last executing test programs: 2m58.606210055s ago: executing program 2 (id=1382): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = syz_open_dev$loop(&(0x7f00000004c0), 0x8, 0x4000) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, 0x0) 2m58.493863026s ago: executing program 2 (id=1385): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000280)={0xaa, 0x28}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) 2m58.35166899s ago: executing program 2 (id=1388): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x30, 0x0, 0x2, 0x70bd27, 0x25dfdbfc, {}, [@GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_MS_ADDR6={0x14, 0xc, @mcast1}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000410}, 0x20000004) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0) r3 = dup(r2) ioctl$PTP_EXTTS_REQUEST2(r3, 0x40383d0c, &(0x7f0000000040)) 2m58.184435817s ago: executing program 2 (id=1390): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f626172726965722c63726561746f723d5c5d07842c63726561746f723dbd3cfff52c6e6c733d63703433372c756d61736b3d3030303030303030303030303030000000000000dc599bad22eebebb0002372c6e6f6465000000000000000000"], 0x1, 0x6a4, &(0x7f0000001380)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") socket$inet6(0xa, 0x2, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000240)={[{@nombcache}, {@debug}, {@norecovery}, {@grpid}, {@nodelalloc}]}, 0x9, 0x61b, &(0x7f0000000800)="$eJzs3c9rHGUfAPDvTDY/mrzvm7S8vK+92IBIC9qkSVspItjitZT64+YpNmmpTZvSRDS1YAr1oogXD4InD9b/QgtePXj14MWDSCGI9GCl2pXZzKa72Wyy+bG7SfbzgUmemcnO852Eb55nn31mJoCONZx9SSMORsT1JGKwYl8h8p3DSz/34PdbF7IliWLx9d+SuPVBslB5rCT/PpC/+O/BSH5IIw501dY7O3/zysT09NSNfH107ur10dn5m0cvX524NHVp6tr4C+OnTp44eWrs2JbOr1BRPnvn7XcHPzr35ldfPErGvv7pXBKn43EeW3ZeK1/bu6Was9/ZcBSXPHyyNS19PbXFY+8UfwxW/44zycoN7FgX8xzpjoj/x2B0Vfw1B+PDV9saHNBUxSTKbRTQcZL187+7dlNfc4IBWqjcDyi/t1/tfXCttMm9EqAVFs8sDQAs5X53RJTzv7A0Nhh9pbGB/gdJ1ThPEhFbG5lbktXx/Xfn7mRL1BmHA5pj4XZ5lHtl+5+UcnMo+kpr/Q/SqvxPK5Zs+2ubrH94xbr8h9ZZuB0RT+Xtf09sOv/f2mT98h8AAAAAAAC2z70zEfH8avP/0uX5Pz2rzP8ZiIjT21D/+p//pffzQrIN1QEVFs9EvFQz//evytnBQ1355/z/Ls0H6E4vXp6eOhYR/4mII9Hdm62PVR+2aoLw0U8OfF6v/sr5f9mS1V+eC5gf6n5hxYW4kxNzE9tz9tDZFm9HPCzN/z2Ub6me/5O1/0lN+//xK1mCX2+wjgPP3j1fteGXJ/8e1s9/oFmKX0YcXvX6nyfd7WTt+3OMlvoDo+VeQa2n3//0m3r1y39on6z97187/3uTyvv1zG7s+D0RcXy+UKy3f7P9/57kja7y8TPvTczN3RiL6EnO1m4f31jMsFeV86GcL1n+H3lm7fG/5f5/RR7ui4iFBuv83+OBn+vt0/5D+2T5P7l2+z9U3f5vtNAX43eHvs1vMVbjfEPt/4lSm34k32L8DyrV3o+j0QRtS7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsMulEfGvSNKR5XKajoxEDETEf6M/nZ6ZnXvu4sw71yazfdXP/x9cWk/Kz/8fqlgfX7F+PCL2R8RnXftK6yMXZqYn233yAAAAAAAAAAAAAAAAAAAAsEMMlK75L/auvP4/82tXu6MDmq6Qf5fv0HkKm35lsXdbAwFabvP5D+x2jed/d1PjAFqvfv4/fFQsaWk4QAvp/0Pn2mT++7gA9gDtP3SqBsf0+podB9AODbf/i82NAwAAAAAA2Bb7D937MYmIhRf3lZZMT77PZH/Y29J2BwC0jTm80LkKM+2OAGgX7/GBZLn056oX+9ef/Z80JyAAAAAAAAAAAAAAoMbhg67/h06VRqzxCG9z+2EvW+P6/9WS3+0CYA+p/+iPRtr+RA8BdjHv8YH12nHX/wMAAAAAAAAAAADADtB388rE9PTUjdn53Vd4eWeEsbHCwsSOCGNbC4/X+5nyY+Y3duTuiNgZJ9jqQvkWHG0Mo43/kwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCr/BAAA///kPC2+") bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc13, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 2m57.919244994s ago: executing program 2 (id=1393): munmap(&(0x7f0000001000/0x2000)=nil, 0x2000) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f00000028c0)={@flat=@weak_handle={0x77682a85, 0x0, 0x1}, @fda={0x66646185, 0x9, 0x2, 0x12}, @fd}, &(0x7f0000000240)={0x50, 0x18, 0x38}}, 0x1000}], 0x0, 0x0, 0x0}) 2m57.288339397s ago: executing program 2 (id=1402): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001200010000000000000000000a03000000004e2200000100ffff00"/56, @ANYRES32=0x0, @ANYBLOB="0500000003000000080000000000000008"], 0x54}}, 0x20004010) 2m56.929532623s ago: executing program 32 (id=1402): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001200010000000000000000000a03000000004e2200000100ffff00"/56, @ANYRES32=0x0, @ANYBLOB="0500000003000000080000000000000008"], 0x54}}, 0x20004010) 51.11161373s ago: executing program 0 (id=3291): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc0e3c422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) fstat(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmmsg$unix(r2, &(0x7f000000c880)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=[@cred={{0x1c, 0x1, 0x2, {0x0, r4}}}], 0x20, 0x4000}}], 0x1, 0x4000000) 51.02211415s ago: executing program 0 (id=3294): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b"], 0x10}}, 0x0) sendmmsg(r2, &(0x7f0000000180), 0x3ef, 0x0) 50.839857327s ago: executing program 0 (id=3298): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}, [@TCA_NETEM_ECN={0x8, 0x7, 0xfffffff8}, @TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x9, 0x3, 0xffffff2e}}]}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756a85d86dd", 0x12, 0x40, &(0x7f00000001c0)={0x11, 0x88a8, r3, 0x1, 0xda, 0x6, @multicast}, 0x14) 50.483763394s ago: executing program 0 (id=3305): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x12c5008, 0x0) 49.711451631s ago: executing program 0 (id=3310): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) listen(0xffffffffffffffff, 0x3) 49.247749107s ago: executing program 0 (id=3319): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000100)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)="5490", 0x2}], 0x1}, 0x4048841) recvmsg(r2, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) 49.145030088s ago: executing program 33 (id=3319): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000100)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)="5490", 0x2}], 0x1}, 0x4048841) recvmsg(r2, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) 3.09041756s ago: executing program 1 (id=4118): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket(0x11, 0xa, 0x0) sendmsg$can_bcm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x8}, 0x10) 2.865496972s ago: executing program 1 (id=4122): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r4 = dup(r3) getsockopt$inet_mreqn(r4, 0x0, 0x3, 0x0, 0x0) 2.699726399s ago: executing program 1 (id=4124): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x80) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 2.522740697s ago: executing program 1 (id=4127): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000040)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchown(r2, 0x0, 0xee01) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) 2.300497099s ago: executing program 1 (id=4130): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)={0x20, 0x11, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x10, 0x0, 0x0, 0x0, [@typed={0xa, 0x0, 0x0, 0x0, @binary="56ccabd869c2"}]}]}, 0x20}], 0x1, 0x0, 0x0, 0xc010}, 0x40080) 2.125437096s ago: executing program 1 (id=4132): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000007600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8011) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = socket(0x1e, 0x1, 0x0) connect$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r2, &(0x7f0000000340), 0x2000011a) 1.182716081s ago: executing program 3 (id=4146): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000380)={0xa, 0x4e24, 0xfffff706, @dev={0xfe, 0x80, '\x00', 0x44}, 0x4}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000640)="1daa092549182d2155038a61b1ca3e6422f9f88bc66bbb9cdde188cec3446247d15ae0e94e8b1bd1be991f28bc8433f217a3619995ee8942df858f6c9868280456e8dc1d9d3de3c00271408ca7d081e76c5ff5016e61cf1990bdf0238acba0fdca5a7c7e0541cadd867f5de530264699a39d", 0x72}, {&(0x7f0000000440)="cc6fc57ecfcabd87a701ab6472b4fe0e4854b48688c0256dbbfc7021655fb0603b4e7646ad95064a6a9e977bb758fa19a8e051ab583b469bf86c7959ef30f184052d1e7453eed0eacbfe6f6bd0567e95f5fcbbe54bf24caf0880204c3ed1312f5a8815117ce2c37dfbfb7c6cbd6074a5168d11", 0x73}], 0x2, &(0x7f0000000500)=[@dontfrag={{0x14, 0x29, 0x3e, 0x27e}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0xc}}], 0x30}}], 0x2, 0x41) write(r0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) 1.021414778s ago: executing program 6 (id=4149): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000480)={0x2, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4, [@sadb_address={0x3, 0x6, 0x33, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x6c, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) 1.020815148s ago: executing program 3 (id=4150): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0x20000400) r2 = socket$nl_audit(0x10, 0x3, 0x9) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000003c40)=0x8, 0x4) 1.020229158s ago: executing program 4 (id=4151): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000bc0)=@updsa={0x188, 0x1a, 0x1, 0x0, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x35}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {@in=@local, 0xfffffffe, 0x33}, @in6=@rand_addr=' \x01\x00', {0x0, 0x0, 0x0, 0xe}, {}, {}, 0x100, 0x0, 0x2, 0x4}, [@algo_aead={0x4c, 0x12, {{'rfc4309(aegis256-aesni)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'crc32c-generic\x00'}, 0x0, 0x60}}]}, 0x188}}, 0x0) 935.039436ms ago: executing program 5 (id=4152): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = inotify_init1(0x80000) r4 = dup(r3) ioctl$sock_inet_udp_SIOCINQ(r4, 0x541b, 0x0) 864.420454ms ago: executing program 3 (id=4153): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) quotactl_fd$Q_GETINFO(r3, 0xffffffff80000500, 0x0, 0x0) 855.855015ms ago: executing program 4 (id=4154): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f000000af40)={0xa000000a}) 764.874914ms ago: executing program 6 (id=4155): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) llistxattr(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000200)=""/157, 0x9d) 764.162184ms ago: executing program 5 (id=4156): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) quotactl$Q_GETFMT(0xffffffff80000401, &(0x7f0000000080)=@rnullb, 0x0, 0x0) 736.974666ms ago: executing program 3 (id=4157): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="280000001e002100000000000000000007"], 0x28}}, 0x0) 616.339008ms ago: executing program 4 (id=4158): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast2}}}, 0x108) r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000600)=""/128, 0x80}], 0x1, 0x5b, 0x0) 615.741568ms ago: executing program 6 (id=4159): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f00000031c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 556.225274ms ago: executing program 5 (id=4160): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9c0000000001010400000000000000000a0000003c0001"], 0x9c}}, 0x74800) 492.090031ms ago: executing program 3 (id=4161): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="84000000", @ANYRES16=0x0, @ANYBLOB="00032dbd7000fbdbdf25190000000c00018008c1a9000100000064000180080003000300000008000100", @ANYRES32], 0x84}, 0x1, 0x0, 0x0, 0x8004}, 0x240008d4) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000240)="aefc00001a0025f01d85bc04fef7681d020b49ff708800008003280008021000ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae) 407.898809ms ago: executing program 4 (id=4162): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40004) r2 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0xe23, 0x80006, @empty}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x11, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 334.293027ms ago: executing program 4 (id=4163): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f00000000c0), 0x1, 0x400c5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect$pppl2tp(r1, 0x0, 0x0) 325.784328ms ago: executing program 6 (id=4164): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x18, r3, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x4}]}, 0x18}}, 0x4000004) 232.415097ms ago: executing program 5 (id=4165): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c8, 0x0, 0x130, 0x26010000, 0x1d0, 0x130, 0x2c0, 0x220, 0x220, 0x2c0, 0x220, 0x3, 0x0, {[{{@uncond, 0x0, 0xe8, 0x108, 0x0, {0x0, 0x25e}, [@common=@unspec=@connlimit={{0x40}, {[0x0, 0xffffffff]}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@dev, @mcast1, [], [], 'bridge_slave_0\x00', 'dummy0\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x328) 221.057738ms ago: executing program 6 (id=4166): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@increfs], 0x0, 0x0, 0x0}) 215.822088ms ago: executing program 3 (id=4167): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f00000002c0)={0x0, 0x8, [@remote, @remote, @local, @dev, @link_local, @broadcast, @remote, @link_local]}) 182.869852ms ago: executing program 4 (id=4168): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x34, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x1000000}, @NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0xefffffff, 0x0]}]}]}, 0x34}}, 0x0) 152.403405ms ago: executing program 5 (id=4169): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) 441.83µs ago: executing program 6 (id=4170): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet(0x2, 0x3, 0x8d) getsockopt$inet_pktinfo(r3, 0x0, 0x8, 0x0, &(0x7f0000000140)) 0s ago: executing program 5 (id=4171): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, 0x0, 0x0) kernel console output (not intermixed with test programs): 0.587'. [ 95.556063][ T5811] netlink: 76 bytes leftover after parsing attributes in process `syz.4.593'. [ 96.624173][ T5866] netlink: 44 bytes leftover after parsing attributes in process `syz.0.618'. [ 96.702827][ T5866] netlink: 12 bytes leftover after parsing attributes in process `syz.0.618'. [ 96.712120][ T5866] netlink: 16 bytes leftover after parsing attributes in process `syz.0.618'. [ 96.762517][ T5866] netlink: 16 bytes leftover after parsing attributes in process `syz.0.618'. [ 97.337498][ T5898] netlink: 76 bytes leftover after parsing attributes in process `syz.4.631'. [ 97.645649][ T5923] netlink: 68 bytes leftover after parsing attributes in process `syz.1.644'. [ 97.687709][ T5921] loop4: detected capacity change from 0 to 1024 [ 97.847421][ T5921] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,,errors=continue. Quota mode: none. [ 98.186710][ T5964] MTD: Couldn't look up './bus': -15 [ 98.305778][ T5971] netlink: 56 bytes leftover after parsing attributes in process `syz.1.664'. [ 98.557270][ T5980] loop1: detected capacity change from 0 to 1024 [ 98.670689][ T5980] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,,errors=continue. Quota mode: none. [ 98.815101][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805f53b800: rx timeout, send abort [ 99.324178][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805f53b800: abort rx timeout. Force session deactivation [ 99.375458][ T6011] binder: Binderfs stats mode cannot be changed during a remount [ 99.802537][ C1] sched: RT throttling activated [ 99.899773][ T6025] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 99.997992][ T6028] netlink: 96 bytes leftover after parsing attributes in process `syz.3.689'. [ 100.440278][ T6058] netlink: 4 bytes leftover after parsing attributes in process `syz.4.701'. [ 100.585121][ T6058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 100.625032][ T6058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 100.644506][ T6058] bond0 (unregistering): Released all slaves [ 100.728529][ T6069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.707'. [ 100.883599][ T6080] cgroup: subsys name conflicts with all [ 101.337785][ T6101] netlink: 'syz.0.720': attribute type 4 has an invalid length. [ 101.349343][ T6101] netlink: 'syz.0.720': attribute type 5 has an invalid length. [ 101.371575][ T6099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 101.466014][ T6102] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 101.561689][ T6099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.273261][ T6136] __nla_validate_parse: 1 callbacks suppressed [ 102.273276][ T6136] netlink: 44 bytes leftover after parsing attributes in process `syz.3.736'. [ 102.660013][ T6157] netlink: 12 bytes leftover after parsing attributes in process `syz.3.746'. [ 103.818958][ T26] audit: type=1326 audit(1763229845.967:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.2.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadbbf596c9 code=0x7ffc0000 [ 103.920259][ T26] audit: type=1326 audit(1763229846.007:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.2.