last executing test programs: 5m17.403498308s ago: executing program 32 (id=57): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0xe, 0xf1, 0x5, 0xfd, 0xd4, 0xd4, 0x0, 0xd7, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0x8080000, 0xdddd1000, 0xb, 0x1, 0x2, 0x0, 0x4, 0x1, 0xe, 0x2, 0xc4, 0x7}, {0x8000000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0x3, 0x8, 0x8}, {0x100000, 0x4000, 0x9, 0x1, 0x3, 0xa, 0xd, 0x6, 0x5, 0x4, 0x2e, 0x4b}, {0x8080000, 0x6000, 0xb, 0x0, 0x3, 0x1, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x6000, 0x4000, 0xf, 0xff, 0x3, 0xff, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x9, 0x54, 0x1, 0xff, 0x7}, {0xeeef0000, 0x9}, {0x1000, 0x9}, 0x40010000, 0x0, 0xffff1000, 0x300, 0x4, 0x2000, 0xe6e70c00, [0x3, 0x7, 0x7, 0x5]}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x5000, 0xffff1000, 0x1000001, 0x1, 0x999}) 4m23.663583187s ago: executing program 0 (id=796): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 4m18.711465202s ago: executing program 0 (id=885): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0xa1c3, 0x6) mount$bpf(0x0, 0x0, 0x0, 0x5085040, &(0x7f0000000100)={[{}]}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, &(0x7f0000000100)) 4m18.598160387s ago: executing program 0 (id=888): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) pipe2$9p(0x0, 0x800) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@version_u}]}}) 4m18.5285686s ago: executing program 0 (id=889): syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000600)={[{@jqfmt_vfsold}, {@nobarrier}, {@nobarrier}, {@noblock_validity}, {@data_err_ignore}, {@acl}, {@abort}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nobh}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x10000}}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x56c, &(0x7f0000000700)="$eJzs3d9rW1UcAPDvTdP91nUwhopIYQ9O5tK19ccEH+aLIDoc6PsMbVZG02U06VjrwO3BvfgiQxBxIL7ru4/DN5988k8Y6GDIKIr4ErnpTZctSZtt2dKazwfuOCfnJud+c+737NzehAQwtMbTf3IRz0fEl0nE/ohIsrZ8ZI3ja/ut3r08k25J1Osf/Zk09kvrzddqPm9vVnkuIn7+POJorr3f6vLKfLFcLi1m9YnawoWJ6vLKsXMLxbnSXOn81PT0idenp956842+xfrK6b+/+fDmeye+OLz69Y+3D1xP4mTsy9pa43gMV1or4zGevSejcfKBHSf70NlWkgz6AHgkI1mej0Y6B+yPkSzrgf+/zyKiDgypRP7DkGquA5rX9n26Dt427ryzdgHUHn9+7W8jsatxbbRnNbnvyii93h3rQ/9pHz/9ceN6ukX//g4BsKkrVyPieD7fPv8l2fz36I73sM+DfZj/4Om5ma5/Xu20/smtr3+iw/pnb4fcfRSb53/udh+66Spd/73dcf27ftNqbCSrPdNY840mZ8+VS+nc9mxEHInRnWl9o/s5J1Zv1bu1ta7/0i3tv7kWzI7jdn7n/c+ZLdaKjxNzqztXI17ouP5N1sc/6TD+6ftxusc+DpVuvNStbfP4n6z69xEvdxz/e3e0ko3vT040zoeJ5lnR7q9rh37t1v+g40/Hf8/G8Y8lrfdrqw/fx3e7/i11a7sv/uj9/N+RfNwo78geu1Ss1RYnI3YkH7Q/PnXvuc16c/80/iOHN57/3v2l/fzfHRGf9Bj/tYM/vNhT/AMa/9mHGv+HL9x6/9Nvu/Xf2/z3WqN0JHukl/mv1wN8nPcOAAAAAAAAtppcROyLJFdYL+dyhcLa5zsOxp5cuVKtHT1bWTo/G43vyo7FaK55p3t/y+chJrPPwzbrUw/UpyPiQER8NbK7US/MVMqzgw4eAAAAAAAAAAAAAAAAAAAAtoi9Xb7/n/p9ZNBHBzxxfvIbhtem+d+PX3oCtiT//8Pwkv8wvOQ/DC/5D8NL/sPwkv8wvOQ/DC/5DwAAAAAAAAAAAAAAAAAAAAAAAAAAAH11+tSpdKuv3r08k9ZnLy4vzVcuHpstVecLC0szhZnK4oXCXKUyVy4VZioLm71euVK5MDkVS5cmaqVqbaK6vHJmobJ0vnbm3EJxrnSmNPpUogIAAAAAAAAAAAAAAAAAAIDtpbq8Ml8sl0uLbYV/6l2bFLZ1IeJKPh37jXf+7VK93ssL5gcdjsITKQx6ZgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAe/4LAAD//zXeOF0=") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x3bd) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000180)='./bus\x00', 0x0, 0x63d014, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r1, 0x0) r2 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000780)={0x3, {{0xa, 0x4e23, 0x9, @mcast1, 0x8}}}, 0x90) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, &(0x7f0000000080)={@desc={0x1, 0x0, @desc3}}) 4m17.912747097s ago: executing program 0 (id=897): r0 = socket(0x10, 0x803, 0x0) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000003580)=""/4094, 0xffe}, {&(0x7f0000002580)=""/4065, 0xfe1}], 0x2}, 0xd}, {{0x0, 0x0, 0x0}, 0xfffffffd}], 0x2, 0x40012002, 0x0) 4m17.225073387s ago: executing program 0 (id=906): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r0, 0x5) r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x10a) flock(r1, 0x2) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) 4m17.062302404s ago: executing program 33 (id=906): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r0, 0x5) r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x10a) flock(r1, 0x2) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) 3m45.639765411s ago: executing program 2 (id=1429): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000300)=@overlay={0x0, 0x2, 0x4, 0x100000, 0x2, {}, {0x1, 0x2, 0x8a, 0x40, 0xb, 0x3, "c2ca11ed"}, 0x4819, 0x3, {}, 0x80000000}) 3m45.558117085s ago: executing program 2 (id=1431): madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16) move_pages(0x0, 0x1, &(0x7f0000000540)=[&(0x7f0000d73000/0x4000)=nil], 0x0, &(0x7f00000003c0), 0x2) 3m45.464132639s ago: executing program 2 (id=1435): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) pidfd_getfd(r1, 0xffffffffffffffff, 0x0) 3m45.315744295s ago: executing program 2 (id=1437): syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x204818, &(0x7f0000000380)=ANY=[@ANYBLOB='mode=0x0000000000000007,showassoc,session=0x0000000000000040,dmode=0x00000000000092fb,sbsector=0x0000000000000000,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c73657373696f6e3da7e1401ae428f6bf303030303030303035362c6e6f726f636b2c00"], 0x1, 0x54e, &(0x7f00000008c0)="$eJzs3V1v01gawPHHfYEoK1WrZYVQVeBQdqUileAkEBSxN17nJD2Q2JHtoPYKVTRFFSmsKCtte8Nyw8xIMx+CuZwPMd8IzUeYke2kLzSJgb5O9f9FcE7sY5/npJYfuY2PBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiOXWbLtoSdN4nWU1mlsL/Nbe2/7WhxbInQPFmH5FrPif5HJyLV107e97q6/G/83LXPpuTnJxkZOdv1z966MrUxOD7ccE/FV+/sY9bW3vvFzt9bpvjiuQc+j65dHrGtozoW9aTkMrE/qqWqnY95bqoaqbpg5Xwki3lBtoJ/IDteDeUcVqtax0YcXveI2a09SDhQ/vlmy7oh4X2toJQt+797gQukum2TReI2kTr47bPIwPxCcmUpF2Wkqtb/S65awBxI2KX9KolNWoZJdKxWKpVKw8qD54aNtThxbYn5FDLY7voMWf0zGevYGjmejnf2mKEU86sixq6MuVmgTiS2vE+r5B/v/nPT223/35f5Dlr+2tnpUk/99I390Ylf9HxHJ6ry3Zlh15KavSk5505c0J9jVz5qM9/GqIFk+MhOKLkZY4yRLVX6KkKhWpiC3PZEnqEoqSuhhpipZQViSUSHRyRLkSiBZHIvElECUL4sodUVKUqlSlLEq0FGRFfOmIJw2piZPsZV02ks+9LMoaFeNuo+LIYeQHx11XSmNGS/7H0R3r+Rs4it8H+R8AAAAAAFxYVvLb9/j6f1quJ7W6aWr7rMMCAAAAAADHKPnL/1xcTMe162Jx/Q8AAAAAwEVjJffYWSKSl5tpbV2s5HYpfgkAAAAAAMAFkfz9/0ZcJHOg3BRrd7oUrv8BAAAAALggvs+cYz9sX7Z+/U2CYNp6317+h7WZzM3rbE6m201+vseoPmvN9HeSFJW0mJpy9ZyVSxvtToL5qV+sZ8Vh7QXg7Abw/68J4MqU/Ci30ja31tJybbAm7SVfN01dcP3mo6I4zsxEpJej/77a+J8kw//Ba81YOdnodQvPX/fWkljex3t5v9mfQPHQPIpjYnmbzLeQ3HMxdMTTyY0Y/X7zlqxv9Lr2/vFPpJtPHOzx3cyYPj/IfNpqvj/jbf7g+HNxn8XCqNH3oygeceQf5Hba5vbC7bQYEkUpK4rS/iiGfxZHj6KcFUX5iFEAwFlZz8hClhzKu99wlvu27C5fmd0/yELaZmE2ObFOzQ45o9tZZ3R7fHabzIril0PPQBqVY+N+f/osq36MN/g4MquGzZIVf4STbzf/I1e3tnfubmyuvui+6L4qlcoV+75tPyjJdDKMfkHuAQAMsf8ZO9bQ/J/5FB7rfsZV9d92v1JQkOfyWnqyJovJ3QbJNw6G7jW/72sIixlXrfkkTaZPeFkcc1V3KbnLYbDf0ti2B2Mon8JPAgCA0zOfkYe/JP8vZlx3H8zl46+O8/ue1gYAAE6GDj5Z+eg7KwhM+1mxWi060ZJWge8+UYGpNbQyXqQDd8nxGlq1Az/yXb8ZV56amg5V2Gm3/SBSdT9QbT80y8n0gar/6PdQtxwvMm7Ybmon1Mr1vchxI1UzofuvduffTRMu6SDZOGxr19SN60TG91TodwJXF5QKtVZ7DU1Ne5Gpm7jqqXZgWk6QU0/9ZqelVU2HbmDakZ/ucNCX8ep+0Ep2e+msP2wAAM6Jre2dl6u9XvfNCVaGdpw79aECAIC+jCwNAAAAAAAAAAAAAAAAAAAAAADOgdO4/4/KBa8MpoI+L/FQOYZK5qnj3YmfnACcqD8CAAD//x6LT3Q=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(0x0, 