usb 7-1: language id specifier not provided by device, defaulting to English [ 451.029054][ T8225] loop2: detected capacity change from 0 to 4096 [ 451.057642][ T24] letsketch 0003:6161:4D15.000C: Device info: [ 451.342206][ T24] usb 7-1: Max retries (5) exceeded reading string descriptor 201 [ 451.342621][ T24] letsketch 0003:6161:4D15.000C: probe with driver letsketch failed with error -71 [ 451.373040][ T24] usb 7-1: USB disconnect, device number 4 [ 451.572353][ T8236] overlayfs: failed to clone upperpath [ 451.582533][ T8236] overlayfs: failed to clone upperpath [ 452.821709][ T8247] loop2: detected capacity change from 0 to 128 [ 452.940268][ T8247] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 452.975364][ T8247] hpfs: filesystem error: improperly stopped [ 452.981778][ T8247] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 452.990051][ T8247] hpfs: You really don't want any checks? You are crazy... [ 453.113589][ T8247] hpfs: hpfs_map_sector(): read error [ 453.120173][ T8247] hpfs: code page support is disabled [ 453.134579][ T8247] hpfs: hpfs_map_4sectors(): unaligned read [ 453.179240][ T8247] hpfs: hpfs_map_4sectors(): unaligned read [ 453.185529][ T8247] hpfs: filesystem error: unable to find root dir [ 455.122798][ T8270] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 455.137936][ T8270] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 455.149066][ T8270] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 455.948063][ T8283] Invalid ELF header magic: != ELF [ 456.382480][ T8291] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 456.450359][ T30] audit: type=1326 audit(1762522578.768:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8289 comm="syz.4.850" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d539 code=0x7fc00000 [ 456.596596][ T8294] netlink: 'syz.3.852': attribute type 6 has an invalid length. [ 457.160465][ T30] audit: type=1326 audit(1762522579.458:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8289 comm="syz.4.850" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf700d539 code=0x7fc00000 [ 457.198997][ T8302] netlink: 12 bytes leftover after parsing attributes in process `syz.3.856'. [ 457.308861][ T8302] 8021q: adding VLAN 0 to HW filter on device bond2 [ 457.413530][ T8304] bond2: (slave batadv1): Opening slave failed [ 458.069762][ T8317] smc: net device bond0 applied user defined pnetid SYZ2 [ 458.088380][ T8317] netlink: 14 bytes leftover after parsing attributes in process `syz.6.860'. [ 458.182673][ T8317] smc: removing net device bond0 with user defined pnetid SYZ2 [ 458.279578][ T8317] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 458.368492][ T8317] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 458.420122][ T8317] bond0 (unregistering): Released all slaves [ 458.608257][ T8324] overlayfs: failed to clone lowerpath [ 458.630785][ T8324] overlayfs: failed to clone lowerpath [ 459.118323][ T8327] netlink: 4 bytes leftover after parsing attributes in process `syz.3.864'. [ 459.240877][ T8327] team0 (unregistering): Port device team_slave_0 removed [ 459.310836][ T8327] team0 (unregistering): Port device team_slave_1 removed [ 459.393131][ T8332] netlink: 8 bytes leftover after parsing attributes in process `syz.4.867'. [ 459.462062][ T8336] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 459.535462][ T24] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 459.705163][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 459.722126][ T24] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 459.734189][ T24] usb 7-1: config 179 has no interface number 0 [ 459.741058][ T24] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 459.752634][ T24] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 459.764548][ T24] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 459.776446][ T24] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 459.788268][ T24] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 459.804597][ T24] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 459.816293][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.942768][ T8333] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 460.363296][ T24] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input10 [ 460.611676][ T8333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 460.626888][ T8333] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 460.719026][ T8346] input: syz0 as /devices/virtual/input/input11 [ 460.803976][ T8345] ceph: No mds server is up or the cluster is laggy [ 461.043626][ T6527] usb 7-1: USB disconnect, device number 5 [ 461.043625][ C1] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 461.043885][ C1] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 462.160879][ T8365] bond0: (slave bond_slave_0): Releasing backup interface [ 462.201223][ T8365] bond0: (slave bond_slave_1): Releasing backup interface [ 462.230069][ T8365] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 462.274605][ T8365] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 462.302471][ T8365] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 462.678688][ T8370] netlink: 8 bytes leftover after parsing attributes in process `syz.3.880'. [ 462.977944][ T8370] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 463.169089][ T8372] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 463.184900][ T8372] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 463.219572][ T8372] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 463.227755][ T8372] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.525744][ T6527] libceph: connect (1)[c::]:6789 error -101 [ 464.532143][ T6527] libceph: mon0 (1)[c::]:6789 connect error [ 464.601507][ T8386] ceph: No mds server is up or the cluster is laggy [ 464.778288][ T8394] netlink: 4 bytes leftover after parsing attributes in process `syz.5.899'. [ 465.045780][ T6527] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 465.071392][ T8400] netlink: 4 bytes leftover after parsing attributes in process `syz.5.899'. [ 465.159668][ T6521] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 465.245689][ T6527] usb 4-1: Using ep0 maxpacket: 8 [ 465.266998][ T6527] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 465.275827][ T6527] usb 4-1: config 179 has no interface number 0 [ 465.282339][ T6527] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 465.294063][ T6527] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 465.305747][ T6527] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 465.317327][ T6527] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 465.333470][ T6527] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 465.349048][ T6527] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 465.358551][ T6527] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.475569][ T6521] usb 3-1: Using ep0 maxpacket: 32 [ 465.505230][ T6521] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 465.514620][ T6521] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.558750][ T8396] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 465.625852][ T6521] usb 3-1: config 0 descriptor?? [ 465.756846][ T6521] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 465.941350][ T6520] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input12 [ 466.149089][ T8396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 466.161159][ T8396] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 466.639586][ T24] usb 4-1: USB disconnect, device number 12 [ 466.645021][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 466.654987][ C0] dummy_hcd dummy_hcd.3: timer fired with no URBs pending? [ 466.956824][ T6521] gspca_vc032x: reg_w err -71 [ 466.969370][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 466.977399][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 466.982881][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 466.988595][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 466.994077][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 466.999782][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.005620][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.011099][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.016730][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.022191][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.027866][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.033317][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.038999][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.044453][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.050105][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.055697][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.061158][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.073869][ T6521] gspca_vc032x: I2c Bus Busy Wait 00 [ 467.081295][ T6521] gspca_vc032x: Unknown sensor... [ 467.086997][ T6521] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 467.229807][ T6521] usb 3-1: USB disconnect, device number 7 [ 468.867731][ T8437] netlink: 12 bytes leftover after parsing attributes in process `syz.4.904'. [ 468.991006][ T8437] 8021q: adding VLAN 0 to HW filter on device bond1 [ 470.488895][ T8467] loop2: detected capacity change from 0 to 164 [ 471.075715][ T8473] netlink: 12 bytes leftover after parsing attributes in process `syz.4.918'. [ 472.515545][ T6521] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 472.721193][ T6521] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 472.733327][ T6521] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 472.743546][ T6521] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 472.756957][ T6521] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 472.766420][ T6521] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 472.810574][ T6521] usb 7-1: config 0 descriptor?? [ 473.407436][ T6521] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 473.549732][ T6521] usb 7-1: USB disconnect, device number 6 [ 474.050221][ T8503] fido_id[8503]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 474.066945][ T8507] syzkaller1: entered promiscuous mode [ 474.077517][ T8507] syzkaller1: entered allmulticast mode [ 476.056357][ T8530] 9pnet_fd: Insufficient options for proto=fd [ 477.349441][ T8548] loop2: detected capacity change from 0 to 128 [ 477.368225][ T8548] EXT4-fs: Ignoring removed nobh option [ 477.486519][ T8548] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 477.555959][ T8548] ext4 filesystem being mounted at /204/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 478.142314][ T5805] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 478.202118][ T8552] loop6: detected capacity change from 0 to 4096 [ 478.277565][ T8552] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512). [ 478.662360][ T8552] ntfs3(loop6): ino=19, mi_enum_attr [ 478.668480][ T8552] ntfs3(loop6): Mark volume as dirty due to NTFS errors [ 479.691680][ T24] kernel write not supported for file bpf-prog (pid: 24 comm: kworker/1:0) [ 480.596590][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 480.603280][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 480.636831][ T8586] loop3: detected capacity change from 0 to 128 [ 480.698931][ T8586] EXT4-fs: Ignoring removed nobh option [ 480.794510][ T8586] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 481.265450][ T8586] ext4 filesystem being mounted at /186/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 481.854602][ T5793] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 482.386934][ T8605] bridge_slave_0: left allmulticast mode [ 482.392833][ T8605] bridge_slave_0: left promiscuous mode [ 482.399869][ T8605] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.460606][ T8605] bridge_slave_1: left allmulticast mode [ 482.466880][ T8605] bridge_slave_1: left promiscuous mode [ 482.473666][ T8605] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.708045][ T8605] team0: Port device team_slave_0 removed [ 482.750023][ T8605] team0: Port device team_slave_1 removed [ 482.761949][ T8605] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 482.769762][ T8605] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 482.790470][ T8605] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 482.798309][ T8605] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 482.825853][ T8605] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 484.963508][ T8634] loop6: detected capacity change from 0 to 128 [ 485.057208][ T8634] EXT4-fs: Ignoring removed nobh option [ 485.171635][ T8634] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 485.226896][ T8634] ext4 filesystem being mounted at /80/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 485.628838][ T7388] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 485.746450][ T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 485.935778][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 485.959923][ T24] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 485.969268][ T24] usb 3-1: config 0 has no interface number 0 [ 485.975996][ T24] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 486.082492][ T24] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 486.092670][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.101654][ T24] usb 3-1: Product: syz [ 486.106282][ T24] usb 3-1: Manufacturer: syz [ 486.115737][ T24] usb 3-1: SerialNumber: syz [ 486.161164][ T24] usb 3-1: config 0 descriptor?? [ 486.193416][ T8645] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 486.245962][ T8649] loop6: detected capacity change from 0 to 128 [ 486.384997][ T8649] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 486.540643][ T8649] ext4 filesystem being mounted at /81/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 486.549200][ T8645] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 487.163748][ T7388] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 487.224349][ T8655] loop3: detected capacity change from 0 to 2048 [ 487.326846][ T24] asix 3-1:0.188 (unnamed net_device) (uninitialized): invalid hw address, using random [ 487.496698][ T8655] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 487.736223][ T24] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 487.747640][ T24] asix 3-1:0.188: probe with driver asix failed with error -71 [ 487.880962][ T24] usb 3-1: USB disconnect, device number 8 [ 488.096643][ T8663] loop6: detected capacity change from 0 to 512 [ 488.653136][ T8667] loop3: detected capacity change from 0 to 16 [ 488.758933][ T8667] erofs (device loop3): mounted with root inode @ nid 36. [ 488.894990][ T8667] erofs (device loop3): readahead error at folio 4 @ nid 36 [ 488.909854][ T8667] syz.3.1001: attempt to access beyond end of device [ 488.909854][ T8667] loop3: rw=524288, sector=16, nr_sectors = 8 limit=16 [ 488.924194][ T8667] syz.3.1001: attempt to access beyond end of device [ 488.924194][ T8667] loop3: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 488.940214][ T8667] erofs (device loop3): bogus lookback distance 1 @ lcn 0 of nid 36 [ 488.948694][ T8667] erofs (device loop3): read error -117 @ 0 of nid 36 [ 488.955843][ T8667] erofs (device loop3): failed to readdir of logical block 0 of nid 36 [ 490.036332][ T8667] erofs (device loop3): readahead error at folio 6 @ nid 36 [ 490.044325][ T8667] syz.3.1001: attempt to access beyond end of device [ 490.044325][ T8667] loop3: rw=524288, sector=16, nr_sectors = 8 limit=16 [ 490.058685][ T8667] syz.3.1001: attempt to access beyond end of device [ 490.058685][ T8667] loop3: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 490.073025][ T8667] erofs (device loop3): bogus lookback distance 1 @ lcn 0 of nid 36 [ 490.081728][ T8667] erofs (device loop3): read error -117 @ 0 of nid 36 [ 490.088922][ T8667] erofs (device loop3): failed to readdir of logical block 0 of nid 36 [ 490.103402][ T8674] loop6: detected capacity change from 0 to 128 [ 490.120277][ T8673] netlink: 'syz.2.1005': attribute type 9 has an invalid length. [ 490.177882][ T8674] EXT4-fs: Ignoring removed nobh option [ 490.240792][ T8674] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 490.347050][ T8674] ext4 filesystem being mounted at /83/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 491.019355][ T7388] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 491.083425][ T8687] netlink: 'syz.3.1009': attribute type 1 has an invalid length. [ 491.187602][ T8687] 8021q: adding VLAN 0 to HW filter on device bond3 [ 491.285079][ T8689] bond3: (slave geneve3): making interface the new active one [ 491.301381][ T8689] bond3: (slave geneve3): Enslaving as an active interface with an up link [ 491.379865][ T8691] syz.4.1010: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 491.395938][ T8691] CPU: 0 UID: 0 PID: 8691 Comm: syz.4.1010 Not tainted syzkaller #0 PREEMPT(none) [ 491.396097][ T8691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 491.396199][ T8691] Call Trace: [ 491.396250][ T8691] [ 491.396303][ T8691] __dump_stack+0x26/0x30 [ 491.396478][ T8691] dump_stack_lvl+0x1df/0x270 [ 491.396646][ T8691] dump_stack+0x1e/0x25 [ 491.396795][ T8691] warn_alloc+0x470/0x690 [ 491.397006][ T8691] ? kmsan_get_metadata+0xfb/0x160 [ 491.397159][ T8691] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 491.397324][ T8691] __vmalloc_node_range_noprof+0x133/0x2330 [ 491.397506][ T8691] ? kmsan_get_metadata+0xfb/0x160 [ 491.397656][ T8691] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 491.397823][ T8691] ? should_fail_ex+0x45/0x8a0 [ 491.397986][ T8691] ? kmsan_get_metadata+0xfb/0x160 [ 491.398129][ T8691] ? kmsan_get_metadata+0xfb/0x160 [ 491.398278][ T8691] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 491.398444][ T8691] ? kmsan_get_metadata+0xfb/0x160 [ 491.398602][ T8691] vmalloc_user_noprof+0xce/0x140 [ 491.398776][ T8691] ? xskq_create+0x11d/0x290 [ 491.398978][ T8691] xskq_create+0x11d/0x290 [ 491.399173][ T8691] xsk_init_queue+0xfd/0x1d0 [ 491.399361][ T8691] xsk_setsockopt+0x968/0xfe0 [ 491.399555][ T8691] ? __pfx_xsk_setsockopt+0x10/0x10 [ 491.399733][ T8691] __sys_setsockopt+0x43e/0x580 [ 491.399933][ T8691] __ia32_sys_setsockopt+0xf3/0x1a0 [ 491.400135][ T8691] ia32_sys_call+0x24c2/0x4310 [ 491.400325][ T8691] __do_fast_syscall_32+0xb0/0x150 [ 491.400516][ T8691] ? irqentry_exit_to_user_mode+0x7f/0xa0 [ 491.400716][ T8691] do_fast_syscall_32+0x38/0x80 [ 491.400904][ T8691] do_SYSENTER_32+0x1f/0x30 [ 491.401090][ T8691] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 491.401264][ T8691] RIP: 0023:0xf700d539 [ 491.401371][ T8691] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 491.401493][ T8691] RSP: 002b:00000000f53fd55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 491.401623][ T8691] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b [ 491.401715][ T8691] RDX: 0000000000000002 RSI: 0000000080000140 RDI: 0000000000000004 [ 491.401800][ T8691] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 491.401882][ T8691] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 491.401970][ T8691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 491.402089][ T8691] [ 491.402169][ T8691] Mem-Info: [ 491.675461][ T8691] active_anon:5358 inactive_anon:0 isolated_anon:0 [ 491.675461][ T8691] active_file:15237 inactive_file:39965 isolated_file:0 [ 491.675461][ T8691] unevictable:768 dirty:311 writeback:0 [ 491.675461][ T8691] slab_reclaimable:5323 slab_unreclaimable:22924 [ 491.675461][ T8691] mapped:30148 shmem:1442 pagetables:1415 [ 491.675461][ T8691] sec_pagetables:0 bounce:0 [ 491.675461][ T8691] kernel_misc_reclaimable:0 [ 491.675461][ T8691] free:358219 free_pcp:13528 free_cma:0 [ 491.721360][ T8691] Node 0 active_anon:21432kB inactive_anon:0kB active_file:60948kB inactive_file:159656kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120592kB dirty:1244kB writeback:0kB shmem:4232kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5776kB pagetables:5372kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 491.758697][ T8691] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:356kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 491.791480][ T8691] Node 0 DMA free:4096kB boost:0kB min:164kB low:204kB high:244kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:4096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 491.821911][ T8691] lowmem_reserve[]: 0 929 1242 1242 1242 [ 491.828369][ T8691] Node 0 DMA32 free:505600kB boost:0kB min:36800kB low:46000kB high:55200kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4084kB inactive_anon:0kB active_file:54724kB inactive_file:69380kB unevictable:0kB writepending:384kB zspages:0kB present:3129332kB managed:952044kB