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadbbf596c9 code=0x7ffc0000 [ 104.006328][ T26] audit: type=1326 audit(1763229846.007:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.2.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fadbbf596c9 code=0x7ffc0000 [ 104.124360][ T26] audit: type=1326 audit(1763229846.017:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.2.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadbbf596c9 code=0x7ffc0000 [ 104.218748][ T26] audit: type=1326 audit(1763229846.017:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.2.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadbbf596c9 code=0x7ffc0000 [ 104.344549][ T26] audit: type=1326 audit(1763229846.037:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.2.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fadbbf596c9 code=0x7ffc0000 [ 104.457346][ T26] audit: type=1326 audit(1763229846.037:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.2.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadbbf596c9 code=0x7ffc0000 [ 104.562088][ T6238] netlink: 'syz.1.783': attribute type 4 has an invalid length. [ 104.584538][ T26] audit: type=1326 audit(1763229846.037:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.2.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadbbf596c9 code=0x7ffc0000 [ 104.624485][ T6238] netlink: 'syz.1.783': attribute type 5 has an invalid length. [ 104.649580][ T6238] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.783'. [ 104.679091][ T26] audit: type=1326 audit(1763229846.037:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.2.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadbbf596c9 code=0x7ffc0000 [ 104.788660][ T26] audit: type=1326 audit(1763229846.037:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.2.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadbbf596c9 code=0x7ffc0000 [ 105.422098][ T6273] netlink: 4 bytes leftover after parsing attributes in process `syz.4.800'. [ 105.439945][ T6273] netlink: 12 bytes leftover after parsing attributes in process `syz.4.800'. [ 106.198264][ T6293] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 106.301295][ T6268] netlink: 24 bytes leftover after parsing attributes in process `syz.1.799'. [ 106.344676][ T6268] netlink: 24 bytes leftover after parsing attributes in process `syz.1.799'. [ 107.039987][ T6296] xt_hashlimit: size too large, truncated to 1048576 [ 107.491539][ T6345] netlink: 4 bytes leftover after parsing attributes in process `syz.1.831'. [ 107.656935][ T6352] 9pnet: Could not find request transport: f [ 107.859560][ T6332] fuse: Bad value for 'user_id' [ 108.949412][ T6345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 108.983632][ T6345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 109.037892][ T6345] bond0 (unregistering): Released all slaves [ 111.374267][ T6443] netlink: 4 bytes leftover after parsing attributes in process `syz.4.874'. [ 111.481163][ T6445] syz.2.875 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 112.099919][ T6471] loop1: detected capacity change from 0 to 128 [ 112.189890][ T6471] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 112.676801][ T6494] netlink: 'syz.2.897': attribute type 15 has an invalid length. [ 112.716113][ T6494] netlink: 24 bytes leftover after parsing attributes in process `syz.2.897'. [ 113.080844][ T6509] loop4: detected capacity change from 0 to 128 [ 113.851570][ T6515] syz.2.907 uses obsolete (PF_INET,SOCK_PACKET) [ 115.742637][ T4611] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 115.770930][ T6560] netlink: 'syz.0.926': attribute type 4 has an invalid length. [ 116.132953][ T4611] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.159095][ T4611] usb 2-1: config 0 has no interfaces? [ 116.235452][ T6574] netlink: 8 bytes leftover after parsing attributes in process `syz.3.933'. [ 116.268009][ T6574] netlink: 8 bytes leftover after parsing attributes in process `syz.3.933'. [ 116.372781][ T4611] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 116.406390][ T4611] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.432684][ T4611] usb 2-1: Product: syz [ 116.468072][ T4611] usb 2-1: Manufacturer: syz [ 116.482963][ T4611] usb 2-1: SerialNumber: syz [ 116.518556][ T4611] usb 2-1: config 0 descriptor?? [ 116.782087][ T4611] usb 2-1: USB disconnect, device number 2 [ 117.928616][ T6637] fuse: Bad value for 'user_id' [ 117.950688][ T6670] netlink: 32 bytes leftover after parsing attributes in process `syz.1.962'. [ 118.044683][ T6674] fuse: Bad value for 'rootmode' [ 118.172736][ T1336] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 118.582853][ T1336] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.599994][ T1336] usb 5-1: config 0 has no interfaces? [ 119.542601][ T4611] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 119.709059][ T1336] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 119.730159][ T1336] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.762627][ T1336] usb 5-1: Product: syz [ 119.766822][ T1336] usb 5-1: Manufacturer: syz [ 119.782625][ T4611] usb 4-1: Using ep0 maxpacket: 8 [ 119.792744][ T1336] usb 5-1: SerialNumber: syz [ 119.818890][ T1336] usb 5-1: config 0 descriptor?? [ 120.031415][ T6695] fuse: Bad value for 'user_id' [ 120.068040][ T4611] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 120.078925][ T4238] usb 5-1: USB disconnect, device number 2 [ 120.087442][ T4611] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.107700][ T4611] usb 4-1: Product: syz [ 120.111980][ T4611] usb 4-1: Manufacturer: syz [ 120.133708][ T4611] usb 4-1: SerialNumber: syz [ 120.155589][ T4611] usb 4-1: config 0 descriptor?? [ 120.423054][ T4611] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 120.932687][ T4615] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 121.192708][ T4615] usb 2-1: Using ep0 maxpacket: 32 [ 121.289702][ T6754] loop4: detected capacity change from 0 to 32768 [ 121.302426][ T6754] JFS: continu is an invalid error handler [ 121.312786][ T4615] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 121.327175][ T4615] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 121.343143][ T4615] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 121.353409][ T4615] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 121.363394][ T4615] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 121.373642][ T4615] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 121.386785][ T4615] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 121.395931][ T4615] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.402838][ T4245] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 121.422048][ T4615] usb 2-1: config 0 descriptor?? [ 121.690089][ T4615] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 121.703640][ T4615] usb 2-1: USB disconnect, device number 3 [ 121.721132][ T4615] usblp0: removed [ 121.852851][ T4245] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 121.863192][ T4245] usb 3-1: config 0 has no interfaces? [ 122.022725][ T4245] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 122.031775][ T4245] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.044122][ T4245] usb 3-1: Product: syz [ 122.048283][ T4245] usb 3-1: Manufacturer: syz [ 122.054557][ T4245] usb 3-1: SerialNumber: syz [ 122.061100][ T4245] usb 3-1: config 0 descriptor?? [ 122.242630][ T4615] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 122.311800][ T4245] usb 3-1: USB disconnect, device number 2 [ 122.468993][ T4611] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 122.479529][ T4611] dvbdev: DVB: registering new adapter (Terratec H7) [ 122.486471][ T4615] usb 2-1: Using ep0 maxpacket: 32 [ 122.491724][ T4611] usb 4-1: media controller created [ 122.602749][ T4615] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 122.611085][ T4615] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 122.619855][ T4615] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 122.629256][ T4615] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 122.639021][ T4615] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 122.648719][ T4615] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 122.661781][ T4615] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 122.671228][ T4615] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.679434][ T4611] usb read operation failed. (-71) [ 122.691097][ T4611] dvb_usb_az6007: probe of 4-1:0.0 failed with error -5 [ 122.700418][ T4615] usb 2-1: config 0 descriptor?? [ 122.707900][ T4611] usb 4-1: USB disconnect, device number 2 [ 122.976124][ T4615] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 123.333351][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 123.333363][ T26] audit: type=1326 audit(1763229865.487:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.0.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5205ebe6c9 code=0x7fc00000 [ 123.403943][ T26] audit: type=1326 audit(1763229865.517:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.0.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5205ebe6c9 code=0x7fc00000 [ 123.537514][ T4615] usb 2-1: USB disconnect, device number 4 [ 123.571737][ T4615] usblp0: removed [ 124.231741][ T6805] netpci0: tun_chr_ioctl cmd 1074025672 [ 124.250881][ T6805] netpci0: ignored: set checksum enabled [ 125.782034][ T4615] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 125.995340][ T6853] overlayfs: conflicting lowerdir path [ 126.041946][ T4615] usb 2-1: Using ep0 maxpacket: 8 [ 126.059192][ T6859] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1048'. [ 126.796448][ T26] audit: type=1326 audit(1763229868.948:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.0.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5205ebe6c9 code=0x7fc00000 [ 127.094730][ T4615] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 127.147449][ T4615] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.193098][ T4615] usb 2-1: Product: syz [ 127.220311][ T4615] usb 2-1: Manufacturer: syz [ 127.238475][ T4615] usb 2-1: SerialNumber: syz [ 127.259168][ T4615] usb 2-1: config 0 descriptor?? [ 127.531251][ T4615] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 127.581342][ T6904] ptrace attach of "./syz-executor exec"[6907] was attempted by "./syz-executor exec"[6904] [ 127.617686][ T6909] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 127.657692][ T6909] overlayfs: missing 'lowerdir' [ 127.664690][ T6911] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1071'. [ 128.385826][ T1108] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 128.630756][ T1108] usb 1-1: Using ep0 maxpacket: 8 [ 128.760740][ T1108] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 128.780530][ T1108] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 128.822907][ T1108] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 128.848436][ T1108] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 128.875783][ T1108] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 128.906343][ T1108] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.940104][ T6969] loop4: detected capacity change from 0 to 1024 [ 129.091313][ T6969] hfsplus: invalid btree flag [ 129.096758][ T6969] hfsplus: failed to load extents file [ 129.119644][ T6969] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 129.190532][ T1108] usb 1-1: GET_CAPABILITIES returned 0 [ 129.200241][ T1108] usbtmc 1-1:16.0: can't read capabilities [ 129.390465][ T4615] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 129.433209][ T4615] usb 2-1: USB disconnect, device number 5 [ 129.458125][ T1108] usb 1-1: USB disconnect, device number 3 [ 130.094561][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #212!!! [ 131.990892][ T7032] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1124'. [ 132.029518][ T7032] netlink: 452 bytes leftover after parsing attributes in process `syz.3.1124'. [ 132.200099][ T7036] netlink: 'syz.4.1127': attribute type 16 has an invalid length. [ 132.462162][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.469158][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.695976][ T7082] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1145'. [ 134.224933][ T7105] netlink: 536 bytes leftover after parsing attributes in process `syz.4.1154'. [ 134.296826][ T7105] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1154'. [ 134.608454][ T7116] 8021q: adding VLAN 0 to HW filter on device bond1 [ 134.735203][ T7121] bond1: (slave ip6gretap1): making interface the new active one [ 134.780719][ T7121] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 134.820871][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 134.942686][ T7121] syz.0.1159 (7121) used greatest stack depth: 20800 bytes left [ 135.614189][ T7161] netlink: 'syz.3.1176': attribute type 1 has an invalid length. [ 135.623348][ T7161] netlink: 'syz.3.1176': attribute type 2 has an invalid length. [ 135.880876][ T7167] ptrace attach of "./syz-executor exec"[7172] was attempted by "./syz-executor exec"[7167] [ 136.131215][ T7181] netlink: 4096 bytes leftover after parsing attributes in process `syz.3.1185'. [ 136.893876][ T7223] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 136.913972][ T7223] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 137.188025][ T7236] device sit0 entered promiscuous mode [ 137.227129][ T7236] netlink: 'syz.2.1209': attribute type 1 has an invalid length. [ 137.271094][ T7236] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1209'. [ 137.297326][ T7236] syz.2.1209 (7236) used greatest stack depth: 20704 bytes left [ 137.478974][ T7244] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3897524436 (7795048872 ns) > initial count (2759807172 ns). Using initial count to start timer. [ 137.520962][ T7244] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3996681224 (15986724896 ns) > initial count (3709615788 ns). Using initial count to start timer. [ 138.134918][ T7284] loop4: detected capacity change from 0 to 128 [ 138.212966][ T7284] FAT-fs (loop4): Directory bread(block 414) failed [ 138.255358][ T7284] FAT-fs (loop4): Directory bread(block 415) failed [ 138.263970][ T7284] FAT-fs (loop4): Directory bread(block 416) failed [ 138.310968][ T7284] FAT-fs (loop4): Directory bread(block 417) failed [ 138.341597][ T7284] FAT-fs (loop4): Directory bread(block 418) failed [ 138.379731][ T7284] FAT-fs (loop4): Directory bread(block 419) failed [ 138.404576][ T7297] loop0: detected capacity change from 0 to 256 [ 138.405660][ T7284] FAT-fs (loop4): Directory bread(block 420) failed [ 138.475609][ T7284] FAT-fs (loop4): Directory bread(block 421) failed [ 138.935854][ T7325] binder: BINDER_SET_CONTEXT_MGR already set [ 138.979293][ T7325] binder: 7323:7325 ioctl 4018620d 200000000140 returned -16 [ 140.649279][ T7381] overlayfs: missing 'workdir' [ 140.742572][ T7383] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 140.802671][ T7383] overlayfs: missing 'lowerdir' [ 141.313180][ T7416] netlink: 'syz.3.1288': attribute type 3 has an invalid length. [ 142.111771][ T26] audit: type=1326 audit(1763229884.266:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7464 comm="syz.0.1307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 142.115733][ T26] audit: type=1326 audit(1763229884.276:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7464 comm="syz.0.1307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 142.116196][ T26] audit: type=1326 audit(1763229884.276:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7464 comm="syz.0.1307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 142.330934][ T7473] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1310'. [ 142.394633][ T7473] netlink: 'syz.0.1310': attribute type 5 has an invalid length. [ 142.407941][ T7473] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1310'. [ 142.844815][ T7501] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 142.870492][ T7501] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 143.519880][ T7537] loop3: detected capacity change from 0 to 1024 [ 143.588903][ T7537] EXT4-fs (loop3): Ignoring removed nobh option [ 143.642964][ T7537] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 143.761067][ T7537] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000003,nodioread_nolock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,nouid32,nobh,user_xattr,nouid32,dioread_nolock,,errors=continue. Quota mode: none. [ 144.283796][ T7568] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1350'. [ 144.616006][ T7581] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1354'. [ 144.776234][ T7537] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3871: comm syz.3.1338: Allocating blocks 497-513 which overlap fs metadata [ 144.903956][ T7537] EXT4-fs (loop3): pa ffff88807523a700: logic 128, phys. 385, len 8 [ 144.912829][ T7537] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 1 [ 145.441432][ T7617] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 145.490050][ T7622] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1372'. [ 145.921099][ T7641] 9p: Unknown access argument a [ 146.310280][ T7661] loop2: detected capacity change from 0 to 1024 [ 146.582159][ T4197] hfsplus: bad catalog entry type [ 147.070585][ T4267] hfsplus: b-tree write err: -5, ino 4 [ 147.238023][ T26] audit: type=1326 audit(1763229889.398:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7682 comm="syz.3.