0x0, 0x0, 0x2125099, 0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 3m45.180245471s ago: executing program 2 (id=1439): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\f\x00\b'], 0x68}}, 0x0) 3m43.504603694s ago: executing program 2 (id=1464): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000340)={0x0, 0x0}, &(0x7f00000002c0)=0xc) setreuid(r3, r3) 3m43.326398122s ago: executing program 34 (id=1464): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000340)={0x0, 0x0}, &(0x7f00000002c0)=0xc) setreuid(r3, r3) 2m49.466333456s ago: executing program 6 (id=2491): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x82) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r2, 0x0) 2m49.332676031s ago: executing program 6 (id=2495): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x40, 0x14, 0x1, 0x4, 0x0, {0xa}, [@typed={0x4}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@mcast1}, @nested={0x14, 0x2, 0x0, 0x1, [@generic="bf74a7dffdd8f8331b9dd3f2f9834b7f"]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000804}, 0x8018) 2m49.260176754s ago: executing program 6 (id=2498): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 2m49.015853935s ago: executing program 6 (id=2501): syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000001200)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="646f74732c6e66732c646f733178666c6f7070792c6e6f646f74732c6e66733d6e6f7374616c655f726f2c666c7573682c008eb4d920a22020bfdff5756435b12a0741fd1d465211f5e7b380a7ee206d42a73a617299a081afae08d58be01e67c53899fbbe703082609ea782556e161a2850300c071e10398738f9ee2d29a732e66c2cd256bd7cdd55b6ff8ce37a4300"/155], 0x1, 0x11ab, &(0x7f0000001280)="$eJzs209rI2UcB/Bf/2hramv9V20vPuhFL4PtwZOXIi1IA0rbCK0gTGmqITEJmRwS8VDw5snXIR69CeIb6LvwVgTZvfS0s2yztNvSPewu28Du53PJF74ZeB4GBp5hfqef//Zj86jIjvJ+TE5MxHQ3Ip2lSDEZUzFyHJ/8snn31529/a31anVjO6XN9d3Vz1JKCx/8/e3Pf3z4T3/umz8X/pqJk8XvTv9f+/dk6WT59N7uD40iNYrU7vRTng46nX5+0Kqnw0bRzFL6ulXPi3pqtIt670p/1Op0u8OUtw/nK91evShS3h6mZn2Y+p3U7w1T/n3eaKcsy9J8JXgWtd/PyrKMKMtX4tUoy7J8LSoxF6/HfCzEG7EYb8Zb8Xa8E+/GUrwX78fy+b/GvW4AAAAAAAAAAAAAAAAAAAB4sZj/BwAAAAAAAAAAAAAAAAAAgPEz/w8AAAAAAAAAAAAAAAAAAADjZ/4fAAAAAAAAAAAAAAAAAAAAxm9nb39rvVrd2E5pNuK/40FtUBv9jvrNL6sbn6Zzi5dX3RkMalMX/eqoT1f7mag87Ndu7Gfj449G/YPui6+q1/qVOHz+2wcAAICXQpYu3Hi+z7LH9aP0yPuBa+f36ViZvrVt8JSK4U/NvNWq9wRBEC7CuJ9M3IbLmz7ulQAAAAAAAAAAAPAkbuNzwnHvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjPDhwLAAAAAAjzt06jYwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK4KAAD//7AGljE=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 2m48.427710591s ago: executing program 6 (id=2508): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x40, 0x14, 0x1, 0x4, 0x0, {0xa}, [@typed={0x4}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@mcast1}, @nested={0x14, 0x2, 0x0, 0x1, [@generic="bf74a7dffdd8f8331b9dd3f2f9834b7f"]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000804}, 0x8018) 2m47.944952522s ago: executing program 6 (id=2514): r0 = io_uring_setup(0x194e, &(0x7f00000000c0)={0x0, 0xd3d5, 0x80, 0x5, 0x2c2}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = syz_io_uring_setup(0x891, &(0x7f0000000140)={0x0, 0x7bd4, 0x0, 0x5, 0xbffffffb, 0x0, r0}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r1, 0x0, 0x0}) io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000300)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0xfe, 0xc1, &(0x7f0000000640)="db", 0x1, 0x0, 0x10, 0x0, 0x7fff, 0x6, 0x0}) close_range(r0, 0xffffffffffffffff, 0x0) 2m47.76917891s ago: executing program 35 (id=2514): r0 = io_uring_setup(0x194e, &(0x7f00000000c0)={0x0, 0xd3d5, 0x80, 0x5, 0x2c2}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = syz_io_uring_setup(0x891, &(0x7f0000000140)={0x0, 0x7bd4, 0x0, 0x5, 0xbffffffb, 0x0, r0}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r1, 0x0, 0x0}) io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000300)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0xfe, 0xc1, &(0x7f0000000640)="db", 0x1, 0x0, 0x10, 0x0, 0x7fff, 0x6, 0x0}) close_range(r0, 0xffffffffffffffff, 0x0) 2m46.347633461s ago: executing program 3 (id=2544): timer_create(0x3, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000040)={[0xfffffffffffffff9]}, 0x0, 0x8) timer_create(0x0, &(0x7f0000001080)={0x0, 0x12, 0x4, @tid=r0}, &(0x7f0000044000)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f0000040fe0)={{r2, r3+10000000}, {0x0, 0x9}}, 0x0) fallocate(0xffffffffffffffff, 0x0, 0xf2a, 0xfffffffb) 2m46.167755299s ago: executing program 3 (id=2546): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r1, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_clone3(&(0x7f0000000180)={0x42907480, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 2m45.68257889s ago: executing program 3 (id=2552): setrlimit(0x8, &(0x7f0000000080)={0x0, 0xfffffffffffdfffd}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) mlockall(0x7) 2m45.359801034s ago: executing program 3 (id=2556): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') symlinkat(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, r0) setpgid(0x0, r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) 2m45.294345847s ago: executing program 3 (id=2558): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000010000e1850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 2m44.925087423s ago: executing program 3 (id=2561): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_int(r3, 0x29, 0x10, 0x0, &(0x7f0000000080)) 2m44.790172679s ago: executing program 36 (id=2561): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_int(r3, 0x29, 0x10, 0x0, &(0x7f0000000080)) 2m13.832472156s ago: executing program 5 (id=3041): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, 0x0) 2m13.659262844s ago: executing program 5 (id=3043): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x400, &(0x7f00000002c0)={[{@shortname_winnt}, {@utf8no}, {@fat=@sys_immutable}, {@fat=@time_offset={'time_offset', 0x3d, 0x161}}, {@shortname_winnt}, {@fat=@tz_utc}, {@fat=@check_normal}, {@utf8no}, {@utf8}]}, 0xfd, 0x2c7, &(0x7f0000000480)="$eJzs3U1rE1sYwPGnadMmKW2yuFy4F6QPutHN0MZPEKQFMaDUpqgLYWonGjImJRMjEbHduXXndygu3QnWL9CNO/fipgiCmy6kI53JmGk7fTVp0vb/g3JO55wn58wL5Zmhc7Jx783TctEximZdYgmVmCRWZFMkIzEJLLfK7S0DMixhK3Jt9OeXS3fvP7iVy+enZ1VncnPXs6o6PvHx+ct3lz/VR+ffj38YkfXMw40f2a/r/67/t7E1F3x6ta6mLlSrdXPBtnSx5JQN1Tu2ZTqWliqOVdvRXrSrS0tNNSuLY6mlmuU4alaaWraaWq9qvdZU87FZqqhhGDqWkotm8KDGZNTGwursrJk71iCxY04KpynyLNdqOXMwsrGwehqTAgAA/WVv/i978v+BVtnJ/P9JydGSo5XD8v+YkP93j5f/b0UmjTgf4ts3ADkzFXnrRv4PAAAAAAAAAAAAAAAAAAAAAMBZsOm6add100EZ/IyISEK2En4vN93reaI7Dj7/IsHvoZCBHk4XHRZ6cS8hYr9uFBoFv/Tbc0UpiS2WTMZFfnnXQ4tfn7mZn55UT0bW7OVWvPeS4EgQH8hEx0/58RqKX24U4pIKj5+VtPwTHZ/dFR8XkUZhWK5eCcUbkpbPj6Qqtix613U7/tWU6o3b+V3jJ71+AAAAAACcB4b+kdl5/+uvJmkYGiwbsqvd39h+PiDpQ54PqKwNSzt+SP4f6t1+AwAAAABwkTjNF2XTtq3aySsT838V3geVpBw/qiOH7oxVjNa/gx3Y2XVd7wtjjvjJb5Mi+zTFZN+mble+i0gfHPBOV74980/gUTr38q8SAAAAgG5oJ/29ngkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfXURcPC/qfZO2x0HCDvdlLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoD/8DgAA//8uWRWa") pread64(0xffffffffffffffff, &(0x7f0000002280)=""/4054, 0xfd6, 0xd33) 2m13.131023537s ago: executing program 5 (id=3047): r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, &(0x7f0000000040), 0x0) 2m13.05620866s ago: executing program 5 (id=3049): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) 2m12.902241786s ago: executing program 5 (id=3052): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 2m12.319744062s ago: executing program 5 (id=3057): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='rdma.current\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 2m12.195691877s ago: executing program 37 (id=3057): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='rdma.current\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 1.526894684s ago: executing program 9 (id=5887): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0xc, &(0x7f0000000080)=0x4, 0x4) sendmsg$netlink(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000900)={0x110, 0x12, 0x1, 0x0, 0x0, "", [@nested={0x100, 0x0, 0x0, 0x0, [@nested={0xf9, 0xc7, 0x0, 0x1, [@typed={0x8, 0x133, 0x0, 0x0, @uid}, @nested={0x4d, 0x6c, 0x0, 0x1, [@nested={0x4, 0x150}, @nested={0x4, 0xa8}, @nested={0x4, 0x148}, @generic="437928b853e7c08502f62f0c86d4d39ac3", @typed={0xc, 0x23, 0x0, 0x0, @u64=0x49b91b62}, @typed={0x4, 0x34}, @typed={0x14, 0x139, 0x0, 0x0, @ipv6=@remote}, @typed={0x8, 0x13, 0x0, 0x0, @u32=0x5}]}, @typed={0x8, 0xf8, 0x0, 0x0, @fd=r3}, @generic="dbb07465ce00ce7f41c05614d6d0993fa4cc230a83e6c323fdaf7b5c58b9712b42f213d3efe3b6f5dc71318d87c5ded9de158021378d666a8a4f1d4bb726fcb15b60ba0d687d5a55b4dca8029a8f02bf5a21b4a5db0c9ef7bc59d593674844a09ee4c64f6bf69bdba5eb1a4bcf00053704417fd4d8fc7d357772049a9950de1434d5b12ff9da3ead7a3db6de891ce8dfe04696d08c"]}]}]}, 0x110}], 0x1}, 0x20000000) 1.443646308s ago: executing program 9 (id=5888): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) 1.318802713s ago: executing program 9 (id=5892): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) userfaultfd(0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) 879.026832ms ago: executing program 4 (id=5905): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0x400017e) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) 767.933947ms ago: executing program 4 (id=5907): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000100), 0x4) 754.660128ms ago: executing program 8 (id=5908): writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f00000000c0)="480000001500257f09004b01fcfc8c860a881300f2", 0x15}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r0, 0x0, 0x40, &(0x7f0000000080), 0x0) 650.340862ms ago: executing program 4 (id=5911): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000440), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c756e695f786c6174653d312c756e695f786c6174653d302c757466383d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c696f636861727365743d64656661756c742c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c726f6469722c757466383d302c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c756e695f786c6174653d302c646d61736b3d30303030303030303030303030303030303030303010312c747a3d5554432c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c6572726f72733d72656d6f756e742d726f2c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c726f6469722c696f636861727365743d63703733372c73686f72746e616d653d77696e39352c696f636861727365743d6370313235312c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c02002c00"], 0x6, 0x2e1, &(0x7f0000000480)="$eJzs3b1rZFUUAPDzJm8+1GJSWIngAy2sls22NgmShcVULil2LTS4uyCZQdhAxA8ctxI7G0v/AkGw85+wsbMUbAU7V1h4ct9H5mOfk13Zibj7+xXJybvnzD33zkvymty89/L0+FYRd+599muMRln0docR97PYjl60voglu18HAPB/dr8s44+y1jH8y1drakcb7AsA2Jxzfv838urjjZTxw8X1BgBsxvUbN9/aOzjYf7soRnF1+uXpYRYR6XM9vncnPohJ3I7LMY4HEdWDQj+qp4UUXi3LcpYXyXa8Np2dHqbK6bs/Na+/93tEVb8T49iuLjVPGz/eTGHv2sH+TlFbqJ+lPp5v5t9N9VdiHC+eFc/nv3awf6WjPg4H8fqrC/1finH8/H58GJO4VTUxr/98pyjeLL/589N3UnupPpudHg6rvLlyq518dsHvEQAAAAAAAAAAAAAAAAAAAAAAT59Lzdk5w6jO70mXmvN3th5EP31ZtLaXz+ep67P2hebnA0WvLMtZGd+25+tcLoqibBLn9Xm8lDcHCwIAAAAAAAAAAAAAAAAAAMAz7uTjT46PJpPbd59I0J4GkEfEX9cj/u3r7C5ceSXWJw+bOY8mk16vDpdz8sUrsdWkp17XtpEW8YS25bzguYd6boLvvu+sSis6yaNraHT+pP3uuR4z+Khf72NnTnt3HR9l3Xs4PGt+lN64Nv8sZxDds/dj5crgnzpsb8VHW86gc2j82NsyeKEKZmtyIlv3ffHGb3XbC6tYyhlUu9pZ3m+ChfKVe+OR7ucY1eUP/6zInNYBAAAAAAAAAAAAAAAAAAAbNf/r347Be2tLe+VwY20BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIWa////xaDfjK4O5cvFK1VdwSDunvwX6wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODZ8ncAAAD//wmUUTo=") r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r2, 0x0, 0x0) 650.216772ms ago: executing program 8 (id=5912): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)={0x28, 0x11, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x18, 0x0, 0x0, 0x0, [@typed={0x13, 0x0, 0x0, 0x0, @binary="56ccabd869c2033840919fdc5a8d25"}]}]}, 0x28}], 0x1, 0x0, 0x0, 0xc010}, 0x40080) 649.762062ms ago: executing program 1 (id=5913): poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x16, 