mlocked:0kB bounce:0kB free_pcp:41260kB local_pcp:22568kB free_cma:0kB [ 491.869292][ T8691] lowmem_reserve[]: 0 0 312 312 312 [ 491.876750][ T8691] Node 0 Normal free:19048kB boost:0kB min:12980kB low:16224kB high:19468kB reserved_highatomic:0KB free_highatomic:0KB active_anon:17416kB inactive_anon:0kB active_file:6224kB inactive_file:90276kB unevictable:1536kB writepending:792kB zspages:0kB present:1048580kB managed:320476kB mlocked:0kB bounce:0kB free_pcp:12620kB local_pcp:7592kB free_cma:0kB [ 491.910476][ T8691] lowmem_reserve[]: 0 0 0 0 0 [ 491.915999][ T8691] Node 1 Normal free:904132kB boost:0kB min:40156kB low:50192kB high:60228kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:991252kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 491.953372][ T8691] lowmem_reserve[]: 0 0 0 0 0 [ 491.960980][ T8691] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 491.974317][ T8691] Node 0 DMA32: 1162*4kB (UME) 611*8kB (UME) 432*16kB (UME) 262*32kB (UME) 162*64kB (UM) 119*128kB (UME) 22*256kB (UME) 18*512kB (UME) 20*1024kB (UM) 1*2048kB (E) 102*4096kB (UM) = 505600kB [ 491.995348][ T8691] Node 0 Normal: 420*4kB (UME) 193*8kB (UM) 94*16kB (UME) 38*32kB (UME) 29*64kB (UME) 16*128kB (UME) 6*256kB (UM) 5*512kB (UM) 5*1024kB (UME) 0*2048kB 0*4096kB = 19064kB [ 492.014893][ T8691] Node 1 Normal: 7*4kB (UME) 9*8kB (UE) 14*16kB (UME) 26*32kB (UME) 19*64kB (UME) 11*128kB (UME) 7*256kB (UME) 9*512kB (UME) 7*1024kB (UME) 5*2048kB (UME) 214*4096kB (UM) = 904132kB [ 492.035265][ T8691] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 492.045272][ T8691] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 492.059887][ T8691] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 492.071494][ T8691] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 492.081213][ T8691] 56635 total pagecache pages [ 492.086344][ T8691] 0 pages in swap cache [ 492.090671][ T8691] Free swap = 124996kB [ 492.095225][ T8691] Total swap = 124996kB [ 492.099554][ T8691] 2097051 pages RAM [ 492.103532][ T8691] 0 pages HighMem/MovableOnly [ 492.108557][ T8691] 1530084 pages reserved [ 492.112967][ T8691] 0 pages cma reserved [ 492.590100][ T8701] netlink: 'syz.5.1014': attribute type 10 has an invalid length. [ 492.896181][ T5800] Bluetooth: hci0: command 0x0406 tx timeout [ 493.769182][ T8716] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1020'. [ 493.975477][ T24] usb 7-1: new full-speed USB device number 7 using dummy_hcd [ 494.186875][ T24] usb 7-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 494.196742][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.291171][ T24] usb 7-1: config 0 descriptor?? [ 494.975226][ T8727] lo speed is unknown, defaulting to 1000 [ 495.619123][ T24] pegasus 7-1:0.0: can't reset MAC [ 495.625860][ T24] pegasus 7-1:0.0: probe with driver pegasus failed with error -5 [ 495.966734][ T24] usb 7-1: USB disconnect, device number 7 [ 497.308507][ T8744] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1032'. [ 497.429407][ T8747] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1032'. [ 497.560285][ T8744] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1032'. [ 497.570010][ T8744] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1032'. [ 498.908490][ T8761] IPv6: Can't replace route, no match found [ 499.775374][ T6521] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 499.991795][ T6521] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 500.047873][ T6521] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 500.052242][ T8778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1047'. [ 500.057389][ T6521] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.057533][ T6521] usb 4-1: Product: syz [ 500.057643][ T6521] usb 4-1: Manufacturer: syz [ 500.084618][ T6521] usb 4-1: SerialNumber: syz [ 500.154867][ T8778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1047'. [ 500.203413][ T8779] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1047'. [ 500.213157][ T8779] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1047'. [ 500.517740][ T8781] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1048'. [ 500.684177][ T8781] smc: adding net device bond0 with user defined pnetid SYZ2 [ 500.695134][ T8781] bond0: entered promiscuous mode [ 500.701911][ T8781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 500.923782][ T8783] 8021q: adding VLAN 0 to HW filter on device bond1 [ 500.940478][ T8783] bond1: entered promiscuous mode [ 500.953616][ T8783] bond0: (slave bond1): Enslaving as an active interface with an up link [ 500.964161][ T8792] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1051'. [ 501.277828][ T6521] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 501.284630][ T6521] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 501.292780][ T6521] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 501.514183][ T6521] cdc_ncm 4-1:1.0: setting tx_max = 184 [ 501.534143][ T6521] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 501.711139][ T6521] usb 4-1: USB disconnect, device number 13 [ 501.720001][ T6521] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 502.611935][ T6521] IPVS: starting estimator thread 0... [ 502.706706][ T8803] IPVS: using max 240 ests per chain, 12000 per kthread [ 504.701340][ T8828] loop6: detected capacity change from 0 to 2048 [ 504.742694][ T8828] UDF-fs: error (device loop6): udf_process_sequence: Primary Volume Descriptor not found! [ 504.825592][ T8828] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 504.890984][ T8831] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1066'. [ 506.288648][ T8846] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1073'. [ 506.425426][ T8846] smc: adding net device bond0 with user defined pnetid SYZ2 [ 506.437756][ T8846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 506.648787][ T8846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 506.658232][ T8846] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address [ 506.679459][ T8846] bond0: (slave vxcan3): Error -95 calling set_mac_address [ 507.615432][ T8863] loop6: detected capacity change from 0 to 7 [ 507.667364][ T8863] Dev loop6: unable to read RDB block 7 [ 507.673279][ T8863] loop6: unable to read partition table [ 507.712248][ T8863] loop6: partition table beyond EOD, truncated [ 507.724022][ T8863] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 507.965286][ T24] IPVS: starting estimator thread 0... [ 507.972495][ T8869] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 508.096189][ T8871] IPVS: using max 192 ests per chain, 9600 per kthread [ 508.242968][ T8873] tls_set_device_offload: netdev not found [ 510.905628][ T8911] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 511.890456][ T8928] overlayfs: failed to clone upperpath [ 514.215186][ T24] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 514.408128][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 514.458089][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 514.469529][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 514.483219][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 514.493561][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.617129][ T8961] overlayfs: failed to clone upperpath [ 514.637083][ T24] usb 4-1: config 0 descriptor?? [ 514.672814][ T24] hub 4-1:0.0: USB hub found [ 514.915482][ T24] hub 4-1:0.0: 1 port detected [ 515.560008][ T24] hub 4-1:0.0: activate --> -90 [ 515.983754][ T24] usb 4-1-port1: cannot disable (err = -71) [ 515.985389][ T6521] usb 4-1: USB disconnect, device number 14 [ 516.275936][ T8981] netlink: 'syz.5.1135': attribute type 2 has an invalid length. [ 516.330377][ T8982] netlink: 'syz.5.1135': attribute type 2 has an invalid length. [ 516.341392][ T8982] netlink: 'syz.5.1135': attribute type 2 has an invalid length. [ 517.473983][ T8998] netlink: 240 bytes leftover after parsing attributes in process `syz.3.1140'. [ 518.496296][ T6521] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 518.695133][ T6521] usb 7-1: Using ep0 maxpacket: 32 [ 518.740986][ T6521] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 518.751708][ T6521] usb 7-1: config 0 has no interfaces? [ 518.760677][ T6521] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 518.770389][ T6521] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.853381][ T6521] usb 7-1: config 0 descriptor?? [ 519.897674][ T6520] usb 7-1: USB disconnect, device number 8 [ 522.310520][ T6520] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 522.524833][ T6520] usb 3-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 522.534200][ T6520] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.542709][ T6520] usb 3-1: Product: syz [ 522.547379][ T6520] usb 3-1: Manufacturer: syz [ 522.552201][ T6520] usb 3-1: SerialNumber: syz [ 522.586696][ T6520] usb 3-1: config 0 descriptor?? [ 523.911096][ T6520] usb 3-1: f81604_read: reg: 100e failed: -EPROTO [ 524.022562][ T6520] usb 3-1: f81604_read: reg: 200f failed: -EPROTO [ 524.118930][ T6520] usb 3-1: USB disconnect, device number 9 [ 524.158755][ T6520] usb 3-1: f81604_read: reg: 100f failed: -ENODEV [ 524.294391][ T9091] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1182'. [ 524.339716][ T6520] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 525.575326][ T24] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 525.765193][ T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 525.775982][ T24] usb 7-1: config 0 interface 0 has no altsetting 0 [ 525.815887][ T24] usb 7-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=b1.f9 [ 525.825529][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.833764][ T24] usb 7-1: Product: syz [ 525.838383][ T24] usb 7-1: Manufacturer: syz [ 525.846722][ T24] usb 7-1: SerialNumber: syz [ 525.933636][ T24] usb 7-1: config 0 descriptor?? [ 525.974282][ T24] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 526.010129][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 526.059367][ T24] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 526.068739][ T24] usb 7-1: media controller created [ 526.166528][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 526.672143][ T24] DVB: Unable to find symbol tda10046_attach() [ 526.678763][ T24] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 526.690335][ T24] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 