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb956d406c9 code=0x7ffc0000 [ 147.448163][ T26] audit: type=1326 audit(1763229889.398:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7682 comm="syz.3.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb956d406c9 code=0x7ffc0000 [ 147.539048][ T26] audit: type=1326 audit(1763229889.398:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7682 comm="syz.3.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb956d406c9 code=0x7ffc0000 [ 147.589232][ T26] audit: type=1326 audit(1763229889.408:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7682 comm="syz.3.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb956d406c9 code=0x7ffc0000 [ 147.655317][ T26] audit: type=1326 audit(1763229889.408:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7682 comm="syz.3.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb956d406c9 code=0x7ffc0000 [ 147.766392][ T26] audit: type=1326 audit(1763229889.408:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7682 comm="syz.3.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb956d406c9 code=0x7ffc0000 [ 147.866317][ T26] audit: type=1326 audit(1763229889.408:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7682 comm="syz.3.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb956d406c9 code=0x7ffc0000 [ 147.966085][ T26] audit: type=1326 audit(1763229889.408:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7682 comm="syz.3.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb956d406c9 code=0x7ffc0000 [ 148.019787][ T7697] binder: 7694:7697 ioctl c0306201 200000000100 returned -14 [ 148.087284][ T26] audit: type=1326 audit(1763229889.418:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7682 comm="syz.3.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb956d406c9 code=0x7ffc0000 [ 148.182694][ T26] audit: type=1326 audit(1763229889.418:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7682 comm="syz.3.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb956d406c9 code=0x7ffc0000 [ 148.476856][ T7710] binfmt_misc: register: failed to install interpreter file ./file0 [ 148.977199][ T7733] netlink: 'syz.3.1424': attribute type 16 has an invalid length. [ 149.043278][ T7733] netlink: 'syz.3.1424': attribute type 3 has an invalid length. [ 149.086869][ T7733] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1424'. [ 149.301345][ T4772] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.582367][ T4772] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.659855][ T7754] netlink: 'syz.3.1435': attribute type 1 has an invalid length. [ 149.678496][ T7754] netlink: 'syz.3.1435': attribute type 4 has an invalid length. [ 149.689008][ T7754] netlink: 15294 bytes leftover after parsing attributes in process `syz.3.1435'. [ 149.785619][ T4772] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.116145][ T7766] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1439'. [ 150.250370][ T4772] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.372860][ T7740] chnl_net:caif_netlink_parms(): no params data found [ 150.947949][ T7740] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.957225][ T7740] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.976253][ T7740] device bridge_slave_0 entered promiscuous mode [ 150.994156][ T7740] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.014296][ T7740] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.039963][ T7740] device bridge_slave_1 entered promiscuous mode [ 151.200259][ T7740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.235556][ T7814] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1456'. [ 151.249292][ T13] Bluetooth: hci4: command 0x0409 tx timeout [ 151.261581][ T7740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.385201][ T7819] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1458'. [ 151.395440][ T7740] team0: Port device team_slave_0 added [ 151.411898][ T7740] team0: Port device team_slave_1 added [ 151.488875][ T7740] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.504141][ T7740] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.559785][ T7740] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.599658][ T7740] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.619765][ T7740] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.696294][ T7740] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.712910][ T7803] ODEBUG: Out of memory. ODEBUG disabled [ 151.876340][ T7740] device hsr_slave_0 entered promiscuous mode [ 151.915416][ T7740] device hsr_slave_1 entered promiscuous mode [ 151.966241][ T7740] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 151.984386][ T7740] Cannot create hsr debugfs directory [ 152.149939][ T7838] loop4: detected capacity change from 0 to 1024 [ 152.278052][ T4772] device hsr_slave_0 left promiscuous mode [ 152.361293][ T4772] device hsr_slave_1 left promiscuous mode [ 152.361508][ T7838] EXT4-fs (loop4): Ignoring removed nobh option [ 152.374619][ T4772] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.400705][ T4772] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 152.430125][ T4772] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 152.480103][ T4772] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 152.498369][ T7838] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 152.511457][ T4772] device bridge_slave_1 left promiscuous mode [ 152.517595][ T4772] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.599308][ T4772] device bridge_slave_0 left promiscuous mode [ 152.713094][ T4772] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.761393][ T4772] device veth1_macvtap left promiscuous mode [ 152.767420][ T4772] device veth0_macvtap left promiscuous mode [ 152.774807][ T4772] device veth1_vlan left promiscuous mode [ 152.781328][ T4772] device veth0_vlan left promiscuous mode [ 152.832698][ T7838] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000003,nodioread_nolock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,nouid32,nobh,user_xattr,nouid32,dioread_nolock,,errors=continue. Quota mode: none. [ 153.215998][ T4772] team0 (unregistering): Port device team_slave_1 removed [ 153.328992][ T4772] team0 (unregistering): Port device team_slave_0 removed [ 153.336224][ T1336] Bluetooth: hci4: command 0x041b tx timeout [ 153.372724][ T4772] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.449494][ T4772] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 153.645336][ T4772] bond0 (unregistering): Released all slaves [ 154.758948][ T7740] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 154.791005][ T7896] binder: 7894:7896 ioctl c0306201 200000000700 returned -14 [ 154.855174][ T7838] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3871: comm syz.4.1463: Allocating blocks 497-513 which overlap fs metadata [ 154.882281][ T7740] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 154.922638][ T7740] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 154.978153][ T7838] EXT4-fs (loop4): pa ffff888073802e00: logic 128, phys. 385, len 8 [ 154.980893][ T7740] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 154.986183][ T7838] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 1 [ 155.191431][ T7916] capability: warning: `syz.3.1484' uses 32-bit capabilities (legacy support in use) [ 155.356934][ T7740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.415598][ T4767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 155.437090][ T1336] Bluetooth: hci4: command 0x040f tx timeout [ 155.459311][ T4767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.485782][ T7740] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.524717][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 155.556327][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.605860][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.612982][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.700190][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 155.744834][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 155.773463][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.817336][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.824434][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.872733][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 155.928196][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 155.937528][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 155.989046][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 156.048934][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 156.086340][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.159099][ T7740] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 156.213528][ T7740] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 156.288592][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 156.320061][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 156.344671][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.397521][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.423248][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.456751][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.970453][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 156.986672][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 157.066599][ T7740] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.486067][ T1336] Bluetooth: hci4: command 0x0419 tx timeout [ 157.844533][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 157.876752][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 157.983101][ T7740] device veth0_vlan entered promiscuous mode [ 158.021031][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 158.039644][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 158.102914][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 158.132910][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 158.181408][ T7740] device veth1_vlan entered promiscuous mode [ 158.261768][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 158.324810][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 158.357288][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 158.414849][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 158.457956][ T7740] device veth0_macvtap entered promiscuous mode [ 158.497151][ T7740] device veth1_macvtap entered promiscuous mode [ 158.563733][ T8061] binder: 8060:8061 ioctl c0306201 200000000700 returned -14 [ 158.603785][ T7740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.662921][ T7740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.686412][ T7740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.737495][ T7740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.794590][ T7740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.856895][ T7740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.901932][ T7740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.964046][ T7740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.995903][ T7740] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.037359][ T4767] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 159.067735][ T4767] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 159.115491][ T4767] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 159.164757][ T4767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 159.226984][ T7740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.264918][ T7740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.312239][ T7740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.358507][ T7740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.404989][ T7740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.442317][ T7740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.491848][ T7740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.539318][ T7740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.597719][ T7740] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.623966][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 159.635906][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 159.676601][ T7740] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.703096][ T7740] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.745838][ T7740] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.769335][ T7740] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.960760][ T8113] binder: 8112:8113 ioctl c0306201 200000000700 returned -14 [ 160.003957][ T4267] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.034849][ T4267] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.086053][ T4767] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 160.128779][ T4771] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.151360][ T4771] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.195463][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 163.107227][ T8260] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 163.120683][ T8265] bridge0: port 3(erspan0) entered blocking state [ 163.151171][ T8265] bridge0: port 3(erspan0) entered disabled state [ 163.177566][ T8265] device erspan0 entered promiscuous mode [ 163.186661][ T8265] bridge0: port 3(erspan0) entered blocking state [ 163.193557][ T8265] bridge0: port 3(erspan0) entered forwarding state [ 163.898816][ T8308] netlink: 'syz.0.1615': attribute type 17 has an invalid length. [ 163.958026][ T8308] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 165.733231][ T8366] binder: 8365:8366 ioctl c0306201 200000000100 returned -14 [ 167.610882][ T4611] libceph: connect (1)[c::]:6789 error -101 [ 167.628067][ T4611] libceph: mon0 (1)[c::]:6789 connect error [ 167.643728][ T8441] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1671'. [ 167.661078][ T4623] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 167.691663][ T8437] ceph: No mds server is up or the cluster is laggy [ 167.892479][ T4611] libceph: connect (1)[c::]:6789 error -101 [ 167.898494][ T4611] libceph: mon0 (1)[c::]:6789 connect error [ 168.072174][ T4623] usb 2-1: config 0 has no interfaces? [ 168.165659][ T8461] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1679'. [ 168.221545][ T8468] loop5: detected capacity change from 0 to 64 [ 168.251547][ T4623] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 168.281479][ T4623] usb 2-1: New USB device strings: Mfr=199, Product=2, SerialNumber=3 [ 168.292003][ T8468] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 168.314119][ T4623] usb 2-1: Product: syz [ 168.318306][ T4623] usb 2-1: Manufacturer: syz [ 168.359317][ T4623] usb 2-1: SerialNumber: syz [ 168.381651][ T4623] usb 2-1: config 0 descriptor?? [ 168.649530][ T4610] usb 2-1: USB disconnect, device number 6 [ 169.081814][ T4772] Bluetooth: hci5: Frame reassembly failed (-84) [ 169.097262][ T155] Bluetooth: hci5: Frame reassembly failed (-84) [ 169.260935][ T8519] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1701'. [ 169.304413][ T4610] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 169.580008][ T4610] usb 1-1: Using ep0 maxpacket: 32 [ 169.720215][ T4610] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.740207][ T4610] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.780539][ T4610] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 169.800689][ T4610] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.842986][ T4610] usb 1-1: config 0 descriptor?? [ 169.883628][ T8549] netlink: 'syz.5.1708': attribute type 4 has an invalid length. [ 169.894912][ T8549] netlink: 3649 bytes leftover after parsing attributes in process `syz.5.1708'. [ 170.061368][ T8556] netlink: 628 bytes leftover after parsing attributes in process `syz.3.1711'. [ 170.078694][ T8545] Set syz1 is full, maxelem 6117 reached [ 170.263985][ T8567] bridge0: port 3(erspan0) entered blocking state [ 170.278491][ T8567] bridge0: port 3(erspan0) entered disabled state [ 170.287698][ T8567] device erspan0 entered promiscuous mode [ 170.294997][ T8567] bridge0: port 3(erspan0) entered blocking state [ 170.301516][ T8567] bridge0: port 3(erspan0) entered forwarding state [ 170.378088][ T4245] libceph: connect (1)[c::]:6789 error -101 [ 170.380392][ T4610] savu 0003:1E7D:2D5A.