0xc, &(0x7f0000000440)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x50}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xae}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000004}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x7b52e4aff0f1e2e4, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 567.473806ms ago: executing program 7 (id=5914): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) 560.227946ms ago: executing program 1 (id=5915): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_clone(0x43124280, 0x0, 0x0, 0x0, 0x0, 0x0) 510.408578ms ago: executing program 7 (id=5916): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) 495.655128ms ago: executing program 8 (id=5917): r0 = getpid() r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r2, @ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0x22020600) r3 = syz_pidfd_open(r0, 0x0) setns(r3, 0x24020000) 407.785022ms ago: executing program 1 (id=5918): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x28, 0x14, 0x1, 0x4, 0x0, {0xa}, [@typed={0x14, 0x1, 0x0, 0x0, @ipv6=@mcast1}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000804}, 0x8018) 407.580312ms ago: executing program 4 (id=5919): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) getsockopt$IP_VS_SO_GET_VERSION(r3, 0x0, 0x480, 0x0, &(0x7f00000000c0)) 407.325092ms ago: executing program 7 (id=5920): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000808500000070000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) lstat(0x0, 0x0) 399.745213ms ago: executing program 9 (id=5921): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000100), 0x4) 345.458935ms ago: executing program 7 (id=5922): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = landlock_create_ruleset(&(0x7f0000000400)={0x100}, 0x10, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000200)={0x100, r1}, 0x0) landlock_restrict_self(r0, 0x0) r2 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x10, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000140)={0x100, r3}, 0x0) landlock_restrict_self(r2, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file1\x00', 0x0, 0x0) 291.965947ms ago: executing program 8 (id=5923): writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f00000000c0)="480000001500257f09004b01fcfc8c860a881300f2", 0x15}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r0, 0x0, 0x40, &(0x7f0000000080), 0x0) 287.388787ms ago: executing program 7 (id=5924): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvmmsg(r3, &(0x7f000000e280), 0x58a, 0x42, 0x0) 267.956618ms ago: executing program 1 (id=5925): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket(0x10, 0x803, 0x0) getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c000000100037040100"/20, @ANYRES32=r4, @ANYBLOB="83000500000000001c0012800b00010067726574617000000c0002800800", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 216.86254ms ago: executing program 9 (id=5926): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r2, 0xf) wait4(r2, 0x0, 0x2, 0x0) tkill(r2, 0x3) 216.52297ms ago: executing program 8 (id=5927): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)={0x28, 0x11, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x18, 0x0, 0x0, 0x0, [@typed={0x13, 0x0, 0x0, 0x0, @binary="56ccabd869c2033840919fdc5a8d25"}]}]}, 0x28}], 0x1, 0x0, 0x0, 0xc010}, 0x40080) 216.31014ms ago: executing program 4 (id=5928): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x2}) 121.802965ms ago: executing program 7 (id=5929): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 121.589795ms ago: executing program 1 (id=5930): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000440), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c756e695f786c6174653d312c756e695f786c6174653d302c757466383d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c696f636861727365743d64656661756c742c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c726f6469722c757466383d302c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c756e695f786c6174653d302c646d61736b3d30303030303030303030303030303030303030303010312c747a3d5554432c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c6572726f72733d72656d6f756e742d726f2c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c726f6469722c696f636861727365743d63703733372c73686f72746e616d653d77696e39352c696f636861727365743d6370313235312c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c02002c00"], 0x6, 0x2e1, &(0x7f0000000480)="$eJzs3b1rZFUUAPDzJm8+1GJSWIngAy2sls22NgmShcVULil2LTS4uyCZQdhAxA8ctxI7G0v/AkGw85+wsbMUbAU7V1h4ct9H5mOfk13Zibj7+xXJybvnzD33zkvymty89/L0+FYRd+599muMRln0docR97PYjl60voglu18HAPB/dr8s44+y1jH8y1drakcb7AsA2Jxzfv838urjjZTxw8X1BgBsxvUbN9/aOzjYf7soRnF1+uXpYRYR6XM9vncnPohJ3I7LMY4HEdWDQj+qp4UUXi3LcpYXyXa8Np2dHqbK6bs/Na+/93tEVb8T49iuLjVPGz/eTGHv2sH+TlFbqJ+lPp5v5t9N9VdiHC+eFc/nv3awf6WjPg4H8fqrC/1finH8/H58GJO4VTUxr/98pyjeLL/589N3UnupPpudHg6rvLlyq518dsHvEQAAAAAAAAAAAAAAAAAAAAAAT59Lzdk5w6jO70mXmvN3th5EP31ZtLaXz+ep67P2hebnA0WvLMtZGd+25+tcLoqibBLn9Xm8lDcHCwIAAAAAAAAAAAAAAAAAAMAz7uTjT46PJpPbd59I0J4GkEfEX9cj/u3r7C5ceSXWJw+bOY8mk16vDpdz8sUrsdWkp17XtpEW8YS25bzguYd6boLvvu+sSis6yaNraHT+pP3uuR4z+Khf72NnTnt3HR9l3Xs4PGt+lN64Nv8sZxDds/dj5crgnzpsb8VHW86gc2j82NsyeKEKZmtyIlv3ffHGb3XbC6tYyhlUu9pZ3m+ChfKVe+OR7ucY1eUP/6zInNYBAAAAAAAAAAAAAAAAAAAbNf/r347Be2tLe+VwY20BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIWa////xaDfjK4O5cvFK1VdwSDunvwX6wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODZ8ncAAAD//wmUUTo=") r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r2, 0x0, 0x0) 75.844007ms ago: executing program 4 (id=5931): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) userfaultfd(0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) 56.733547ms ago: executing program 8 (id=5932): open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x2) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_INIT(r0, 0x0, 0x0) 30.150319ms ago: executing program 9 (id=5933): r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) fcntl$setsig(r0, 0xa, 0x21) fcntl$setlease(r0, 0x400, 0x1) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) close(r1) creat(&(0x7f0000000100)='./file0\x00', 0x0) 0s ago: executing program 1 (id=5934): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES8, @ANYRES8=r1, @ANYRES32=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) kernel console output (not intermixed with test programs): n active interface with an up link [ 215.016969][ T1324] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.072180][ T1324] usb 8-1: config 0 descriptor?? [ 215.073264][T11006] team0: Port device team_slave_0 added [ 215.113274][T11006] team0: Port device team_slave_1 added [ 215.134503][ T1324] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 215.188894][T11006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.201656][T11006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.235372][T11006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 215.255008][T11006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 215.262119][T11006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.296586][T11006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 215.467909][T11006] device hsr_slave_0 entered promiscuous mode [ 215.489036][T11006] device hsr_slave_1 entered promiscuous mode [ 215.503030][T11006] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 215.519342][T11006] Cannot create hsr debugfs directory [ 215.819539][T11006] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 215.841159][T11006] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 215.871349][T11006] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 215.915927][T11006] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 215.921940][T11081] 9pnet: p9_fd_create_unix (11081): problem connecting socket: ./file0: -30 [ 216.124112][ T4643] Bluetooth: hci2: command 0x0409 tx timeout [ 216.279546][T11006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.300870][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.315805][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.331268][T11006] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.344977][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 216.365976][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 216.380839][ T4686] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.387998][ T4686] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.441416][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.453645][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.472825][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 216.504165][ T4686] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.511279][ T4686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.532855][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 216.550132][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 216.570966][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 216.596127][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 216.632303][T11006] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 216.682622][ T1324] gspca_vc032x: reg_w err -71 [ 216.687350][T11006] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 216.687409][ T1324] vc032x: probe of 8-1:0.0 failed with error -71 [ 216.735425][ T1324] usb 8-1: USB disconnect, device number 4 [ 216.773231][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 216.781601][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 216.816282][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 216.835309][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 216.863091][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 216.901486][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 216.917999][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 216.972578][ T4889] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.014903][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 217.079857][ T4889] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.149946][ T4889] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.246449][ T4889] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.364591][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 217.380196][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 217.442232][T11006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.528685][T11108] chnl_net:caif_netlink_parms(): no params data found [ 217.831613][T11124] 9pnet: p9_fd_create_unix (11124): problem connecting socket: ./file0: -103 [ 218.192524][ T4628] Bluetooth: hci2: command 0x041b tx timeout [ 218.652319][T11170] 9pnet: p9_fd_create_unix (11170): problem connecting socket: ./file0: -30 [ 218.686929][T11108] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.715285][T11108] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.740901][T11108] device bridge_slave_0 entered promiscuous mode [ 218.793096][T11108] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.824901][T11108] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.852854][T11108] device bridge_slave_1 entered promiscuous mode [ 218.939284][T11108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.001363][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 219.002429][ T4625] Bluetooth: hci0: command 0x0409 tx timeout [ 219.019087][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 219.045194][T11108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.187518][T11006] device veth0_vlan entered promiscuous mode [ 219.225982][T11108] team0: Port device team_slave_0 added [ 219.235861][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 219.261964][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 219.279730][T11193] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2591'. [ 219.288181][T11006] device veth1_vlan entered promiscuous mode [ 219.300261][T11108] team0: Port device team_slave_1 added [ 219.331718][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 219.349155][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 219.373486][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 219.395306][T11193] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2591'. [ 219.492296][T11006] device veth0_macvtap entered promiscuous mode [ 219.523444][ T7497] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 219.534835][ T7497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 219.554093][ T7497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 219.574642][T11108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.581959][T11108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.649268][T11108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.674382][T11108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.701930][T11108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.750713][T11108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.815134][T11006] device