526.856803][ T9121] lo speed is unknown, defaulting to 1000 [ 527.563394][ T9126] netlink: 'syz.3.1194': attribute type 7 has an invalid length. [ 527.759096][ T24] dvb_usb_m920x 7-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 527.782697][ T24] usb 7-1: USB disconnect, device number 9 [ 528.483919][ T9136] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1197'. [ 529.305915][ T9141] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1201'. [ 532.489107][ T9168] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1211'. [ 533.177437][ T9180] loop2: detected capacity change from 0 to 128 [ 533.290259][ T9180] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 533.380767][ T9180] ext4 filesystem being mounted at /256/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 533.570162][ T30] audit: type=1800 audit(1762522655.878:443): pid=9180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1216" name="file1" dev="loop2" ino=12 res=0 errno=0 [ 533.952569][ T5805] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 534.552489][ T5803] Bluetooth: hci2: unexpected event for opcode 0x0000 [ 535.298780][ T9205] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1227'. [ 535.308329][ T9205] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1227'. [ 535.451728][ T6520] lo speed is unknown, defaulting to 1000 [ 538.565124][ T5803] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 538.573863][ T5803] Bluetooth: hci2: Injecting HCI hardware error event [ 538.581772][ T5800] Bluetooth: hci2: hardware error 0x00 [ 540.337740][ T9277] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 540.649017][ T5800] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 540.747180][ T9287] bond_slave_0: entered promiscuous mode [ 540.757505][ T9287] bond_slave_0: left promiscuous mode [ 542.039747][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 542.046770][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 542.294309][ T6520] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 542.518168][ T6520] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 549.412118][ T9405] loop3: detected capacity change from 0 to 1024 [ 550.078354][ T3770] hfsplus: b-tree write err: -5, ino 3 [ 550.116422][ T5793] hfsplus: node 4:3 still has 1 user(s)! [ 550.131888][ T9409] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1310'. [ 551.689047][ T9426] trusted_key: syz.5.1317 sent an empty control message without MSG_MORE. [ 552.362727][ T9424] loop6: detected capacity change from 0 to 8192 [ 557.422020][ T9470] syz.3.1337(9470): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 561.983697][ T9520] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1358'. [ 565.306555][ T9561] loop3: detected capacity change from 0 to 256 [ 567.607596][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 570.975414][ T24] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 571.151769][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.163454][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 571.173798][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 571.187349][ T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 571.196928][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.336700][ T24] usb 3-1: config 0 descriptor?? [ 571.796807][ T24] plantronics 0003:047F:FFFF.000E: reserved main item tag 0xd [ 571.981529][ T24] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 572.032755][ T42] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 572.376401][ T24] usb 3-1: USB disconnect, device number 10 [ 572.610852][ T42] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 572.621290][ T42] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.629926][ T42] usb 4-1: Product: syz [ 572.634297][ T42] usb 4-1: Manufacturer: syz [ 572.642738][ T42] usb 4-1: SerialNumber: syz [ 572.710360][ T42] usb 4-1: config 0 descriptor?? [ 573.315412][ T42] airspy 4-1:0.0: Board ID: 00 [ 573.320456][ T42] airspy 4-1:0.0: Firmware version: [ 574.040218][ T9658] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1414'. [ 574.169166][ T42] airspy 4-1:0.0: usb_control_msg() failed -71 request 0f [ 574.226502][ T42] airspy 4-1:0.0: Registered as swradio24 [ 574.232665][ T42] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 574.303551][ T42] usb 4-1: USB disconnect, device number 15 [ 574.741191][ T9663] overlayfs: failed to clone upperpath [ 576.866800][ T9689] atomic_op ffff88811b322d28 conn xmit_atomic 0000000000000000 [ 578.532191][ T9709] loop3: detected capacity change from 0 to 7 [ 578.543612][ T30] audit: type=1326 audit(1762522700.858:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.4.1436" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf700d539 code=0x0 [ 578.555851][ T9709] Dev loop3: unable to read RDB block 7 [ 578.572111][ T9709] loop3: unable to read partition table [ 578.634502][ T9709] loop3: partition table beyond EOD, truncated [ 578.641292][ T9709] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 581.560903][ T9746] netlink: 'syz.6.1452': attribute type 1 has an invalid length. [ 581.664830][ T9746] bond1: entered promiscuous mode [ 581.670132][ T9746] bond1: entered allmulticast mode [ 581.763675][ T9750] bridge1: entered promiscuous mode [ 581.769440][ T9750] bridge1: entered allmulticast mode [ 581.790703][ T9750] bond1: (slave bridge1): making interface the new active one [ 581.802140][ T9750] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 582.202650][ T9754] fuse: Bad value for 'fd' [ 584.263018][ T9783] netlink: 'syz.6.1467': attribute type 4 has an invalid length. [ 584.353175][ T9784] netlink: 'syz.6.1467': attribute type 4 has an invalid length. [ 585.290327][ T9796] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1473'. [ 585.390007][ T9797] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1473'. [ 585.846015][ T6520] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 586.061265][ T6520] usb 3-1: Using ep0 maxpacket: 32 [ 586.105318][ T6520] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 586.113878][ T6520] usb 3-1: config 0 has no interface number 0 [ 586.120556][ T6520] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 586.131923][ T6520] usb 3-1: config 0 interface 85 has no altsetting 0 [ 586.254043][ T6520] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 586.268129][ T6520] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.278274][ T6520] usb 3-1: Product: syz [ 586.282670][ T6520] usb 3-1: Manufacturer: syz [ 586.287834][ T6520] usb 3-1: SerialNumber: syz [ 586.329063][ T6520] usb 3-1: config 0 descriptor?? [ 586.835868][ T9799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 586.849788][ T9799] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 587.188051][ T6520] appletouch 3-1:0.85: Geyser mode initialized. [ 587.198985][ T6520] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input15 [ 587.448030][ T42] usb 3-1: USB disconnect, device number 11 [ 587.492600][ T42] appletouch 3-1:0.85: input: appletouch disconnected [ 588.948068][ T9828] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 592.766427][ T9861] netlink: 'syz.2.1501': attribute type 1 has an invalid length. [ 592.879181][ T9861] 8021q: adding VLAN 0 to HW filter on device bond1 [ 593.158200][ T9861] bond1: (slave geneve2): making interface the new active one [ 593.175327][ T9861] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 594.045591][ T9873] fuse: Bad value for 'fd' [ 594.385390][ T9877] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 594.392740][ T9877] overlayfs: failed to set xattr on upper [ 594.399033][ T9877] overlayfs: ...falling back to index=off. [ 594.405568][ T9877] overlayfs: ...falling back to uuid=null. [ 594.734531][ T9880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1508'. [ 594.744126][ T9880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1508'. [ 595.146539][ T9887] batadv_slave_1: entered promiscuous mode [ 595.185819][ T9884] batadv_slave_1: left promiscuous mode [ 596.710344][ T9901] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 603.476880][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 603.483805][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 603.699333][ T9970] fuse: Bad value for 'fd' [ 604.593101][ T9981] loop2: detected capacity change from 0 to 256 [ 604.826770][ T9981] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 605.234359][ T9985] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1552'. [ 605.313440][ T9985] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1552'. [ 605.398003][ T9985] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1552'. [ 606.688497][ T5800] Bluetooth: hci4: unexpected event for opcode 0x1004 [ 608.999801][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1571'. [ 610.149777][T10037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1572'. [ 610.249932][T10037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1572'. [ 610.367702][T10037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1572'. [ 610.747498][ T5800] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 610.758110][ T5800] Bluetooth: hci4: Injecting HCI hardware error event [ 610.771192][ T5800] Bluetooth: hci4: hardware error 0x00 [ 611.463558][T10049] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 612.811565][ T5800] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 616.817537][T10061] loop2: detected capacity change from 0 to 512 [ 616.882972][T10061] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 616.970557][T10061] EXT4-fs (loop2): 1 truncate cleaned up [ 616.986823][T10061] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 617.052357][T10061] EXT4-fs error (device loop2): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.2.1586: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 617.135842][T10061] EXT4-fs (loop2): Remounting filesystem read-only [ 617.142621][T10061] EXT4-fs warning (device loop2): ext4_rename_delete:3731: inode #2: comm syz.2.1586: Deleting old file: nlink 5, error=-117 [ 617.508526][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 617.949015][T10076] loop2: detected capacity change from 0 to 512 [ 618.000927][T10076] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 618.303779][T10076] FAT-fs (loop2): error, invalid access to FAT (entry 0x0fffff00) [ 