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 170.390798][ T4245] libceph: mon0 (1)[c::]:6789 connect error [ 170.463167][ T8572] ceph: No mds server is up or the cluster is laggy [ 170.493836][ T8583] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1719' sets config #0 [ 170.632865][ T4610] usb 1-1: USB disconnect, device number 4 [ 171.089303][ T4610] Bluetooth: hci5: command 0x1003 tx timeout [ 171.102927][ T4186] Bluetooth: hci5: sending frame failed (-49) [ 171.682661][ T8620] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1737'. [ 173.168409][ T4610] Bluetooth: hci5: command 0x1001 tx timeout [ 173.175032][ T4186] Bluetooth: hci5: sending frame failed (-49) [ 175.237262][ T4615] Bluetooth: hci5: command 0x1009 tx timeout [ 175.477134][ T4238] Bluetooth: hci0: command 0x0406 tx timeout [ 175.483475][ T4238] Bluetooth: hci3: command 0x0406 tx timeout [ 175.487201][ T4610] Bluetooth: hci1: command 0x0406 tx timeout [ 179.498924][ T8759] netlink: 'syz.0.1749': attribute type 4 has an invalid length. [ 179.510681][ T1336] libceph: connect (1)[c::]:6789 error -101 [ 179.529678][ T1336] libceph: mon0 (1)[c::]:6789 connect error [ 179.562244][ T8751] ceph: No mds server is up or the cluster is laggy [ 179.590288][ T8759] netlink: 3649 bytes leftover after parsing attributes in process `syz.0.1749'. [ 179.748189][ T8771] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1754'. [ 180.018597][ T8785] overlayfs: conflicting options: userxattr,redirect_dir=off [ 180.320532][ T8801] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1772'. [ 182.549631][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 182.549644][ T26] audit: type=1326 audit(1763229924.726:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 183.129714][ T26] audit: type=1326 audit(1763229924.776:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 183.152269][ T26] audit: type=1326 audit(1763229924.776:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 183.343133][ T26] audit: type=1326 audit(1763229924.776:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 183.365835][ T8872] loop0: detected capacity change from 0 to 164 [ 183.487709][ T26] audit: type=1326 audit(1763229924.776:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 183.611435][ T8885] 9pnet_virtio: no channels available for device syz [ 183.619078][ T26] audit: type=1326 audit(1763229924.776:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 183.739391][ T26] audit: type=1326 audit(1763229924.776:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 183.850606][ T26] audit: type=1326 audit(1763229924.776:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 183.978447][ T26] audit: type=1326 audit(1763229924.776:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 184.100120][ T26] audit: type=1326 audit(1763229924.776:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5205ebe6c9 code=0x7ffc0000 [ 184.442705][ T4615] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 184.712519][ T4615] usb 2-1: Using ep0 maxpacket: 16 [ 184.842551][ T4615] usb 2-1: config 222 has an invalid interface number: 31 but max is 0 [ 184.878823][ T4615] usb 2-1: config 222 has no interface number 0 [ 184.895267][ T4615] usb 2-1: config 222 interface 31 altsetting 11 endpoint 0xE has an invalid bInterval 255, changing to 11 [ 184.956053][ T4615] usb 2-1: config 222 interface 31 altsetting 11 endpoint 0xE has invalid maxpacket 59391, setting to 1024 [ 185.007159][ T4615] usb 2-1: config 222 interface 31 has no altsetting 0 [ 185.192652][ T4615] usb 2-1: New USB device found, idVendor=0f11, idProduct=2030, bcdDevice=a9.fd [ 185.374955][ T4615] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.424807][ T4615] usb 2-1: Product: syz [ 185.432224][ T4615] usb 2-1: Manufacturer: syz [ 185.436846][ T4615] usb 2-1: SerialNumber: syz [ 185.532423][ T8913] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 185.606393][ T8978] loop4: detected capacity change from 0 to 164 [ 185.771571][ T8981] binder: Unknown parameter 'context' [ 185.846046][ T4615] ldusb 2-1:222.31: LD USB Device #0 now attached to major 180 minor 0 [ 185.884154][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 185.893597][ T4615] usb 2-1: USB disconnect, device number 7 [ 185.922722][ T4615] ldusb 2-1:222.31: LD USB Device #0 now disconnected [ 186.178576][ T9001] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1855'. [ 186.227604][ T9001] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1855'. [ 186.237034][ T9001] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1855'. [ 186.249410][ T9001] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1855'. [ 186.893558][ T9010] loop4: detected capacity change from 0 to 40427 [ 186.920104][ T9010] F2FS-fs (loop4): build fault injection attr: rate: 684, type: 0x1ffff [ 186.946434][ T9010] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x35f7 [ 186.977184][ T9010] F2FS-fs (loop4): invalid crc value [ 186.987869][ T9010] F2FS-fs (loop4): Found nat_bits in checkpoint [ 187.025220][ T9010] F2FS-fs (loop4): Start checkpoint disabled! [ 187.314960][ T9010] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 187.556046][ T4773] handle_bad_sector: 1328 callbacks suppressed [ 187.556059][ T4773] attempt to access beyond end of device [ 187.556059][ T4773] loop4: rw=2049, want=40976, limit=40427 [ 187.601563][ T9033] netlink: 37 bytes leftover after parsing attributes in process `syz.0.1868'. [ 187.690086][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 187.935625][ T9041] binder: Unknown parameter 'context' [ 188.047886][ T9051] loop4: detected capacity change from 0 to 512 [ 188.072981][ T9051] EXT4-fs (loop4): Ignoring removed oldalloc option [ 188.093270][ T9051] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 188.113873][ T9051] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 188.127263][ T1336] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 188.146144][ T9051] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2826: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 188.182586][ T9051] EXT4-fs (loop4): 1 truncate cleaned up [ 188.188406][ T9051] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,oldalloc,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 188.650634][ T1336] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 188.672301][ T1336] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.726969][ T1336] usb 4-1: Product: syz [ 188.786824][ T1336] usb 4-1: Manufacturer: syz [ 188.812694][ T1336] usb 4-1: SerialNumber: syz [ 188.978955][ T9079] netlink: 756 bytes leftover after parsing attributes in process `syz.5.1888'. [ 189.110467][ T1336] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 189.190485][ T1336] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 189.606820][ T9113] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1901'. [ 189.918916][ T9130] input: syz1 as /devices/virtual/input/input7 [ 190.266120][ T9151] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1919'. [ 191.529154][ T1336] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000080. ret = -71 [ 191.696052][ T1336] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 192.114938][ T1336] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 192.139584][ T1336] lan78xx: probe of 4-1:1.0 failed with error -71 [ 192.172019][ T1336] usb 4-1: USB disconnect, device number 3 [ 192.598229][ T9238] loop5: detected capacity change from 0 to 2048 [ 192.710861][ T9238] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 192.739773][ T9238] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.878651][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.887575][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.027288][ T13] Bluetooth: hci4: command 0x0405 tx timeout [ 195.181343][ T9288] loop0: detected capacity change from 0 to 40427 [ 195.302527][ T4623] Bluetooth: hci5: command 0x1003 tx timeout [ 195.327225][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 195.411116][ T9288] F2FS-fs (loop0): build fault injection attr: rate: 684, type: 0x1ffff [ 195.436812][ T9288] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x35f7 [ 195.508352][ T9288] F2FS-fs (loop0): invalid crc value [ 195.548514][ T9288] F2FS-fs (loop0): Found nat_bits in checkpoint [ 195.644366][ T9328] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1995'. [ 195.728527][ T9288] F2FS-fs (loop0): Start checkpoint disabled! [ 195.818593][ T9288] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 196.062213][ T1235] attempt to access beyond end of device [ 196.062213][ T1235] loop0: rw=2049, want=40976, limit=40427 [ 196.297894][ T9348] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2004'. [ 196.903946][ T9380] loop5: detected capacity change from 0 to 512 [ 196.991827][ T264] block nbd1: Attempted send on invalid socket [ 196.999150][ T264] blk_update_request: I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 197.015201][ T9380] EXT4-fs (loop5): inline encryption not supported [ 197.022163][ T9386] EXT4-fs (nbd1): unable to read superblock [ 197.043666][ T9380] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2 [ 197.068384][ T9380] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.2018: invalid indirect mapped block 2683928664 (level 1) [ 197.110024][ T9380] EXT4-fs (loop5): 1 truncate cleaned up [ 197.126424][ T9380] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,dioread_lock,init_itable=0x0000000000000b8f,nodiscard,inlinecrypt,usrjquota=.sb=0x0000000000000007,nodiscard,jqfmt=vfsv0,noload,debug_want_extra_isize=0x0000000000000006,noload,,,errors=continue. Quota mode: writeback. [ 197.175839][ T9380] EXT4-fs (loop5): shut down requested (1) [ 197.268557][ T9396] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2034'. [ 197.386511][ T4610] Bluetooth: hci5: command 0x1001 tx timeout [ 197.392598][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 197.858538][ T9418] bridge0: port 3(erspan0) entered disabled state [ 198.054851][ T9418] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.063562][ T9418] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.544725][ T9418] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.563662][ T9418] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.909559][ T9418] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.918727][ T9418] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.927978][ T9418] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.936966][ T9418] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.102186][ T9423] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2038'. [ 199.857890][ T23] Bluetooth: hci5: command 0x1009 tx timeout [ 200.827574][ T9435] loop5: detected capacity change from 0 to 32768 [ 200.854135][ T9435] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.2040 (9435) [ 200.969794][ T9435] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 200.994457][ T9435] BTRFS info (device loop5): setting nodatacow, compression disabled [ 201.002966][ T9435] BTRFS info (device loop5): enabling auto defrag [ 201.009887][ T9435] BTRFS info (device loop5): max_inline at 0 [ 201.048627][ T9435] BTRFS info (device loop5): using free space tree [ 201.082406][ T9435] BTRFS info (device loop5): has skinny extents [ 201.684790][ T26] kauditd_printk_skb: 18 callbacks suppressed [ 201.684805][ T26] audit: type=1107 audit(1763229943.865:76): pid=9509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 201.864635][ T26] audit: type=1800 audit(1763229944.046:77): pid=9435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2040" name="file1" dev="loop5" ino=260 res=0 errno=0 [ 202.815460][ T9561] loop1: detected capacity change from 0 to 512 [ 202.922977][ T9561] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 202.950395][ T9561] EXT4-fs (loop1): 1 truncate cleaned up [ 202.962799][ T9561] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,,errors=continue. Quota mode: writeback. [ 203.003324][ T9561] EXT4-fs (loop1): re-mounted. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,. Quota mode: writeback. [ 203.752374][ T9596] loop4: detected capacity change from 0 to 512 [ 203.824343][ T9596] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 203.837486][ T9596] EXT4-fs (loop4): 1 truncate cleaned up [ 203.843550][ T9596] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,,errors=continue. Quota mode: writeback. [ 203.884809][ T9596] EXT4-fs (loop4): re-mounted. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,. Quota mode: writeback. [ 203.940048][ T9570] loop0: detected capacity change from 0 to 32768 [ 203.984385][ T9570] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.2088 (9570) [ 204.039033][ T9570] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 204.057999][ T9570] BTRFS info (device loop0): use zlib compression, level 3 [ 204.072767][ T9570] BTRFS info (device loop0): using free space tree [ 204.099935][ T9570] BTRFS info (device loop0): has skinny extents [ 204.188820][ T9608] cgroup: Name too long [ 204.235199][ T9610] loop5: detected capacity change from 0 to 1024 [ 204.294699][ T9624] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2110'. [ 204.305923][ T9610] EXT4-fs (loop5): test_dummy_encryption requires encrypt feature [ 204.542778][ T9570] BTRFS info (device loop0): enabling ssd optimizations [ 204.682537][ T4609] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 204.972329][ T4609] usb 6-1: Using ep0 maxpacket: 16 [ 205.162584][ T4609] usb 6-1: unable to get BOS descriptor or descriptor too short [ 205.242502][ T4609] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 205.257189][ T150] block nbd3: Attempted send on invalid socket [ 205.260433][ T4609] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 205.263577][ T150] blk_update_request: I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 205.285687][ T9675] EXT4-fs (nbd3): unable to read superblock [ 205.328801][ T4609] usb 6-1: config 1 has no interface number 1 [ 205.353734][ T4609] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 205.572071][ T4609] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 205.891890][ T7] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 206.181782][ T1336] Bluetooth: hci2: command 0x0406 tx timeout [ 206.331594][ T4609] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.352043][ T4609] usb 6-1: Product: ช㘦鸚䭊敫倵嚀蓉㢩챵썺瓌㽍霹燜⶜☍但䐹楨굨෺ឈ抟ꂨ곥ﶡ谵생㹛膺′䵪┵ᄦ৴ﯕ茸워㋘ [ 206.354741][ T7] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 206.388666][ T4609] usb 6-1: Manufacturer: 孟檠믭쪍﷼畸䭋⩙莢㟄끜ࣃ㔙ꊊ붔堓镀皒슉맒繆慬몬β튺ٜꦑ쏴初巕ⴘ⠜ꂍ [ 206.407224][ T7] usb 5-1: can't read configurations, error -71 [ 206.448534][ T4609] usb 6-1: SerialNumber: 㩠倐랔紀圙䶨迪䟊ᑦ읲袶ﻜু힓관驖ᬾ⽣襵ⳮ䙈믄ʸ叔统 [ 207.127535][ T9712] loop0: detected capacity change from 0 to 512 [ 207.303139][ T9712] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 207.374421][ T9724] device batadv_slave_1 entered promiscuous mode [ 207.387617][ T9712] EXT4-fs (loop0): 1 truncate cleaned up [ 207.387744][ T9723] device batadv_slave_1 left promiscuous mode [ 207.396762][ T9712] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,,errors=continue. Quota mode: writeback. [ 207.441348][ T4609] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor [ 207.492980][ T9712] EXT4-fs (loop0): re-mounted. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,. Quota mode: writeback. [ 207.685725][ T4609] usb 6-1: USB disconnect, device number 2 [ 207.694756][ T9729] loop4: detected capacity change from 0 to 4096 [ 207.755829][ T9729] EXT4-fs (loop4): Test dummy encryption mode enabled [ 207.824662][ T9729] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,noauto_da_alloc,dioread_nolock,test_dummy_encryption,block_validity,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 207.903863][ T9741] tc_dump_action: action bad kind [ 208.120927][ T9749] udevd[9749]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 208.191781][ T9758] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2161'. [ 208.270441][ T9729] fscrypt (loop4): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))") [ 208.302017][ T9753] EXT4-fs error (device loop4): __ext4_get_inode_loc:4327: comm syz.4.2151: Invalid inode table block 17725141040191475193 in block_group 0 [ 208.320739][ T4609] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 208.570542][ T4609] usb 2-1: Using ep0 maxpacket: 16 [ 208.704152][ T4609] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 208.726750][ T4609] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 208.786044][ T9782] kvm [9781]: vcpu0, guest rIP: 0xfff0 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xb9, nop [ 208.940534][ T4609] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 208.949768][ T4609] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.985010][ T4609] usb 2-1: Product: syz [ 209.086417][ T4609] usb 2-1: Manufacturer: syz [ 209.154715][ T4609] usb 2-1: SerialNumber: syz [ 209.750060][ T4609] usb 2-1: 0:2 : does not exist [ 209.794312][ T4609] usb 2-1: USB disconnect, device number 8 [ 209.916214][ T9803] loop5: detected capacity change from 0 to 512 [ 210.009218][ T9803] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2 [ 210.061839][ T9751] udevd[9751]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 210.084485][ T9803] EXT4-fs (loop5): 1 truncate cleaned up [ 210.093133][ T9803] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,,errors=continue. Quota mode: writeback. [ 210.122675][ T9803] EXT4-fs (loop5): re-mounted. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,. Quota mode: writeback. [ 210.914676][ T9837] Device name cannot be null; rc = [-22] [ 210.943648][ T9838] loop3: detected capacity change from 0 to 512 [ 211.044845][ T9844] 9pnet: Insufficient options for proto=fd [ 211.118039][ T9838] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 211.196810][ T9838] EXT4-fs (loop3): 1 truncate cleaned up [ 211.251343][ T9838] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,,errors=continue. Quota mode: writeback. [ 211.381037][ T9838] EXT4-fs (loop3): re-mounted. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,. Quota mode: writeback. [ 212.985017][ T26] audit: type=1326 audit(1763229955.181:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9897 comm="syz.1.2218" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc98044b6c9 code=0x0 [ 214.219729][ T9934] loop3: detected capacity change from 0 to 512 [ 214.311513][ T9934] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 214.327145][ T9934] EXT4-fs (loop3): 1 truncate cleaned up [ 214.338381][ T9934] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,,errors=continue. Quota mode: writeback. [ 214.432399][ T9934] EXT4-fs (loop3): re-mounted. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,noinit_itable,noblock_validity,. Quota mode: writeback. [ 215.091971][ T9952] loop5: detected capacity change from 0 to 4096 [ 215.184887][ T9952] EXT4-fs (loop5): Test dummy encryption mode enabled [ 215.239048][ T9952] EXT4-fs (loop5): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,noauto_da_alloc,dioread_nolock,test_dummy_encryption,block_validity,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 215.321818][ T9965] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 215.332711][ T9965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 215.358648][ T9965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 215.376976][ T9965] device bridge_slave_0 left promiscuous mode [ 215.384889][ T9965] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.431088][ T9965] device bridge_slave_1 left promiscuous mode [ 215.470622][ T9965] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.610160][ T9952] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 216.619034][ T9965] bond0: (slave bond_slave_0): Releasing backup interface [ 216.632854][ T9952] EXT4-fs error (device loop5): ext4_read_inode_bitmap:140: comm syz.5.2241: Invalid inode bitmap blk 17645240769277055999 in block_group 0 [ 216.653348][ T9971] EXT4-fs error (device loop5): __ext4_get_inode_loc:4327: comm syz.5.2241: Invalid inode table block 17725141040191475193 in block_group 0 [ 216.703489][ T9965] bond0: (slave bond_slave_1): Releasing backup interface [ 216.715855][ T9981] EXT4-fs error (device loop5): __ext4_get_inode_loc:4327: comm syz.5.2241: Invalid inode table block 17725141040191475193 in block_group 0 [ 216.831815][ T9965] team0: Port device team_slave_0 removed [ 216.912413][ T9965] team0: Port device team_slave_1 removed [ 216.930947][ T9965] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 216.948151][ T9965] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 216.948396][ T9992] cgroup: Invalid name [ 216.961493][ T9965] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 216.976523][ T9965] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.122767][T10053] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2285'. [ 218.388030][T10067] loop4: detected capacity change from 0 to 512 [ 218.451733][T10019] loop5: detected capacity change from 0 to 32768 [ 218.463637][T10067] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 218.510354][T10067] EXT4-fs (loop4): 1 truncate cleaned up [ 218.527866][T10067] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 218.590004][T10019] XFS (loop5): Mounting V5 Filesystem [ 218.606224][T10089] netlink: 'syz.1.2301': attribute type 1 has an invalid length. [ 218.621463][ T26] audit: type=1800 audit(1763229960.814:79): pid=10067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2292" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 218.672317][T10089] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 218.701096][T10094] netlink: 'syz.0.2299': attribute type 1 has an invalid length. [ 218.733108][T10089] bond0: (slave batadv1): making interface the new active one [ 218.839026][T10089] bond0: (slave batadv1): Enslaving as an active interface with an up link [ 218.849764][T10019] XFS (loop5): Ending clean mount [ 218.892506][T10096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2301'. [ 218.920868][T10096] bond0 (unregistering): (slave batadv1): Releasing active interface [ 219.016080][T10096] bond0 (unregistering): Released all slaves [ 219.095531][ T7740] XFS (loop5): Unmounting Filesystem [ 219.493895][T10133] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2320'. [ 219.613806][T10135] team0: Port device gtp0 added [ 219.911102][T10153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2329'. [ 219.988385][T10153] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 220.028053][T10153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2329'. [ 220.174440][T10165] loop3: detected capacity change from 0 to 4096 [ 220.203284][T10165] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 220.417599][ T5173] ntfs3: loop3: ntfs_sync_fs r=1a failed, -22. [ 220.440171][ T5173] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 220.481003][ T5173] ntfs3: loop3: ntfs_evict_inode r=1a failed, -22. [ 223.546282][T10259] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2378'. [ 223.555540][T10255] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2375'. [ 223.600394][T10255] tc_dump_action: action bad kind [ 224.287754][T10291] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2391'. [ 225.197573][T10303] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2396'. [ 225.581625][T10312] loop3: detected capacity change from 0 to 4096 [ 225.702373][T10312] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 225.816756][T10312] overlayfs: upper fs does not support tmpfile. [ 225.825764][T10312] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 226.497965][T10374] 9pnet: Insufficient options for proto=fd [ 226.540952][T10378] netlink: 1363 bytes leftover after parsing attributes in process `syz.1.2426'. [ 226.732298][T10385] device syzkaller0 entered promiscuous mode [ 228.137328][T10453] tipc: Enabling of bearer rejected, media not registered [ 228.278325][T10463] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2462'. [ 228.988384][T10508] netlink: 260 bytes leftover after parsing attributes in process `syz.1.2483'. [ 229.045197][T10508] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2483'. [ 229.102751][T10511] device syzkaller0 entered promiscuous mode [ 229.126584][T10508] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2483'. [ 229.228211][T10514] netlink: 'syz.4.2485': attribute type 1 has an invalid length. [ 229.296593][T10517] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 229.314521][T10517] bond0: (slave batadv1): making interface the new active one [ 229.731842][T10517] bond0: (slave batadv1): Enslaving as an active interface with an up link [ 229.868444][T10520] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2487'. [ 229.886136][T10522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2485'. [ 229.921864][T10522] bond0 (unregistering): (slave batadv1): Releasing active interface [ 229.949969][T10522] bond0 (unregistering): Released all slaves [ 230.253302][T10542] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2496'. [ 230.394552][T10554] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 230.598616][T10565] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2506'. [ 231.144331][T10602] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 232.060006][T10639] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2542'. [ 232.810032][T10658] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 232.834143][T10658] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 232.844138][T10658] pit: kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 232.853995][T10658] pit: kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 232.862457][T10658] pit: kvm: requested 41904 ns i8254 timer period limited to 200000 ns [ 232.871404][T10658] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 232.880562][T10658] pit: kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 232.890571][T10658] pit: kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 232.903653][T10658] pit: kvm: requested 170133 ns i8254 timer period limited to 200000 ns [ 232.912368][T10658] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 232.920740][ T4611] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 233.157363][T10676] loop5: detected capacity change from 0 to 128 [ 233.298263][ T4611] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 233.304940][T10682] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2556'. [ 233.319403][ T4611] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 233.336576][ T4611] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 233.347693][ T4611] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 233.444488][ T4611] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 233.465026][ T4611] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 233.475801][T10688] overlayfs: bad mount option "redirect_dir=nofollow:/" [ 233.490916][ T4611] usb 1-1: Manufacturer: syz [ 233.507230][ T4611] usb 1-1: config 0 descriptor?? [ 233.997983][ T4611] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 234.014524][ T4611] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 234.055976][ T4611] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 234.577595][ T4611] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 234.827464][ T4611] usb 4-1: Using ep0 maxpacket: 8 [ 234.954349][ T4611] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 234.974169][ T4611] usb 4-1: config 179 has no interface number 0 [ 234.996991][ T4611] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 235.029347][ T4611] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 235.065614][ T4611] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 235.094286][ T4611] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 235.124854][ T4611] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 235.173304][ T4611] usb 4-1: config 179 interface 65 has no altsetting 0 [ 235.202424][ T4611] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 235.222335][ T4611] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.311042][ T4611] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input10 [ 235.548642][ T4611] usb 4-1: USB disconnect, device number 4 [ 235.557903][ T4611] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 235.823042][T10817] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2617'. [ 236.443021][ T4238] usb 1-1: USB disconnect, device number 5 [ 236.492654][ T26] audit: type=1107 audit(1763229978.693:80): pid=10852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 236.702931][T10867] loop3: detected capacity change from 0 to 512 [ 236.760284][T10867] EXT4-fs (loop3): inline encryption not supported [ 236.780682][T10867] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 236.867406][T10867] EXT4-fs (loop3): 1 truncate cleaned up [ 236.873617][T10867] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000080,stripe=0x0000000000004000,errors=remount-ro,inlinecrypt,. Quota mode: none. [ 236.938928][T10867] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.2641: bg 0: block 255: padding at end of block bitmap is not set [ 236.987084][T10867] EXT4-fs (loop3): Remounting filesystem read-only [ 237.018333][T10883] overlayfs: bad mount option "redirect_dir=nofollow:/" [ 237.026722][T10887] binder: Bad value for 'max' [ 237.555393][T10914] fuse: Bad value for 'fd' [ 237.896414][T10933] fuse: Bad value for 'fd' [ 239.258462][T10976] loop0: detected capacity change from 0 to 128 [ 239.323724][T10976] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 239.340176][T10976] ext4 filesystem being mounted at /522/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 239.386860][T10976] syz.0.2690 (pid 10976) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 239.400477][T10976] fscrypt: key with description 'fscrypt:85baa174f0cb1142' is too short (got 26 bytes, need 32+ bytes) [ 239.413002][T10976] fscrypt: key with description 'fscrypt:85baa174f0cb1142' is too short (got 26 bytes, need 32+ bytes) [ 239.425901][T10976] EXT4-fs (loop0): shut down requested (1) [ 239.432168][T10976] fscrypt (loop0, inode 12): Error -5 getting encryption context [ 239.440433][T10976] fscrypt (loop0, inode 12): Error -5 getting encryption context [ 239.790917][T10991] loop0: detected capacity change from 0 to 32768 [ 239.893563][T10991] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.2697 (10991) [ 239.917962][T10991] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 239.927558][T10991] BTRFS info (device loop0): using free space tree [ 239.934082][T10991] BTRFS info (device loop0): has skinny extents [ 240.081842][T10991] BTRFS info (device loop0): enabling ssd optimizations [ 240.144706][ T4609] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 240.384627][ T4609] usb 5-1: Using ep0 maxpacket: 8 [ 240.483900][T11046] binder: 11045:11046 ioctl c0306201 200000000940 returned -14 [ 240.504852][ T4609] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 240.522563][ T4609] usb 5-1: config 179 has no interface number 0 [ 240.540111][ T4609] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 240.592114][ T4609] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 240.644123][ T4609] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 240.685263][ T4609] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 240.743144][ T4609] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 240.803613][ T4609] usb 5-1: config 179 interface 65 has no altsetting 0 [ 240.830608][ T4609] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 240.862508][ T4609] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.928158][ T4609] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input11 [ 241.153789][T11077] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2725'. [ 241.208208][T11059] usb 5-1: USB disconnect, device number 5 [ 241.223298][T11059] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 241.253436][T11083] netlink: 'syz.3.2727': attribute type 1 has an invalid length. [ 241.398243][T11089] bond1: (slave gretap1): making interface the new active one [ 241.505112][T11089] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 241.690148][T11107] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2739'. [ 241.831088][T11110] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2740'. [ 242.043095][T11125] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2745'. [ 242.496850][T11155] 9pnet_virtio: no channels available for device syz [ 243.292519][ T26] audit: type=1326 audit(1763229985.496:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11207 comm="syz.4.2785" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd3452626c9 code=0x0 [ 243.953218][T11256] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2805'. [ 244.028211][T11260] netlink: 140 bytes leftover after parsing attributes in process `syz.3.2808'. [ 244.623764][T11300] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 244.702413][T11300] overlayfs: missing 'lowerdir' [ 245.242704][T11331] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2839'. [ 245.305233][T11335] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2841'. [ 245.755656][T11364] loop5: detected capacity change from 0 to 256 [ 245.887687][T11364] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 246.750939][T11409] loop0: detected capacity change from 0 to 4096 [ 246.826636][T11426] xt_CT: You must specify a L4 protocol and not use inversions on it [ 246.906565][T11409] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 248.387922][T11446] loop5: detected capacity change from 0 to 512 [ 248.479942][T11446] EXT4-fs (loop5): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 248.524845][T11446] ext4 filesystem being mounted at /244/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 248.647933][T11446] EXT4-fs error (device loop5): ext4_do_update_inode:5218: inode #2: comm syz.5.2889: corrupted inode contents [ 248.793221][T11446] EXT4-fs error (device loop5): ext4_dirty_inode:6054: inode #2: comm syz.5.2889: mark_inode_dirty error [ 248.828089][T11409] ntfs3: loop0: ino=21, "file1" fallocate(0x20) is not supported [ 248.836597][T11446] EXT4-fs error (device loop5): ext4_do_update_inode:5218: inode #2: comm syz.5.2889: corrupted inode contents [ 248.863540][T11446] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #2: comm syz.5.2889: mark_inode_dirty error [ 252.430176][T11556] fuse: Invalid rootmode [ 252.622767][T11594] syz.1.2956[11594] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 252.622873][T11594] syz.1.2956[11594] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 252.645361][T11596] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 252.911600][T11608] bridge0: port 3(wlan1) entered blocking state [ 252.917999][T11608] bridge0: port 3(wlan1) entered disabled state [ 252.968873][T11608] device wlan1 entered promiscuous mode [ 253.053879][T11623] loop5: detected capacity change from 0 to 512 [ 253.150013][T11623] EXT4-fs (loop5): Ignoring removed bh option [ 253.195367][T11623] EXT4-fs (loop5): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback. [ 253.243574][T11623] ext4 filesystem being mounted at /254/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 253.508877][ T26] audit: type=1804 audit(1763230251.720:82): pid=11623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2969" name="/newroot/254/bus/file1" dev="loop5" ino=15 res=1 errno=0 [ 254.469404][ T26] audit: type=1804 audit(1763230252.640:83): pid=11623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2969" name="/newroot/254/bus/file1" dev="loop5" ino=15 res=1 errno=0 [ 254.859448][T11674] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2988'. [ 255.292002][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.298329][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.385840][T11707] loop0: detected capacity change from 0 to 512 [ 255.458382][ T26] audit: type=1326 audit(1763230253.670:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11713 comm="syz.1.3007" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc98044b6c9 code=0x0 [ 255.555644][T11707] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 255.582504][T11707] ext4 filesystem being mounted at /588/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 255.665793][T11707] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #2: comm syz.0.3005: corrupted inode contents [ 255.678268][T11707] EXT4-fs error (device loop0): ext4_dirty_inode:6054: inode #2: comm syz.0.3005: mark_inode_dirty error [ 255.696493][T11707] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #2: comm syz.0.3005: corrupted inode contents [ 255.737341][T11707] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.3005: mark_inode_dirty error [ 256.130909][T11733] tmpfs: Unknown parameter 'no' [ 256.454605][T11743] fuseblk: Bad value for 'user_id' [ 256.760221][T11755] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3026'. [ 258.340383][T11801] loop3: detected capacity change from 0 to 256 [ 258.457886][T11801] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 256) [ 258.503938][T11801] exFAT-fs (loop3): failed to load alloc-bitmap [ 258.549790][T11801] exFAT-fs (loop3): failed to recognize exfat type [ 258.622516][T11809] blktrace: Concurrent blktraces are not allowed on nullb0 [ 260.196919][T11839] loop3: detected capacity change from 0 to 1024 [ 260.282958][T11839] EXT4-fs (loop3): Ignoring removed nobh option [ 260.289272][T11839] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 260.435997][T11839] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,grpid,barrier=0x0000000000000001,i_version,nouid32,max_dir_size_kb=0x00000000004007b1,abort,nodelalloc,nobh,user_xattr,dioread_lock,dioread_nolock,,errors=continue. Quota mode: none. [ 260.661310][T11839] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5850: Out of memory [ 260.716705][T11839] EXT4-fs error (device loop3): __ext4_unlink:3327: inode #2: comm syz.3.3062: mark_inode_dirty error [ 260.875974][T11872] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3074'. [ 260.876011][ T5173] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5850: Out of memory [ 260.914004][ T5173] EXT4-fs error (device loop3): ext4_dirty_inode:6054: inode #15: comm syz-executor: mark_inode_dirty error [ 260.929983][T11872] device wlan1 left promiscuous mode [ 260.935441][T11872] bridge0: port 3(wlan1) entered disabled state [ 260.962727][T11872] device bridge_slave_1 left promiscuous mode [ 260.986056][T11872] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.031140][T11872] device bridge_slave_0 left promiscuous mode [ 261.037461][T11872] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.738917][T11914] netlink: 536 bytes leftover after parsing attributes in process `syz.3.3094'. [ 261.756057][T11914] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3094'. [ 262.147356][T11938] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3107'. [ 262.378225][T11949] xt_CT: You must specify a L4 protocol and not use inversions on it [ 262.886391][T11952] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3112'. [ 264.407028][T11979] netlink: 5 bytes leftover after parsing attributes in process `syz.5.3121'. [ 264.513596][T11983] tipc: Started in network mode [ 264.520054][T11983] tipc: Node identity ac14142f, cluster identity 4711 [ 264.527744][T11983] tipc: New replicast peer: 0.0.0.0 [ 264.712481][T11983] tipc: Enabled bearer , priority 10 [ 265.842720][ T4620] tipc: Node number set to 2886997039 [ 265.970252][T12023] x_tables: duplicate underflow at hook 1 [ 266.064956][T12028] sctp: [Deprecated]: syz.0.3149 (pid 12028) Use of int in max_burst socket option deprecated. [ 266.064956][T12028] Use struct sctp_assoc_value instead [ 267.295864][T12069] loop4: detected capacity change from 0 to 4096 [ 268.832390][T12110] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3182'. [ 268.963801][T12117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3187'. [ 269.460512][T12132] loop5: detected capacity change from 0 to 8192 [ 269.526093][T12132] FAT-fs (loop5): bogus number of directory entries (9) [ 269.564687][T12132] FAT-fs (loop5): Can't find a valid FAT filesystem [ 269.749970][ T9432] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 270.121174][ T9432] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 270.158360][ T9432] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 270.290011][ T9432] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 270.317821][ T9432] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 270.336072][ T9432] usb 4-1: SerialNumber: syz [ 270.342817][T12184] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3217'. [ 270.383120][T12184] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3217'. [ 270.412238][T12184] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3217'. [ 270.472279][T12189] loop4: detected capacity change from 0 to 164 [ 270.653043][ T9432] usb 4-1: 0:2 : does not exist [ 270.706002][ T9432] usb 4-1: USB disconnect, device number 5 [ 270.852358][T12203] loop0: detected capacity change from 0 to 1024 [ 270.894016][T12203] EXT4-fs (loop0): Ignoring removed orlov option [ 270.952209][T12203] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 270.978645][ T26] audit: type=1804 audit(1763230269.190:85): pid=12203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3227" name="/newroot/634/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 271.001751][ T9751] udevd[9751]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 271.125517][ T26] audit: type=1804 audit(1763230269.340:86): pid=12223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3227" name="/newroot/634/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 271.414534][T12232] loop5: detected capacity change from 0 to 2048 [ 271.604755][T12232] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 271.690855][T12255] netlink: 260 bytes leftover after parsing attributes in process `syz.0.3248'. [ 272.099525][T12273] netlink: 488 bytes leftover after parsing attributes in process `syz.4.3255'. [ 272.116895][T12250] fuse: Bad value for 'fd' [ 272.125855][T12276] netlink: 337 bytes leftover after parsing attributes in process `syz.5.3257'. [ 272.368741][T12285] blk_update_request: I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 272.417539][T12285] EXT4-fs (loop5): unable to read superblock [ 272.720006][ T9432] Bluetooth: hci4: command 0x0406 tx timeout [ 273.293013][T12340] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3286'. [ 273.583364][T12358] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3297'. [ 273.689810][ T1336] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 273.718923][T12360] device syzkaller0 entered promiscuous mode [ 274.827169][ T1336] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 274.837655][ T1336] usb 6-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 274.847110][ T1336] usb 6-1: config 220 interface 0 has no altsetting 0 [ 275.009881][ T1336] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 275.019050][ T1336] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.030215][ T1336] usb 6-1: Product: syz [ 275.034523][ T1336] usb 6-1: Manufacturer: syz [ 275.039124][ T1336] usb 6-1: SerialNumber: syz [ 275.569968][ T1336] usb 6-1: Found UVC 0.00 device syz (8086:0b07) [ 275.579830][ T1336] usb 6-1: No valid video chain found. [ 275.597220][ T1336] usb 6-1: USB disconnect, device number 3 [ 275.659085][T12416] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 275.963676][T12431] overlayfs: failed to clone upperpath [ 275.981804][T12431] overlayfs: failed to clone upperpath [ 276.652949][T12442] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3335'. [ 276.717275][T12417] chnl_net:caif_netlink_parms(): no params data found [ 276.893267][T12444] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3336'. [ 277.136687][T12417] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.221671][T12417] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.260113][T12417] device bridge_slave_0 entered promiscuous mode [ 277.327679][T12417] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.338396][T12417] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.355329][T12417] device bridge_slave_1 entered promiscuous mode [ 277.429683][T12417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 277.483422][T12417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 277.552729][T12417] team0: Port device team_slave_0 added [ 277.572444][T12417] team0: Port device team_slave_1 added [ 277.623352][T12417] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 277.638216][T12417] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 277.693222][T12417] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 277.710949][T12417] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 277.718042][T12417] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 277.744542][T12417] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 277.761073][ T9432] Bluetooth: hci3: command 0x0409 tx timeout [ 277.772197][ T4771] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.822590][T12417] device hsr_slave_0 entered promiscuous mode [ 277.829680][T12417] device hsr_slave_1 entered promiscuous mode [ 277.845150][T12417] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 277.857705][T12417] Cannot create hsr debugfs directory [ 277.881536][ T4771] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.942473][ T4771] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.979964][ T4611] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 278.023770][ T4771] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.289925][ T4611] usb 6-1: Using ep0 maxpacket: 32 [ 278.586608][ T4771] tipc: Disabling bearer [ 278.617795][ T4771] tipc: Left network mode [ 278.806709][ T4771] bond1: (slave ip6gretap1): Releasing active interface [ 279.067297][T12491] netlink: 'syz.4.3356': attribute type 1 has an invalid length. [ 279.168701][T12491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 279.208910][T12417] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 279.237026][T12493] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3356'. [ 279.265844][T12417] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 279.300116][ T4611] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 279.335838][T12417] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 279.352519][T12417] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 279.491211][ T4611] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 279.517620][ T4611] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 279.558198][ T4611] usb 6-1: Product: syz [ 279.568312][ T4611] usb 6-1: Manufacturer: syz [ 279.579667][ T4611] usb 6-1: SerialNumber: syz [ 279.596864][ T4611] usb 6-1: config 0 descriptor?? [ 279.630347][T12463] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 279.726140][T12417] 8021q: adding VLAN 0 to HW filter on device bond0 [ 279.764505][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 279.780517][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 279.811130][T12417] 8021q: adding VLAN 0 to HW filter on device team0 [ 279.845733][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 279.854111][ T4611] Bluetooth: hci3: command 0x041b tx timeout [ 279.876147][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 279.894180][ T4267] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.901308][ T4267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 279.944672][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 279.967505][ T4615] usb 6-1: USB disconnect, device number 4 [ 279.994368][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 280.024544][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 280.052088][ T4773] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.059178][ T4773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.099056][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 