veth1_macvtap entered promiscuous mode [ 219.843785][ T7497] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 219.852015][ T7497] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 219.923586][T11206] tipc: Enabling of bearer rejected, media not registered [ 219.945599][T11208] loop7: detected capacity change from 0 to 128 [ 219.968996][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.983398][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.000437][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.024628][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.050031][T11006] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.071655][T11108] device hsr_slave_0 entered promiscuous mode [ 220.092210][T11108] device hsr_slave_1 entered promiscuous mode [ 220.099097][T11108] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 220.106963][T11108] Cannot create hsr debugfs directory [ 220.133370][T11208] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 220.144949][T11208] ext4 filesystem being mounted at /206/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 220.152578][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 220.203129][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 220.235223][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.256015][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.272945][ T4628] Bluetooth: hci2: command 0x040f tx timeout [ 220.281302][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.296549][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.306681][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.317412][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.367681][T11006] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.459259][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 220.488654][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 220.520828][T11006] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.543311][T11006] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.562291][T11006] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.586239][T11006] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.882773][ T5555] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.891179][ T5555] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.042263][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 221.072622][ T4625] Bluetooth: hci0: command 0x041b tx timeout [ 221.104258][T11108] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 221.148576][T11108] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 221.156050][ T5555] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.171694][ T5555] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.193244][T11108] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 221.232730][T11108] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 221.249516][ T5555] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 221.598901][ T4889] device hsr_slave_0 left promiscuous mode [ 221.625718][ T4889] device hsr_slave_1 left promiscuous mode [ 221.656048][ T4889] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.691679][ T4889] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.734325][ T4889] device bridge_slave_1 left promiscuous mode [ 221.761276][ T4889] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.841681][ T4889] device bridge_slave_0 left promiscuous mode [ 221.852142][ T4889] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.935806][ T4889] device veth1_macvtap left promiscuous mode [ 221.968726][ T4889] device veth0_macvtap left promiscuous mode [ 221.999463][ T4889] device veth1_vlan left promiscuous mode [ 222.025774][ T4889] device veth0_vlan left promiscuous mode [ 222.352915][ T4638] Bluetooth: hci2: command 0x0419 tx timeout [ 222.586605][ T4889] team0 (unregistering): Port device team_slave_1 removed [ 222.600646][ T4889] team0 (unregistering): Port device team_slave_0 removed [ 222.718082][T11303] netlink: 'syz.8.2621': attribute type 46 has an invalid length. [ 222.780337][T11108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.840701][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.863521][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.876659][T11108] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.921143][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.943145][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.951716][ T4467] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.958841][ T4467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.977142][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.027101][ T5555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 223.040982][ T5555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 223.050374][ T5555] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.057550][ T5555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.126574][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.152568][ T4628] Bluetooth: hci0: command 0x040f tx timeout [ 223.182017][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 223.243318][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.282696][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.348736][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 223.390186][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.425859][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 223.462215][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 223.517572][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 223.557061][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.573861][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.598342][T11108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.061447][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 224.069011][ T5948] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 224.109712][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 224.145721][T11108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.346073][ T5948] usb 9-1: Using ep0 maxpacket: 32 [ 224.502584][ T5948] usb 9-1: config 0 has an invalid interface number: 188 but max is 0 [ 224.534594][ T5948] usb 9-1: config 0 has no interface number 0 [ 224.580864][ T26] audit: type=1326 audit(1763588786.144:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.4.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35b209c749 code=0x7ffc0000 [ 224.687586][ T26] audit: type=1326 audit(1763588786.144:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.4.