618.358746][T10080] loop3: detected capacity change from 0 to 128 [ 621.864561][T10113] ------------[ cut here ]------------ [ 621.870464][T10113] WARNING: CPU: 1 PID: 10113 at fs/exec.c:119 path_noexec+0x2ac/0x310 [ 621.880007][T10113] Modules linked in: [ 621.884168][T10113] CPU: 1 UID: 0 PID: 10113 Comm: syz.2.1608 Not tainted syzkaller #0 PREEMPT(none) [ 621.897546][T10113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 621.908995][T10113] RIP: 0010:path_noexec+0x2ac/0x310 [ 621.914549][T10113] Code: 49 89 ff 8b 7d d4 e8 c3 ee e2 ff 4c 89 ff e9 c8 fe ff ff 44 89 e7 e8 b3 ee e2 ff 4d 85 ed 0f 85 a3 fe ff ff e8 45 14 3d ff 90 <0f> 0b 90 48 8b 7d c0 4c 8b 37 e8 75 e3 e2 ff 48 8b 00 48 89 45 c8 [ 621.934926][T10113] RSP: 0018:ffff888055233b80 EFLAGS: 00010283 [ 621.941287][T10113] RAX: ffffffff82ba12eb RBX: ffff888101a7cda0 RCX: 0000000000080000 [ 621.949718][T10113] RDX: ffffc90009405000 RSI: 000000000000005c RDI: 000000000000005d [ 621.958165][T10113] RBP: ffff888055233bc0 R08: ffffea000000000f R09: 0000000000000003 [ 621.966705][T10113] R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000000 [ 621.975110][T10113] R13: 0000000000000000 R14: ffff888101b601a0 R15: 0000000000000000 [ 621.983328][T10113] FS: 0000000000000000(0000) GS:ffff8881aae51000(0063) knlGS:00000000f542db40 [ 621.992723][T10113] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 622.002651][T10113] CR2: 000000002ef21ffc CR3: 0000000026818000 CR4: 00000000003526f0 [ 622.011706][T10113] Call Trace: [ 622.015386][T10113] [ 622.018503][T10113] do_mmap+0x1570/0x1d70 [ 622.023099][T10113] vm_mmap_pgoff+0x40d/0x770 [ 622.028622][T10113] ksys_mmap_pgoff+0x51b/0x7c0 [ 622.033744][T10113] __ia32_sys_mmap_pgoff+0x11a/0x1d0 [ 622.039632][T10113] ia32_sys_call+0x1e23/0x4310 [ 622.044930][T10113] __do_fast_syscall_32+0xb0/0x150 [ 622.050399][T10113] do_fast_syscall_32+0x38/0x80 [ 622.055956][T10113] do_SYSENTER_32+0x1f/0x30 [ 622.060854][T10113] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 622.067786][T10113] RIP: 0023:0xf703d539 [ 622.072085][T10113] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 622.092237][T10113] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 00000000000000c0 [ 622.104061][T10113] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000003000 [ 622.113386][T10113] RDX: 0000000003000007 RSI: 0000000000000011 RDI: 0000000000000005 [ 622.121980][T10113] RBP: 0000000000000060 R08: 0000000000000000 R09: 0000000000000000 [ 622.130461][T10113] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 622.138960][T10113] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 622.147393][T10113] [ 622.150613][T10113] ---[ end trace 0000000000000000 ]--- [ 622.228738][T10112] veth3: entered allmulticast mode [ 622.311338][T10115] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1609'. [ 622.321234][T10115] netem: unknown loss type 13 [ 622.327066][T10115] netem: change failed [ 623.158613][T10124] fuse: Bad value for 'fd' [ 623.315876][ T6520] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 623.545446][ T6520] usb 4-1: Using ep0 maxpacket: 8 [ 623.585101][ T6520] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 623.595242][ T6520] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.603663][ T6520] usb 4-1: Product: syz [ 623.609350][ T6520] usb 4-1: Manufacturer: syz [ 623.614190][ T6520] usb 4-1: SerialNumber: syz [ 623.708130][ T6520] usb 4-1: config 0 descriptor?? [ 623.742498][ T6520] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 624.560161][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 625.032466][ T6520] gspca_sonixj: reg_w1 err -71 [ 625.130365][ T6520] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 625.179796][ T6520] usb 4-1: USB disconnect, device number 16 [ 625.659852][T10150] batadv_slave_1: entered promiscuous mode [ 625.702559][T10149] batadv_slave_1: left promiscuous mode [ 627.222497][T10169] input: syz0 as /devices/virtual/input/input16 [ 627.919435][T10179] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1634'. [ 628.758366][T10183] loop3: detected capacity change from 0 to 4096 [ 629.000401][T10187] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 629.375842][T10189] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 629.595389][T10195] bridge_slave_0: left allmulticast mode [ 629.601311][T10195] bridge_slave_0: left promiscuous mode [ 629.608460][T10195] bridge0: port 1(bridge_slave_0) entered disabled state [ 629.803263][T10195] bridge_slave_1: left allmulticast mode [ 629.809365][T10195] bridge_slave_1: left promiscuous mode [ 629.816474][T10195] bridge0: port 2(bridge_slave_1) entered disabled state [ 630.275836][T10195] team0: Port device team_slave_0 removed [ 630.357449][T10195] team0: Port device team_slave_1 removed [ 630.369438][T10195] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 630.377684][T10195] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 630.459845][T10195] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 630.468367][T10195] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 630.549599][T10195] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 630.719231][T10206] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1644'. [ 631.375396][T10210] loop3: detected capacity change from 0 to 512 [ 631.559947][T10210] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.1647: corrupted in-inode xattr: invalid ea_ino [ 631.657494][T10210] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1647: couldn't read orphan inode 15 (err -117) [ 631.700700][T10210] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 632.284046][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 632.635176][ T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 632.861668][ T24] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 632.873809][ T24] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 632.885546][ T24] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 632.897262][ T24] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 632.907209][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.962886][T10224] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 634.009561][ T6520] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 634.198516][ T6520] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 634.209535][ T6520] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 634.252093][ T6520] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 634.262124][ T6520] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 634.270566][ T6520] usb 4-1: Product: syz [ 634.275156][ T6520] usb 4-1: Manufacturer: syz [ 634.279987][ T6520] usb 4-1: SerialNumber: syz [ 634.403137][T10245] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1660'. [ 634.413291][T10245] netlink: 'syz.5.1660': attribute type 13 has an invalid length. [ 634.701890][ T24] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 634.714058][ T24] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input17 [ 634.786477][T10245] vxlan0: entered promiscuous mode [ 634.845469][ T3797] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 634.893287][ T6520] usb 4-1: 0:2 : does not exist [ 634.971862][ T58] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 635.054148][ T58] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 635.085705][ T6520] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 635.095405][ C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 635.104027][ T24] usb 3-1: USB disconnect, device number 12 [ 635.138498][ T58] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 635.335099][ T6520] usb 4-1: USB disconnect, device number 17 [ 635.578758][ T6088] udevd[6088]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 636.798393][T10263] batadv_slave_1: entered promiscuous mode [ 636.907708][T10261] batadv_slave_1: left promiscuous mode [ 640.846075][T10318] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 641.316477][T10324] netlink: 'syz.2.1696': attribute type 10 has an invalid length. [ 641.378813][T10324] team0: Port device dummy0 added [ 641.543496][T10331] netlink: 'syz.2.1696': attribute type 10 has an invalid length. [ 641.732501][T10331] team0: Port device dummy0 removed [ 641.758741][T10331] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 645.437601][T10361] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1708'. [ 645.862502][ T24] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 646.070391][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 646.082113][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 646.095709][ T24] usb 4-1: New USB device found, idVendor=056e, idProduct=010d, bcdDevice= 0.00 [ 646.105207][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.221293][ T24] usb 4-1: config 0 descriptor?? [ 646.230707][T10363] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 646.725837][ T24] elecom 0003:056E:010D.000F: unbalanced collection at end of report description [ 646.799442][ T24] elecom 0003:056E:010D.000F: probe with driver elecom failed with error -22 [ 646.954976][ T24] usb 4-1: USB disconnect, device number 18 [ 647.815570][ T6520] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 647.996880][ T6520] usb 3-1: Using ep0 maxpacket: 8 [ 648.031005][ T6520] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 648.044146][ T6520] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 648.055924][ T6521] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 648.132853][ T6520] pvrusb2: Hardware description: Terratec Grabster AV400 [ 648.140437][ T6520] pvrusb2: ********** [ 648.144760][ T6520] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 648.155208][ T6520] pvrusb2: Important functionality might not be entirely working. [ 648.163293][ T6520] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 648.175280][ T6520] pvrusb2: ********** [ 648.253342][T10388] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1721'. [ 648.264054][T10388] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 648.294157][ T6521] usb 7-1: config 220 has an invalid interface number: 76 but max is 2 [ 648.303277][ T6521] usb 7-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 648.317267][ T6521] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 648.329381][ T6521] usb 7-1: config 220 has no interface number 2 [ 648.336229][ T6521] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 648.350486][ T6521] usb 7-1: config 220 interface 0 has no altsetting 0 [ 648.357876][ T6521] usb 7-1: config 220 interface 76 has no altsetting 0 [ 648.365318][ T6521] usb 7-1: config 220 interface 1 has no altsetting 0 [ 648.457229][ T2332] pvrusb2: Invalid write control endpoint [ 648.457931][ T6521] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 648.472688][ T6521] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.481245][ T6521] usb 7-1: Product: syz [ 648.486502][ T6521] usb 7-1: Manufacturer: syz [ 648.491316][ T6521] usb 7-1: SerialNumber: syz [ 648.592045][T10388] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 648.690543][ T24] usb 3-1: USB disconnect, device number 13 [ 648.908810][ T6521] usb 7-1: selecting invalid altsetting 0 [ 648.915769][ T6521] uvcvideo 7-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 648.923665][ T6521] uvcvideo 7-1:220.0: No valid video chain found. [ 648.983308][ T2332] pvrusb2: Invalid write control endpoint [ 648.989543][ T2332] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 648.999550][ T2332] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 649.007621][ T2332] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 649.018097][ T2332] pvrusb2: Device being rendered inoperable [ 649.024239][ T2332] cx25840 3-0044: Unable to detect h/w, assuming cx23887 [ 649.035479][ T2332] cx25840 3-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 649.046306][ T2332] pvrusb2: Attached sub-driver cx25840 [ 649.051249][ T6521] usb 7-1: selecting invalid altsetting 0 [ 649.052094][ T2332] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 649.058004][ T6521] usbtest 7-1:220.1: probe with driver usbtest failed with error -22 [ 649.069064][ T2332] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 649.297007][ T6521] usb 7-1: USB disconnect, device number 10 [ 649.924533][T10400] netlink: 'syz.3.1725': attribute type 10 has an invalid length. [ 650.013375][T10400] bond0: (slave netdevsim3): Enslaving as an active interface with an up link [ 650.985310][T10412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1731'. [ 653.925097][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f889a00: rx timeout, send abort [ 653.934912][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f889e00: rx timeout, send abort [ 653.945034][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f889a00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 653.960137][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f889e00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 654.088582][T10448] netlink: 'syz.3.1747': attribute type 10 has an invalid length. [ 654.097463][T10448] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1747'. [ 654.107163][T10448] macvlan0: entered promiscuous mode [ 654.113832][T10448] macvlan0: entered allmulticast mode [ 654.119968][T10448] veth1_vlan: entered allmulticast mode [ 654.130274][T10448] bridge0: port 3(macvlan0) entered blocking state [ 654.137602][T10448] bridge0: port 3(macvlan0) entered disabled state [ 654.161373][T10448] bridge0: port 3(macvlan0) entered blocking state [ 654.168643][T10448] bridge0: port 3(macvlan0) entered forwarding state [ 656.079492][T10467] input: syz0 as /devices/virtual/input/input18 [ 657.105755][T10481] loop3: detected capacity change from 0 to 512 [ 657.142740][T10481] ext4: Bad value for 'sb' [ 657.999041][T10496] loop3: detected capacity change from 0 to 512 [ 658.063274][T10496] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 658.155402][T10496] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 658.230903][T10496] EXT4-fs (loop3): 1 truncate cleaned up [ 658.239593][T10496] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 658.697650][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 658.931895][T10505] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1772'. [ 661.269644][ T30] audit: type=1326 audit(1762522791.582:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10541 comm="syz.6.1788" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf704d539 code=0x0 [ 663.595277][T10575] input: syz0 as /devices/virtual/input/input19 [ 664.911623][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 664.918488][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 665.336913][T10596] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1809'. [ 667.021143][T10609] input: syz0 as /devices/virtual/input/input20 [ 671.415944][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 672.317129][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 672.607963][T10670] syzkaller1: entered promiscuous mode [ 672.613692][T10670] syzkaller1: entered allmulticast mode [ 672.668485][ T3797] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 672.692349][T10673] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1843'. [ 673.429079][ T3770] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 673.457472][T10682] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1846'. [ 673.792665][ T3770] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 675.018842][ T8688] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 675.603307][ T8036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 676.398735][T10770] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 676.408962][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 676.895147][ T6520] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 676.915729][T10767] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 677.128394][T10728] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 677.286569][ T6520] usb 3-1: Using ep0 maxpacket: 16 [ 677.412625][ T6520] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 677.426722][ T6520] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 677.714213][ T6520] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 677.723988][ T6520] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.734262][ T6520] usb 3-1: Product: syz [ 677.738906][ T6520] usb 3-1: Manufacturer: syz [ 677.743741][ T6520] usb 3-1: SerialNumber: syz [ 677.793816][ T6520] usb 3-1: config 0 descriptor?? [ 677.855979][ T6520] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 677.865953][ T6520] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 678.103486][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 678.298459][T10782] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 678.445826][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 678.558148][ T6520] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 678.582975][ T6520] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 678.797938][ T6520] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 678.805400][ T6520] em28xx 3-1:0.0: No AC97 audio processor [ 678.891583][ T6520] usb 3-1: USB disconnect, device number 14 [ 678.899858][ T6520] em28xx 3-1:0.0: Disconnecting em28xx [ 678.927704][ T6520] em28xx 3-1:0.0: Freeing device [ 679.247009][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 679.570550][T10792] loop6: detected capacity change from 0 to 1024 [ 679.590136][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 679.687565][T10792] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 679.779988][T10797] overlayfs: failed to clone upperpath [ 680.301884][ T7388] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 680.353902][T10807] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1868'. [ 680.398528][ T3827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 680.785726][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 681.305737][T10818] netlink: 204 bytes leftover after parsing attributes in process `syz.4.1873'. [ 681.344883][ T6521] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 681.369489][T10818] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1873'. [ 681.545828][ T6521] usb 4-1: Using ep0 maxpacket: 8 [ 681.565587][ T3718] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 681.590946][ T6521] usb 4-1: config 0 has no interfaces? [ 681.665391][ T6521] usb 4-1: New USB device found, idVendor=19d2, idProduct=0167, bcdDevice=bc.89 [ 681.676148][ T6521] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 681.684446][ T6521] usb 4-1: Product: syz [ 681.689120][ T6521] usb 4-1: Manufacturer: syz [ 681.693952][ T6521] usb 4-1: SerialNumber: syz [ 681.822844][ T6521] usb 4-1: config 0 descriptor?? [ 682.583448][ T24] usb 4-1: USB disconnect, device number 19 [ 682.705616][T10761] net_ratelimit: 1 callbacks suppressed [ 682.705705][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 683.038803][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 683.855868][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 684.217825][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 684.986337][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 685.346483][ T3718] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 685.717171][T10874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1897'. [ 686.130171][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 686.490940][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 687.286124][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 687.610188][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 687.865617][T10904] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 687.874512][T10904] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 687.884066][T10904] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 687.909158][T10904] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 687.918986][T10904] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 688.003125][T10902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 688.450623][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 688.675585][T10914] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1915'. [ 688.685693][T10914] netlink: 6320 bytes leftover after parsing attributes in process `syz.2.1915'. [ 688.695333][T10914] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1915'. [ 688.850532][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 689.189721][T10922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1919'. [ 689.566147][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 689.997447][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 691.526110][ T6521] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 691.744726][ T6521] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 691.755522][ T6521] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 691.869957][ T6521] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 691.879872][ T6521] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 691.888403][ T6521] usb 4-1: SerialNumber: syz [ 692.188795][ T6521] usb 4-1: 0:2 : does not exist [ 692.193989][ T6521] usb 4-1: usbmixer: too many channels (61) in unit 5 [ 692.286519][ T6521] usb 4-1: USB disconnect, device number 20 [ 693.055766][ T3718] net_ratelimit: 6 callbacks suppressed [ 693.055850][ T3718] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 693.429573][T10979] syzkaller1: entered promiscuous mode [ 693.436235][T10979] syzkaller1: entered allmulticast mode [ 693.590765][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 694.243959][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 694.742128][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 695.391192][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 695.891349][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 696.587981][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 697.050604][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 697.727368][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 697.885236][ T6520] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 698.060049][ T6520] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 698.073656][ T6520] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 698.091052][ T6520] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 698.101861][ T6520] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.167395][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 698.168167][ T6520] usb 3-1: config 0 descriptor?? [ 698.645978][ T6520] cm6533_jd 0003:0D8C:0022.0010: unknown main item tag 0x0 [ 698.659028][ T6520] cm6533_jd 0003:0D8C:0022.0010: unknown main item tag 0x0 [ 698.708086][ T6520] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0010/input/input21 [ 698.775487][ T6520] cm6533_jd 0003:0D8C:0022.0010: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 698.857526][ T3718] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 698.913808][ T6520] usb 3-1: USB disconnect, device number 15 [ 699.169086][ T30] audit: type=1326 audit(1762522829.482:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.6.1970" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d539 code=0x7ffc0000 [ 699.192782][ T30] audit: type=1326 audit(1762522829.482:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.6.1970" exe="/root/syz-executor" sig=0 arch=40000003 syscall=131 compat=1 ip=0xf704d539 code=0x7ffc0000 [ 699.241840][ T30] audit: type=1326 audit(1762522829.552:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.6.1970" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d539 code=0x7ffc0000 [ 699.265405][ T30] audit: type=1326 audit(1762522829.552:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.6.1970" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d539 code=0x7ffc0000 [ 699.303462][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 700.034900][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 700.418410][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 700.522121][T11066] loop2: detected capacity change from 0 to 512 [ 700.580101][T11066] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 700.633123][T11066] EXT4-fs (loop2): invalid journal inode [ 700.644229][T11066] EXT4-fs (loop2): can't get journal size [ 700.736145][T11066] EXT4-fs (loop2): 1 truncate cleaned up [ 700.748020][T11066] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 701.141659][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 701.509030][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 701.559603][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.262942][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.757426][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 702.977282][T11100] netlink: 14 bytes leftover after parsing attributes in process `syz.5.1993'. [ 703.025911][T11102] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1992'. [ 703.457352][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 703.708771][T11113] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1998'. [ 703.897869][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 704.594309][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 705.050005][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 705.705785][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 706.165588][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 706.825418][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 707.309952][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 707.957480][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 708.467041][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 709.258489][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 709.786003][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 709.806416][T11211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 710.160976][T11216] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2041'. [ 710.180436][ T24] IPVS: starting estimator thread 0... [ 710.192219][T11216] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2041'. [ 710.220742][T11216] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2041'. [ 710.238472][T11218] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2042'. [ 710.285894][T11217] IPVS: using max 192 ests per chain, 9600 per kthread [ 710.397838][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 710.917676][T11230] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 710.936874][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 711.520961][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 711.573921][T11238] netlink: 'syz.3.2052': attribute type 1 has an invalid length. [ 711.651061][T11238] 8021q: adding VLAN 0 to HW filter on device bond4 [ 711.739765][T11241] bond0: Device is already in use. [ 712.021967][T11245] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2054'. [ 712.076382][T11245] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2054'. [ 712.128819][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 712.731622][ T3827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 712.906410][T11259] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 713.309592][T11266] kvm: apic: phys broadcast and lowest prio [ 713.679525][T11272] loop6: detected capacity change from 0 to 512 [ 713.814324][T11272] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 713.890594][ T3718] net_ratelimit: 5 callbacks suppressed [ 713.890687][ T3718] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 713.945562][T11278] netlink: 'syz.3.2070': attribute type 1 has an invalid length. [ 713.946619][ T30] audit: type=1800 audit(1762523100.229:450): pid=11272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2066" name="file2" dev="loop6" ino=16 res=0 errno=0 [ 714.023727][T11278] 8021q: adding VLAN 0 to HW filter on device bond5 [ 714.107753][T11281] bond5: (slave ip6gretap1): making interface the new active one [ 714.122486][T11281] bond5: (slave ip6gretap1): Enslaving as an active interface with an up link [ 714.459312][ T7388] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 714.516430][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 715.066806][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 715.295778][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 715.305649][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 715.315499][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 715.665645][ T3718] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 716.210451][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 716.519685][ T24] libceph: connect (1)[c::]:6789 error -101 [ 716.526477][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 716.706662][T11318] ceph: No mds server is up or the cluster is laggy [ 716.726042][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 716.805999][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 718.267886][T11342] gretap1: entered promiscuous mode [ 719.248356][T10743] net_ratelimit: 12 callbacks suppressed [ 719.248558][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 719.301593][T11361] netlink: 51 bytes leftover after parsing attributes in process `syz.3.2102'. [ 719.779292][ T3718] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 720.425850][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 720.598412][T11362] lo speed is unknown, defaulting to 1000 [ 721.075931][T10761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 721.726943][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 722.278180][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 722.565715][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 722.575385][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 722.845038][T11402] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2118'. [ 722.915827][ T3827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 723.469760][T11405] netlink: 'syz.4.2119': attribute type 1 has an invalid length. [ 723.488117][T10756] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 723.610427][T11405] 8021q: adding VLAN 0 to HW filter on device bond2 [ 723.727669][T11410] bond2: (slave geneve2): making interface the new active one [ 723.742770][T11410] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 723.775598][ T3718] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.814452][ T3718] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.823284][ T3718] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.892993][ T3718] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.041850][T11412] bond2 (unregistering): Released all slaves [ 724.675957][ T3718] net_ratelimit: 1 callbacks suppressed [ 724.676045][ T3718] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 724.915896][T11416] loop3: detected capacity change from 0 to 4096 [ 725.096965][T11430] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2130'. [ 725.386353][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 725.685731][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 