280.148469][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 280.177546][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 280.232923][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 280.250950][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 280.268539][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 280.307717][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 280.324490][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 280.342106][ T4771] device hsr_slave_0 left promiscuous mode [ 280.356262][ T4771] device hsr_slave_1 left promiscuous mode [ 280.384072][ T4771] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 280.447395][ T4771] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 280.463289][ T4771] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 280.679793][ T4771] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 280.710171][ T4610] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 280.777898][ T4771] device bridge_slave_1 left promiscuous mode [ 280.839116][ T4771] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.952588][ T4771] device bridge_slave_0 left promiscuous mode [ 280.989964][ T4610] usb 6-1: Using ep0 maxpacket: 32 [ 281.029789][ T4771] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.138253][ T4771] device veth1_macvtap left promiscuous mode [ 281.145882][ T4771] device veth0_macvtap left promiscuous mode [ 281.157687][ T4771] device veth1_vlan left promiscuous mode [ 281.168428][ T4771] device veth0_vlan left promiscuous mode [ 281.240196][ T4610] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 281.421162][ T4610] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 281.442067][ T4610] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 281.482958][ T4771] bond1 (unregistering): Released all slaves [ 281.877654][ T4771] team0 (unregistering): Port device team_slave_1 removed [ 281.948403][ T4771] team0 (unregistering): Port device team_slave_0 removed [ 282.000200][ T4771] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.070539][ T4771] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.388169][ T4771] bond0 (unregistering): Released all slaves [ 282.605952][ T4610] usb 6-1: Product: syz [ 282.610228][ T4610] usb 6-1: Manufacturer: syz [ 282.614854][ T4610] usb 6-1: SerialNumber: syz [ 282.641271][ T4609] Bluetooth: hci3: command 0x040f tx timeout [ 282.652942][ T4610] usb 6-1: config 0 descriptor?? [ 282.663122][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 282.679994][ T4610] usb 6-1: can't set config #0, error -71 [ 282.692817][ T4610] usb 6-1: USB disconnect, device number 5 [ 282.697906][T12563] netlink: 'syz.3.3378': attribute type 4 has an invalid length. [ 282.710840][T12563] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.3378'. [ 282.721395][T12590] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3387'. [ 282.743990][T12417] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 282.837799][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 282.855936][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 283.285507][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 283.328203][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 283.374610][T12417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 284.103168][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 284.122678][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 284.189666][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 284.208360][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 284.240149][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 284.272851][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 284.318374][T12417] device veth0_vlan entered promiscuous mode [ 284.360544][T12417] device veth1_vlan entered promiscuous mode [ 284.458020][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 284.474050][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 284.504821][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 284.527919][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 284.553584][T12417] device veth0_macvtap entered promiscuous mode [ 284.577336][T12417] device veth1_macvtap entered promiscuous mode [ 284.626743][T12417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 284.659123][T12417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.699632][T12417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 284.730411][ T4615] Bluetooth: hci3: command 0x0419 tx timeout [ 284.739034][T12417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 284.799629][T12417] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 284.828142][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 284.840124][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 284.867883][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 284.960288][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 284.999781][T12417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.032400][T12417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.078847][T12417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.119178][T12417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.170824][T12417] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 285.207408][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 285.246983][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 285.294586][T12417] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.330076][T12417] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.338790][T12417] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.417480][T12417] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.722315][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.752242][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.854042][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.869498][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 285.878199][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.941090][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 286.556355][T12765] loop3: detected capacity change from 0 to 2048 [ 287.611343][T12765] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 288.079403][ T26] audit: type=1326 audit(1763230286.290:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12809 comm="syz.6.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f67c86c9 code=0x7ffc0000 [ 288.169788][ T26] audit: type=1326 audit(1763230286.330:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12809 comm="syz.6.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f67c86c9 code=0x7ffc0000 [ 288.281512][ T26] audit: type=1326 audit(1763230286.340:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12809 comm="syz.6.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f38f67c86c9 code=0x7ffc0000 [ 288.396216][ T26] audit: type=1326 audit(1763230286.340:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12809 comm="syz.6.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f67c86c9 code=0x7ffc0000 [ 288.540812][ T26] audit: type=1326 audit(1763230286.340:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12809 comm="syz.6.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38f67c86c9 code=0x7ffc0000 [ 288.706681][T12838] device veth0_to_team entered promiscuous mode [ 289.017513][T12861] netlink: 'syz.3.3479': attribute type 13 has an invalid length. [ 289.070057][T12861] erspan0: refused to change device tx_queue_len [ 289.421452][T12891] netlink: 536 bytes leftover after parsing attributes in process `syz.1.3490'. [ 289.453230][T12891] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3490'. [ 290.048561][T12931] binder: 12926:12931 ioctl c0306201 2000000001c0 returned -14 [ 290.071902][T12933] loop4: detected capacity change from 0 to 128 [ 290.159068][T12933] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 290.212164][T12941] 9pnet: Could not find request transport: 0xffffffffffffffff [ 290.272956][ T4771] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 290.524973][T12954] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3514'. [ 290.563045][T12954] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3514'. [ 291.816728][T13029] loop6: detected capacity change from 0 to 512 [ 291.951029][T13029] EXT4-fs (loop6): Ignoring removed oldalloc option [ 291.992570][T13029] EXT4-fs (loop6): 1 truncate cleaned up [ 292.024156][T13029] EXT4-fs (loop6): mounted filesystem without journal. Opts: quota,bsdgroups,nouid32,errors=remount-ro,jqfmt=vfsv1,oldalloc,stripe=0x0000000000000005,. Quota mode: writeback. [ 292.212283][T12417] EXT4-fs error (device loop6): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 292.329109][T12417] EXT4-fs (loop6): Remounting filesystem read-only [ 292.388455][T12417] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 234881024 (level 0) [ 292.490141][T12417] EXT4-fs (loop6): Remounting filesystem read-only [ 293.791268][T13157] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3589'. [ 294.109809][ T1336] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 294.400280][T13198] netlink: 260 bytes leftover after parsing attributes in process `syz.4.3607'. [ 294.445520][T13200] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3606'. [ 295.359920][T13200] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3606'. [ 295.499977][ T1336] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 295.527293][ T1336] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 295.532970][T13212] loop5: detected capacity change from 0 to 256 [ 295.543147][ T1336] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 295.561254][ T1336] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.585291][T13212] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 295.598632][ T1336] usb 7-1: config 0 descriptor?? [ 295.668097][T13212] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d) [ 295.767655][T13225] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3618'. [ 295.879854][ T1336] usb 7-1: string descriptor 0 read error: -71 [ 295.901750][ T1336] usb 7-1: USB disconnect, device number 2 [ 295.911020][T13232] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3620'. [ 296.777317][ T26] audit: type=1326 audit(1763230294.990:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13287 comm="syz.5.3646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4065e6c9 code=0x7ffc0000 [ 296.856378][ T26] audit: type=1326 audit(1763230294.990:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13287 comm="syz.5.3646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4065e6c9 code=0x7ffc0000 [ 296.956411][ T26] audit: type=1326 audit(1763230295.020:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13287 comm="syz.5.3646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fcc4065e6c9 code=0x7ffc0000 [ 297.020258][ T26] audit: type=1326 audit(1763230295.020:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13287 comm="syz.5.3646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4065e6c9 code=0x7ffc0000 [ 297.042698][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.107230][ T26] audit: type=1326 audit(1763230295.020:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13287 comm="syz.5.3646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4065e6c9 code=0x7ffc0000 [ 297.241973][ T26] audit: type=1326 audit(1763230295.020:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13287 comm="syz.5.3646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcc4065e6c9 code=0x7ffc0000 [ 297.302204][ T26] audit: type=1326 audit(1763230295.020:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13287 comm="syz.5.3646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4065e6c9 code=0x7ffc0000 [ 297.324478][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.423758][ T26] audit: type=1326 audit(1763230295.020:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13287 comm="syz.5.3646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4065e6c9 code=0x7ffc0000 [ 297.487645][T13333] netlink: 'syz.3.3664': attribute type 12 has an invalid length. [ 297.500019][ T26] audit: type=1326 audit(1763230295.020:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13287 comm="syz.5.3646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcc4065e6c9 code=0x7ffc0000 [ 297.619091][ T26] audit: type=1326 audit(1763230295.020:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13287 comm="syz.5.3646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc4065e6c9 code=0x7ffc0000 [ 298.053130][T13367] netlink: 57 bytes leftover after parsing attributes in process `syz.4.3676'. [ 298.158926][T13372] loop6: detected capacity change from 0 to 1024 [ 298.287800][T13372] EXT4-fs (loop6): Ignoring removed orlov option [ 298.291783][T13376] device syzkaller0 entered promiscuous mode [ 298.319107][T13372] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option [ 298.428056][T13372] EXT4-fs (loop6): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,errors=remount-ro,debug_want_extra_isize=0x0000000000000080,orlov,nolazytime,quota,nomblk_io_submit,. Quota mode: writeback. [ 299.145431][T13429] netlink: 'syz.3.3697': attribute type 10 has an invalid length. [ 299.213796][T13429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.233757][T13429] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.267750][T13429] bond0: (slave team0): Enslaving as an active interface with an up link [ 299.299931][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 299.390179][ T4620] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 299.699837][ T4620] usb 5-1: Using ep0 maxpacket: 8 [ 299.830027][ T4620] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 299.856240][ T4620] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 299.891605][ T4620] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 299.909888][ T4620] usb 5-1: config 250 has no interface number 0 [ 299.919854][ T4620] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 299.949307][ T4620] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 299.999965][ T4620] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 300.039750][ T4620] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 300.099263][ T4620] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 300.153322][T13481] overlayfs: unrecognized mount option "verity=require" or missing value [ 300.157255][ T4620] usb 5-1: config 250 interface 228 has no altsetting 0 [ 300.231028][T13485] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3723'. [ 300.249296][T13485] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3723'. [ 300.315241][ T4620] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 300.330395][ T4620] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 300.369689][ T4620] usb 5-1: Product: syz [ 300.374154][ T4620] usb 5-1: SerialNumber: syz [ 300.450961][ T4620] hub 5-1:250.228: bad descriptor, ignoring hub [ 300.462790][ T4620] hub: probe of 5-1:250.228 failed with error -5 [ 300.555494][T13506] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3733'. [ 300.599194][T13506] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3733'. [ 300.653758][T13425] udc-core: couldn't find an available UDC or it's busy [ 300.669867][T13425] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 300.858276][T13531] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3745'. [ 301.029944][ T4615] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 301.234512][ T4620] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 7 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 301.301460][ T4620] usb 5-1: USB disconnect, device number 7 [ 301.321537][ T4620] usblp0: removed [ 301.357665][T13565] netlink: 'syz.3.3761': attribute type 2 has an invalid length. [ 301.396118][T13565] netlink: 1 bytes leftover after parsing attributes in process `syz.3.3761'. [ 301.409975][ T4615] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.449157][T13563] loop4: detected capacity change from 0 to 4096 [ 301.540046][ T4615] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 301.549140][ T4615] usb 7-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 301.579783][ T4615] usb 7-1: Product: syz [ 301.596126][ T4615] usb 7-1: SerialNumber: syz [ 301.811586][ T4187] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 301.822006][ T4187] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 302.193166][T13604] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3779'. [ 302.749943][ T4615] cdc_ncm 7-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 302.765349][ T4615] cdc_ncm 7-1:1.0: setting rx_max = 16384 [ 302.787535][T13598] loop5: detected capacity change from 0 to 40427 [ 302.828606][T13598] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 302.877504][T13598] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 302.971347][ T4615] cdc_ncm 7-1:1.0: setting tx_max = 88 [ 302.988378][T13598] F2FS-fs (loop5): invalid crc value [ 303.029913][T13598] F2FS-fs (loop5): Found nat_bits in checkpoint [ 303.057442][ T4615] cdc_ncm 7-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.6-1, CDC NCM, 42:42:42:42:42:42 [ 303.121422][ T4615] usb 7-1: USB disconnect, device number 3 [ 303.127921][ T4615] cdc_ncm 7-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.6-1, CDC NCM [ 303.203570][T13635] loop3: detected capacity change from 0 to 512 [ 303.274083][T13598] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 303.309198][T13598] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 303.357062][T13635] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 303.402486][T13635] EXT4-fs (loop3): invalid journal inode [ 303.428239][T13635] EXT4-fs (loop3): can't get journal size [ 303.541049][T13635] EXT4-fs (loop3): 1 truncate cleaned up [ 303.546731][T13635] EXT4-fs (loop3): mounted filesystem without journal. Opts: norecovery,max_batch_time=0x0000000000000003,,errors=continue. Quota mode: none. [ 304.058685][T13684] loop3: detected capacity change from 0 to 1024 [ 304.255243][T13691] loop4: detected capacity change from 0 to 128 [ 304.296555][T13684] EXT4-fs (loop3): Ignoring removed orlov option [ 304.362211][T13684] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 304.509224][T13684] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,errors=remount-ro,debug_want_extra_isize=0x0000000000000080,orlov,nolazytime,quota,nomblk_io_submit,. Quota mode: writeback. [ 304.666621][T13708] input: syz1 as /devices/virtual/input/input12 [ 304.709966][T13708] input: failed to attach handler leds to device input12, error: -6 [ 305.851817][T13756] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3831'. [ 308.441474][T13894] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 308.523661][T13896] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3880'. [ 309.105713][T13930] ptrace attach of "./syz-executor exec"[13934] was attempted by "./syz-executor exec"[13930] [ 309.357332][T13875] loop3: detected capacity change from 0 to 8 [ 309.450307][T13875] SQUASHFS error: zlib decompression failed, data probably corrupt [ 309.479525][T13875] SQUASHFS error: Failed to read block 0x9b: -5 [ 309.498341][T13875] SQUASHFS error: Unable to read metadata cache entry [99] [ 309.540047][T13875] SQUASHFS error: Unable to read inode 0x127 [ 309.820313][T13964] netlink: 'syz.4.3901': attribute type 21 has an invalid length. [ 310.292226][T13984] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3907'. [ 311.809366][T14057] netlink: 388 bytes leftover after parsing attributes in process `syz.3.3934'. [ 312.513021][T14079] netlink: 'syz.4.3943': attribute type 1 has an invalid length. [ 312.690486][T14084] bond1: (slave ip6gretap0): Enslaving as a backup interface with an up link [ 312.835237][T14087] bond1 (unregistering): (slave ip6gretap0): Releasing backup interface [ 312.932920][T14087] bond1 (unregistering): Released all slaves [ 313.239163][T14105] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3955'. [ 313.306607][T14108] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3957'. [ 313.599552][T14115] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3958'. [ 314.016362][T14136] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3969'. [ 314.027690][T14137] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3970'. [ 314.036869][T14136] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3969'. [ 314.175408][T14146] netlink: 'syz.4.3972': attribute type 7 has an invalid length. [ 314.194985][T14146] netlink: 'syz.4.3972': attribute type 8 has an invalid length. [ 315.120033][T14192] IPv6: Can't replace route, no match found [ 315.700280][T14230] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4014'. [ 316.644924][T14274] netlink: 'syz.3.4035': attribute type 4 has an invalid length. [ 316.721814][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.728182][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.092261][T14286] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4042'. [ 317.515911][T14276] loop4: detected capacity change from 0 to 32768 [ 317.575427][T14276] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.4037 (14276) [ 317.686440][T14276] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 317.725331][T14276] BTRFS info (device loop4): turning off barriers [ 317.789962][T14276] BTRFS info (device loop4): setting nodatasum [ 317.796193][T14276] BTRFS info (device loop4): enabling auto defrag [ 317.843054][T14276] BTRFS info (device loop4): disabling tree log [ 317.849329][T14276] BTRFS info (device loop4): using free space tree [ 317.902223][T14276] BTRFS info (device loop4): has skinny extents [ 318.228514][T14276] BTRFS info (device loop4): enabling ssd optimizations [ 319.701185][T14394] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 320.155907][T14408] netlink: 'syz.1.4089': attribute type 11 has an invalid length. [ 321.701007][T14478] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4123'. [ 321.729749][T14478] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4123'. [ 322.695284][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 322.695298][ T26] audit: type=1326 audit(1763230320.910:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14507 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3452626c9 code=0x7fc00000 [ 322.826145][ T26] audit: type=1326 audit(1763230320.910:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14507 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3452626c9 code=0x7fc00000 [ 322.909808][ T26] audit: type=1326 audit(1763230320.910:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14507 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3452626c9 code=0x7fc00000 [ 323.363634][T14530] netlink: 'syz.3.4146': attribute type 4 has an invalid length. [ 323.884629][T14560] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4157'. [ 324.013532][T14563] netlink: 76 bytes leftover after parsing attributes in process `syz.5.4160'. [ 324.055846][T14563] netlink: 56 bytes leftover after parsing attributes in process `syz.5.4160'. [ 324.076854][T14565] netlink: 'syz.3.4161': attribute type 16 has an invalid length. [ 324.109914][T14565] netlink: 64122 bytes leftover after parsing attributes in process `syz.3.4161'. [ 324.382826][T14579] ------------[ cut here ]------------ [ 324.388719][T14579] wlan1: Failed check-sdata-in-driver check, flags: 0x4 [ 324.445391][T14579] WARNING: CPU: 0 PID: 14579 at net/mac80211/driver-ops.h:172 ieee80211_bss_info_change_notify+0x37b/0x550 [ 324.502118][T14583] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 324.525552][T14579] Modules linked in: [ 324.529491][T14579] CPU: 0 PID: 14579 Comm: syz.4.4168 Not tainted syzkaller #0 [ 324.602428][T14579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 324.621203][T14579] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550 [ 324.648515][T14579] Code: 7d 8d f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 40 14 19 8b 4c 89 e6 89 ea e8 95 f1 6f 00 <0f> 0b e9 07 fd ff ff e8 a9 15 49 f8 0f 0b e9 b1 fe ff ff e8 9d 15 [ 324.668577][T14579] RSP: 0018:ffffc90004aaf248 EFLAGS: 00010246 [ 324.675084][T14579] RAX: 4853e60dd6a5fb00 RBX: 0000000000400000 RCX: 0000000000080000 [ 324.683380][T14579] RDX: ffffc90005e69000 RSI: 0000000000005165 RDI: 0000000000005166 [ 324.691653][T14579] RBP: 0000000000000004 R08: dffffc0000000000 R09: ffffed10172067b0 [ 324.702315][T14579] R10: ffffed10172067b0 R11: 1ffff110172067af R12: ffff88805f390000 [ 324.710641][T14579] R13: ffff88805f391290 R14: ffff8880762f8da0 R15: ffff88805f392298 [ 324.718725][T14579] FS: 00007fd3434c96c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 324.728297][T14579] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 324.747408][T14579] CR2: 0000001b32819ff8 CR3: 000000004c8a6000 CR4: 00000000003506f0 [ 324.758973][T14579] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 324.775357][T14579] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 324.785750][T14579] Call Trace: [ 324.789108][T14579] [ 324.797477][T14579] ? netif_carrier_off+0x1/0xc0 [ 324.804826][T14579] ieee80211_ocb_leave+0x26f/0x320 [ 324.817701][T14579] __cfg80211_leave_ocb+0x219/0x3f0 [ 324.825904][T14579] cfg80211_leave_ocb+0x53/0x70 [ 324.836677][T14579] cfg80211_change_iface+0x4f1/0xeb0 [ 324.844400][T14579] nl80211_set_interface+0x598/0x7d0 [ 324.855360][T14579] ? nl80211_dump_interface+0x5c0/0x5c0 [ 324.863494][T14579] ? mutex_lock_nested+0x17/0x20 [ 324.868590][T14579] genl_rcv_msg+0xbc6/0xf40 [ 324.879316][T14579] ? genl_bind+0x370/0x370 [ 324.886367][T14579] ? verify_lock_unused+0x140/0x140 [ 324.899061][T14579] ? verify_lock_unused+0x140/0x140 [ 324.906839][T14579] ? nl80211_dump_interface+0x5c0/0x5c0 [ 324.917916][T14579] netlink_rcv_skb+0x1e0/0x430 [ 324.927205][T14579] ? genl_bind+0x370/0x370 [ 324.937040][T14579] ? netlink_ack+0xb60/0xb60 [ 324.943980][T14579] ? __lock_acquire+0x7c60/0x7c60 [ 324.949148][T14579] ? preempt_count_add+0x8d/0x190 [ 324.959564][T14579] ? down_read+0x1aa/0x2e0 [ 324.966539][T14579] genl_rcv+0x24/0x40 [ 324.977510][T14579] netlink_unicast+0x774/0x920 [ 324.984578][T14579] netlink_sendmsg+0x8ab/0xbc0 [ 324.989465][T14579] ? netlink_getsockopt+0x560/0x560 [ 325.001869][T14579] ? aa_sock_msg_perm+0x94/0x150 [ 325.007621][T14579] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 325.017369][T14579] ? security_socket_sendmsg+0x7c/0xa0 [ 325.026545][T14579] ? netlink_getsockopt+0x560/0x560 [ 325.039040][T14579] ____sys_sendmsg+0x5a2/0x8c0 [ 325.049298][T14579] ? memset+0x1e/0x40 [ 325.053676][T14579] ? __sys_sendmsg_sock+0x30/0x30 [ 325.058844][T14579] ? import_iovec+0x6f/0xa0 [ 325.063784][T14579] ___sys_sendmsg+0x1f0/0x260 [ 325.068570][T14579] ? __sys_sendmsg+0x250/0x250 [ 325.073774][T14579] ? sock_do_ioctl+0x27c/0x2f0 [ 325.078660][T14579] ? __fdget+0x18b/0x210 [ 325.083386][T14579] __se_sys_sendmsg+0x190/0x250 [ 325.088377][T14579] ? __x64_sys_sendmsg+0x80/0x80 [ 325.093625][T14579] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 325.099934][T14579] ? lockdep_hardirqs_on+0x94/0x140 [ 325.105237][T14579] do_syscall_64+0x4c/0xa0 [ 325.110145][T14579] ? clear_bhb_loop+0x30/0x80 [ 325.114916][T14579] ? clear_bhb_loop+0x30/0x80 [ 325.119677][T14579] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 325.126163][T14579] RIP: 0033:0x7fd3452626c9 [ 325.130908][T14579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.153496][T14579] RSP: 002b:00007fd3434c9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 325.163014][T14579] RAX: ffffffffffffffda RBX: 00007fd3454b8fa0 RCX: 00007fd3452626c9 [ 325.174538][T14579] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003 [ 325.183922][T14579] RBP: 00007fd3452e4f91 R08: 0000000000000000 R09: 0000000000000000 [ 325.192346][T14579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 325.204957][T14579] R13: 00007fd3454b9038 R14: 00007fd3454b8fa0 R15: 00007fffb531ad18 [ 325.213281][T14579] [ 325.216399][T14579] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 325.223781][T14579] CPU: 0 PID: 14579 Comm: syz.4.4168 Not tainted syzkaller #0 [ 325.231253][T14579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 325.241328][T14579] Call Trace: [ 325.244626][T14579] [ 325.247561][T14579] dump_stack_lvl+0x168/0x230 [ 325.252256][T14579] ? show_regs_print_info+0x20/0x20 [ 325.257473][T14579] ? load_image+0x3b0/0x3b0 [ 325.261998][T14579] panic+0x2c9/0x7f0 [ 325.265914][T14579] ? bpf_jit_dump+0xd0/0xd0 [ 325.270447][T14579] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 325.276879][T14579] __warn+0x248/0x2b0 [ 325.280870][T14579] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 325.287329][T14579] report_bug+0x1b7/0x2e0 [ 325.291690][T14579] handle_bug+0x3a/0x70 [ 325.295847][T14579] exc_invalid_op+0x16/0x40 [ 325.300367][T14579] asm_exc_invalid_op+0x16/0x20 [ 325.305240][T14579] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550 [ 325.312314][T14579] Code: 7d 8d f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 40 14 19 8b 4c 89 e6 89 ea e8 95 f1 6f 00 <0f> 0b e9 07 fd ff ff e8 a9 15 49 f8 0f 0b e9 b1 fe ff ff e8 9d 15 [ 325.331928][T14579] RSP: 0018:ffffc90004aaf248 EFLAGS: 00010246 [ 325.337990][T14579] RAX: 4853e60dd6a5fb00 RBX: 0000000000400000 RCX: 0000000000080000 [ 325.345956][T14579] RDX: ffffc90005e69000 RSI: 0000000000005165 RDI: 0000000000005166 [ 325.353919][T14579] RBP: 0000000000000004 R08: dffffc0000000000 R09: ffffed10172067b0 [ 325.361906][T14579] R10: ffffed10172067b0 R11: 1ffff110172067af R12: ffff88805f390000 [ 325.369872][T14579] R13: ffff88805f391290 R14: ffff8880762f8da0 R15: ffff88805f392298 [ 325.377859][T14579] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 325.384269][T14579] ? netif_carrier_off+0x1/0xc0 [ 325.389113][T14579] ieee80211_ocb_leave+0x26f/0x320 [ 325.394219][T14579] __cfg80211_leave_ocb+0x219/0x3f0 [ 325.399408][T14579] cfg80211_leave_ocb+0x53/0x70 [ 325.404247][T14579] cfg80211_change_iface+0x4f1/0xeb0 [ 325.409526][T14579] nl80211_set_interface+0x598/0x7d0 [ 325.414810][T14579] ? nl80211_dump_interface+0x5c0/0x5c0 [ 325.420370][T14579] ? mutex_lock_nested+0x17/0x20 [ 325.425334][T14579] genl_rcv_msg+0xbc6/0xf40 [ 325.429848][T14579] ? genl_bind+0x370/0x370 [ 325.434262][T14579] ? verify_lock_unused+0x140/0x140 [ 325.439449][T14579] ? verify_lock_unused+0x140/0x140 [ 325.444644][T14579] ? nl80211_dump_interface+0x5c0/0x5c0 [ 325.450202][T14579] netlink_rcv_skb+0x1e0/0x430 [ 325.454982][T14579] ? genl_bind+0x370/0x370 [ 325.459388][T14579] ? netlink_ack+0xb60/0xb60 [ 325.463963][T14579] ? __lock_acquire+0x7c60/0x7c60 [ 325.468976][T14579] ? preempt_count_add+0x8d/0x190 [ 325.474003][T14579] ? down_read+0x1aa/0x2e0 [ 325.478445][T14579] genl_rcv+0x24/0x40 [ 325.482428][T14579] netlink_unicast+0x774/0x920 [ 325.487190][T14579] netlink_sendmsg+0x8ab/0xbc0 [ 325.491945][T14579] ? netlink_getsockopt+0x560/0x560 [ 325.497143][T14579] ? aa_sock_msg_perm+0x94/0x150 [ 325.502070][T14579] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 325.507350][T14579] ? security_socket_sendmsg+0x7c/0xa0 [ 325.512797][T14579] ? netlink_getsockopt+0x560/0x560 [ 325.517981][T14579] ____sys_sendmsg+0x5a2/0x8c0 [ 325.522744][T14579] ? memset+0x1e/0x40 [ 325.526733][T14579] ? __sys_sendmsg_sock+0x30/0x30 [ 325.531764][T14579] ? import_iovec+0x6f/0xa0 [ 325.536261][T14579] ___sys_sendmsg+0x1f0/0x260 [ 325.540936][T14579] ? __sys_sendmsg+0x250/0x250 [ 325.545702][T14579] ? sock_do_ioctl+0x27c/0x2f0 [ 325.550469][T14579] ? __fdget+0x18b/0x210 [ 325.554706][T14579] __se_sys_sendmsg+0x190/0x250 [ 325.559544][T14579] ? __x64_sys_sendmsg+0x80/0x80 [ 325.564465][T14579] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 325.570458][T14579] ? lockdep_hardirqs_on+0x94/0x140 [ 325.575681][T14579] do_syscall_64+0x4c/0xa0 [ 325.580101][T14579] ? clear_bhb_loop+0x30/0x80 [ 325.584766][T14579] ? clear_bhb_loop+0x30/0x80 [ 325.589429][T14579] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 325.595320][T14579] RIP: 0033:0x7fd3452626c9 [ 325.599731][T14579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.619323][T14579] RSP: 002b:00007fd3434c9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 325.627723][T14579] RAX: ffffffffffffffda RBX: 00007fd3454b8fa0 RCX: 00007fd3452626c9 [ 325.635683][T14579] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003 [ 325.643641][T14579] RBP: 00007fd3452e4f91 R08: 0000000000000000 R09: 0000000000000000 [ 325.651602][T14579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 325.659558][T14579] R13: 00007fd3454b9038 R14: 00007fd3454b8fa0 R15: 00007fffb531ad18 [ 325.667526][T14579] [ 325.670790][T14579] Kernel Offset: disabled [ 325.675482][T14579] Rebooting in 86400 seconds..