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35b209c749 code=0x7ffc0000 [ 224.784790][ T5948] usb 9-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 224.815577][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 224.821513][ T5948] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.830905][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 224.865722][ T5948] usb 9-1: Product: syz [ 224.869978][ T5948] usb 9-1: Manufacturer: syz [ 224.905375][ T5948] usb 9-1: SerialNumber: syz [ 224.938254][T11108] device veth0_vlan entered promiscuous mode [ 224.953569][ T5948] usb 9-1: config 0 descriptor?? [ 224.978300][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 224.988150][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 225.008382][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 225.022162][ T4467] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 225.059408][T11108] device veth1_vlan entered promiscuous mode [ 225.115819][T11431] netlink: 156 bytes leftover after parsing attributes in process `syz.7.2662'. [ 225.128123][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 225.155000][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 225.168984][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 225.179465][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 225.197871][T11108] device veth0_macvtap entered promiscuous mode [ 225.212527][ T5948] asix 9-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 225.232632][ T4644] Bluetooth: hci0: command 0x0419 tx timeout [ 225.251910][ T5948] asix: probe of 9-1:0.188 failed with error -71 [ 225.258576][T11108] device veth1_macvtap entered promiscuous mode [ 225.279382][ T5948] usb 9-1: USB disconnect, device number 2 [ 225.297797][T11108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 225.343484][T11108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.363838][T11108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 225.374698][T11108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.386092][T11108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 225.397264][T11108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.417696][T11108] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 225.440721][T11108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.466866][T11108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.495795][T11108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.522517][T11108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.533610][T11108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.544864][T11108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.579552][T11108] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 225.612613][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 225.652746][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 225.666365][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 225.691903][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 225.706987][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 225.733733][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 225.765779][T11108] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.780814][T11108] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.790309][T11108] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.803886][T11108] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.955773][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.995527][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.058710][ T5555] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 226.070645][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.105044][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.164253][ T5555] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 226.450089][T11487] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 226.603118][T11494] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2686'. [ 227.364335][T11530] loop9: detected capacity change from 0 to 256 [ 228.489629][T11569] loop8: detected capacity change from 0 to 8192 [ 228.558487][T11582] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2715'. [ 229.310931][ C0] vxcan0: j1939_simple_recv: Received already invalidated message [ 230.016545][T11631] loop5: detected capacity change from 0 to 65536 [ 230.191286][T11631] XFS (loop5): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 230.199865][T11631] XFS (loop5): DAX unsupported by block device. Turning off DAX. [ 230.245622][T11631] XFS (loop5): Mounting V5 Filesystem [ 230.415704][T11631] XFS (loop5): Ending clean mount [ 230.429503][T11631] XFS (loop5): Quotacheck needed: Please wait. [ 230.589964][T11631] XFS (loop5): Quotacheck: Done. [ 230.799181][ T4449] XFS (loop5): Unmounting Filesystem [ 230.817280][T11679] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2746'. [ 231.503481][T11692] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2752'. [ 231.711072][T11625] loop9: detected capacity change from 0 to 32768 [ 231.824534][T11625] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 scanned by syz.9.2728 (11625) [ 231.935603][T11625] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm [ 231.992854][T11625] BTRFS info (device loop9): enabling auto defrag [ 231.999344][T11625] BTRFS info (device loop9): use no compression [ 232.094462][T11625] BTRFS info (device loop9): force clearing of disk cache [ 232.101665][T11625] BTRFS info (device loop9): max_inline at 4096 [ 232.222411][T11625] BTRFS info (device loop9): disabling free space tree [ 232.229362][T11625] BTRFS info (device loop9): has skinny extents [ 233.297330][T11625] BTRFS error (device loop9): open_ctree failed: -12 [ 233.360939][T11758] loop5: detected capacity change from 0 to 256 [ 233.523391][T11758] FAT-fs (loop5): bogus logical sector size 128 [ 233.529689][T11758] FAT-fs (loop5): Can't find a valid FAT filesystem [ 233.934467][T11781] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2779'. [ 234.715690][T11829] loop9: detected capacity change from 0 to 128 [ 234.747792][T11829] FAT-fs (loop9): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 234.821012][T11829] FAT-fs (loop9): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 234.984544][ T7497] FAT-fs (loop9): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 