725.695533][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 725.821196][T10743] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 726.385273][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 726.392169][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 726.578482][ T3718] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 727.005924][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 727.746046][T10764] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 728.207453][ T3827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 728.377716][T11461] netlink: 51 bytes leftover after parsing attributes in process `syz.4.2143'. [ 728.805584][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 729.428302][T11478] overlayfs: missing 'lowerdir' [ 730.039927][T10711] net_ratelimit: 3 callbacks suppressed [ 730.040024][T10711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 730.259928][ T24] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 730.267971][ T24] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 730.276135][ T24] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 730.283836][ T24] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 730.289065][T11495] overlayfs: failed to clone upperpath [ 730.291983][ T24] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 730.305426][ T24] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 730.313127][ T24] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 730.320976][ T24] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 730.328866][ T24] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 730.340247][ T24] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 730.497545][ T24] hid-generic 0003:0004:0000.0011: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 730.587672][T10711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 731.240921][ T3827] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 731.447255][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 731.643054][T11515] loop3: detected capacity change from 0 to 64 [ 731.695145][T11515] hfs: unable to locate alternate MDB [ 731.700779][T11515] hfs: continuing without an alternate MDB [ 731.733108][ C1] ===================================================== [ 731.740672][ C1] BUG: KMSAN: uninit-value in can_receive+0x12c/0x4a0 [ 731.747846][ C1] can_receive+0x12c/0x4a0 [ 731.752495][ C1] canfd_rcv+0x1ff/0x3b0 [ 731.757132][ C1] __netif_receive_skb+0x477/0xac0 [ 731.762509][ C1] process_backlog+0x485/0xa00 [ 731.767561][ C1] __napi_poll+0xdd/0x8a0 [ 731.772155][ C1] net_rx_action+0xbc8/0x1c30 [ 731.777117][ C1] handle_softirqs+0x169/0x6e0 [ 731.782131][ C1] __do_softirq+0x14/0x1b [ 731.786882][ C1] do_softirq+0x99/0x100 [ 731.791398][ C1] __local_bh_enable_ip+0xa1/0xb0 [ 731.796762][ C1] __dev_queue_xmit+0x2df9/0x5e60 [ 731.802024][ C1] can_send+0xffa/0x1390 [ 731.806655][ C1] bcm_can_tx+0x97d/0xd90 [ 731.811191][ C1] bcm_tx_setup+0x17dc/0x2b70 [ 731.816215][ C1] bcm_sendmsg+0x568/0xda0 [ 731.820833][ C1] __sock_sendmsg+0x333/0x3d0 [ 731.825941][ C1] ____sys_sendmsg+0x7e0/0xd80 [ 731.830957][ C1] ___sys_sendmsg+0x271/0x3b0 [ 731.835964][ C1] __sys_sendmsg+0x1aa/0x300 [ 731.840803][ C1] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 731.846765][ C1] ia32_sys_call+0x3f6c/0x4310 [ 731.851798][ C1] __do_fast_syscall_32+0xb0/0x150 [ 731.857306][ C1] do_fast_syscall_32+0x38/0x80 [ 731.862486][ C1] do_SYSENTER_32+0x1f/0x30 [ 731.867344][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 731.874029][ C1] [ 731.876708][ C1] Uninit was created at: [ 731.881272][ C1] __kmalloc_node_track_caller_noprof+0xb4b/0x1ba0 [ 731.888088][ C1] kmalloc_reserve+0x22f/0x4b0 [ 731.893073][ C1] pskb_expand_head+0x1fc/0x1610 [ 731.898427][ C1] do_xdp_generic+0xa79/0x1690 [ 731.903437][ C1] __netif_receive_skb_core+0x2bc2/0x7150 [ 731.909588][ C1] __netif_receive_skb+0xcc/0xac0 [ 731.914980][ C1] process_backlog+0x485/0xa00 [ 731.919942][ C1] __napi_poll+0xdd/0x8a0 [ 731.924701][ C1] net_rx_action+0xbc8/0x1c30 [ 731.925836][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 731.929560][ C1] handle_softirqs+0x169/0x6e0 [ 731.939287][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 731.942590][ C1] __do_softirq+0x14/0x1b [ 731.955288][ C1] [ 731.957765][ C1] CPU: 1 UID: 0 PID: 11517 Comm: syz.5.2168 Tainted: G W syzkaller #0 PREEMPT(none) [ 731.969028][ C1] Tainted: [W]=WARN [ 731.972957][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 731.983339][ C1] ===================================================== [ 731.990481][ C1] Disabling lock debugging due to kernel taint [ 731.996882][ C1] Kernel panic - not syncing: kmsan.panic set ... [ 732.003471][ C1] CPU: 1 UID: 0 PID: 11517 Comm: syz.5.2168 Tainted: G B W syzkaller #0 PREEMPT(none) [ 732.014645][ C1] Tainted: [B]=BAD_PAGE, [W]=WARN [ 732.019785][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 732.029970][ C1] Call Trace: [ 732.033348][ C1] [ 732.036284][ C1] __dump_stack+0x26/0x30 [ 732.040798][ C1] dump_stack_lvl+0x53/0x270 [ 732.045597][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 732.051616][ C1] dump_stack+0x1e/0x25 [ 732.055953][ C1] vpanic+0x435/0xd30 [ 732.060133][ C1] panic+0x15d/0x160 [ 732.064259][ C1] kmsan_report+0x31c/0x320 [ 732.068931][ C1] ? __msan_warning+0x1b/0x30 [ 732.073755][ C1] ? can_receive+0x12c/0x4a0 [ 732.078555][ C1] ? canfd_rcv+0x1ff/0x3b0 [ 732.083198][ C1] ? __netif_receive_skb+0x477/0xac0 [ 732.088705][ C1] ? process_backlog+0x485/0xa00 [ 732.093816][ C1] ? __napi_poll+0xdd/0x8a0 [ 732.098530][ C1] ? net_rx_action+0xbc8/0x1c30 [ 732.103562][ C1] ? handle_softirqs+0x169/0x6e0 [ 732.108720][ C1] ? __do_softirq+0x14/0x1b [ 732.113501][ C1] ? do_softirq+0x99/0x100 [ 732.118114][ C1] ? __local_bh_enable_ip+0xa1/0xb0 [ 732.123514][ C1] ? __dev_queue_xmit+0x2df9/0x5e60 [ 732.128916][ C1] ? can_send+0xffa/0x1390 [ 732.133526][ C1] ? bcm_can_tx+0x97d/0xd90 [ 732.138183][ C1] ? bcm_tx_setup+0x17dc/0x2b70 [ 732.143197][ C1] ? bcm_sendmsg+0x568/0xda0 [ 732.147945][ C1] ? __sock_sendmsg+0x333/0x3d0 [ 732.152957][ C1] ? ____sys_sendmsg+0x7e0/0xd80 [ 732.158097][ C1] ? ___sys_sendmsg+0x271/0x3b0 [ 732.163163][ C1] ? __sys_sendmsg+0x1aa/0x300 [ 732.168137][ C1] ? __ia32_compat_sys_sendmsg+0xa4/0x100 [ 732.174114][ C1] ? ia32_sys_call+0x3f6c/0x4310 [ 732.179274][ C1] ? __do_fast_syscall_32+0xb0/0x150 [ 732.184814][ C1] ? do_fast_syscall_32+0x38/0x80 [ 732.190068][ C1] ? do_SYSENTER_32+0x1f/0x30 [ 732.194951][ C1] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 732.201662][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 732.207672][ C1] ? __netif_receive_skb_core+0x69da/0x7150 [ 732.213891][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 732.219883][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 732.225170][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 732.231170][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 732.236493][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 732.243066][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 732.248375][ C1] __msan_warning+0x1b/0x30 [ 732.253031][ C1] can_receive+0x12c/0x4a0 [ 732.257670][ C1] canfd_rcv+0x1ff/0x3b0 [ 732.262114][ C1] ? __pfx_canfd_rcv+0x10/0x10 [ 732.267080][ C1] __netif_receive_skb+0x477/0xac0 [ 732.272423][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 732.277739][ C1] process_backlog+0x485/0xa00 [ 732.282708][ C1] ? __pfx_process_backlog+0x10/0x10 [ 732.288175][ C1] __napi_poll+0xdd/0x8a0 [ 732.292717][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 732.298014][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 732.304027][ C1] net_rx_action+0xbc8/0x1c30 [ 732.308871][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 732.314879][ C1] ? sched_clock_cpu+0x59/0xa80 [ 732.319889][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 732.325214][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 732.330487][ C1] handle_softirqs+0x169/0x6e0 [ 732.335496][ C1] __do_softirq+0x14/0x1b [ 732.340014][ C1] do_softirq+0x99/0x100 [ 732.344455][ C1] [ 732.347489][ C1] [ 732.350523][ C1] __local_bh_enable_ip+0xa1/0xb0 [ 732.355768][ C1] __dev_queue_xmit+0x2df9/0x5e60 [ 732.361002][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 732.366293][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 732.372857][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 732.378138][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 732.384134][ C1] ? __dev_queue_xmit+0x30c/0x5e60 [ 732.389517][ C1] can_send+0xffa/0x1390 [ 732.394010][ C1] bcm_can_tx+0x97d/0xd90 [ 732.398539][ C1] bcm_tx_setup+0x17dc/0x2b70 [ 732.403440][ C1] bcm_sendmsg+0x568/0xda0 [ 732.408043][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 732.414201][ C1] ? __pfx_bcm_sendmsg+0x10/0x10 [ 732.419295][ C1] ? __pfx_bcm_sendmsg+0x10/0x10 [ 732.424396][ C1] __sock_sendmsg+0x333/0x3d0 [ 732.429271][ C1] ____sys_sendmsg+0x7e0/0xd80 [ 732.434279][ C1] ___sys_sendmsg+0x271/0x3b0 [ 732.439172][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 732.445194][ C1] ? __rcu_read_unlock+0x6d/0xd0 [ 732.450300][ C1] ? __fget_files+0x3b4/0x4a0 [ 732.455159][ C1] ? __fget_files+0x3b9/0x4a0 [ 732.460003][ C1] ? kmsan_get_metadata+0xfb/0x160 [ 732.465303][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 732.471341][ C1] __sys_sendmsg+0x1aa/0x300 [ 732.476178][ C1] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 732.481956][ C1] ia32_sys_call+0x3f6c/0x4310 [ 732.486936][ C1] __do_fast_syscall_32+0xb0/0x150 [ 732.492301][ C1] ? irqentry_exit_to_user_mode+0x7f/0xa0 [ 732.498244][ C1] do_fast_syscall_32+0x38/0x80 [ 732.503321][ C1] do_SYSENTER_32+0x1f/0x30 [ 732.508027][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 732.514563][ C1] RIP: 0023:0xf707d539 [ 732.518763][ C1] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 732.538546][ C1] RSP: 002b:00000000f546d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 732.547134][ C1] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000200 [ 732.555241][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 732.563349][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 732.571445][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 732.579546][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 732.587690][ C1] [ 732.591130][ C1] Kernel Offset: disabled [ 732.595530][ C1] Rebooting in 86400 seconds..