235.650761][T11847] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 235.674885][T11847] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 235.961864][T11878] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2818'. [ 235.995488][T11876] loop9: detected capacity change from 0 to 512 [ 236.021314][T11878] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2818'. [ 236.060258][T11876] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 236.072477][T11878] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2818'. [ 236.126425][T11878] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2818'. [ 236.173564][T11876] EXT4-fs (loop9): 1 truncate cleaned up [ 236.179255][T11876] EXT4-fs (loop9): mounted filesystem without journal. Opts: norecovery,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000080,stripe=0x0000000000000007,init_itable,sysvgroups,,errors=continue. Quota mode: none. [ 236.366514][T11894] loop7: detected capacity change from 0 to 1024 [ 236.565886][T11894] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 237.107892][ T26] audit: type=1326 audit(1763588798.674:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11923 comm="syz.9.2831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 237.259050][ T26] audit: type=1326 audit(1763588798.714:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11923 comm="syz.9.2831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 237.664960][T11958] loop7: detected capacity change from 0 to 128 [ 237.759457][T11958] FAT-fs (loop7): Directory bread(block 414) failed [ 237.786832][T11958] FAT-fs (loop7): Directory bread(block 415) failed [ 237.810094][ T26] audit: type=1326 audit(1763588799.374:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11964 comm="syz.9.2848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 237.822799][T11958] FAT-fs (loop7): Directory bread(block 416) failed [ 237.905251][ T26] audit: type=1326 audit(1763588799.404:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11964 comm="syz.9.2848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 237.921947][T11958] FAT-fs (loop7): Directory bread(block 417) failed [ 238.002623][T11958] FAT-fs (loop7): Directory bread(block 418) failed [ 238.009290][T11958] FAT-fs (loop7): Directory bread(block 419) failed [ 238.070168][T11958] FAT-fs (loop7): Directory bread(block 420) failed [ 238.102458][T11958] FAT-fs (loop7): Directory bread(block 421) failed [ 238.102512][ T5948] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 238.202757][T11982] netlink: 52 bytes leftover after parsing attributes in process `syz.9.2855'. [ 238.286507][T11986] loop9: detected capacity change from 0 to 512 [ 238.408022][ T5948] usb 5-1: Using ep0 maxpacket: 32 [ 238.418374][T11986] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002] [ 238.480085][T11986] System zones: 0-2, 18-18, 34-35 [ 238.528261][T11986] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 238.542810][ T5948] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 238.557516][T11986] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 238.568703][ T5948] usb 5-1: config 0 has no interface number 0 [ 238.586710][ T26] audit: type=1326 audit(1763588800.154:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11996 comm="syz.7.2861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 238.812731][ T5948] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 238.841965][ T5948] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.867203][ T5948] usb 5-1: Product: syz [ 238.875653][ T5948] usb 5-1: Manufacturer: syz [ 238.880854][ T5948] usb 5-1: SerialNumber: syz [ 238.929267][ T5948] usb 5-1: config 0 descriptor?? [ 239.188763][ T5948] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 239.197515][T12027] syz.8.2871 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 239.206955][ T5948] asix: probe of 5-1:0.188 failed with error -71 [ 239.275082][ T5948] usb 5-1: USB disconnect, device number 5 [ 239.316333][ T26] audit: type=1326 audit(1763588800.884:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12029 comm="syz.8.2872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c496d7749 code=0x7ffc0000 [ 239.864331][T12045] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 240.002509][ T4638] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 240.254629][ T26] audit: type=1326 audit(1763588801.824:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.9.2883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 240.334445][ T26] audit: type=1326 audit(1763588801.854:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.9.2883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 240.402643][ T4638] usb 9-1: config 1 has an invalid interface number: 7 but max is 0 [ 240.415269][ T4638] usb 9-1: config 1 has no interface number 0 [ 240.451967][ T4638] usb 9-1: config 1 interface 7 altsetting 0 bulk endpoint 0xB has invalid maxpacket 8 [ 240.500461][ T4638] usb 9-1: config 1 interface 7 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 240.546027][ T4638] usb 9-1: config 1 interface 7 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 240.590389][T12078] user requested TSC rate below hardware speed [ 240.600071][ T4638] usb 9-1: config 1 interface 7 altsetting 0 endpoint 0x4 has an invalid bInterval 36, changing to 9 [ 240.748418][T12087] netlink: 4096 bytes leftover after parsing attributes in process `syz.9.2891'. [ 240.782939][ T4638] usb 9-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 240.802255][ T4638] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.861369][ T4638] usb 9-1: Product: syz [ 240.871485][ T4638] usb 9-1: Manufacturer: syz [ 240.892478][ T4638] usb 9-1: SerialNumber: syz [ 240.943067][T12039] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 240.954914][ T26] audit: type=1326 audit(1763588802.524:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12096 comm="syz.7.2896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 240.978742][ T4638] usb 9-1: Error in usbnet_get_endpoints (-22) [ 241.032655][ T26] audit: type=1326 audit(1763588802.564:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12096 comm="syz.7.2896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 241.189576][ T4644] usb 9-1: USB disconnect, device number 3 [ 241.206914][T12109] netlink: 'syz.4.2900': attribute type 13 has an invalid length. [ 241.553494][T12121] netlink: 4096 bytes leftover after parsing attributes in process `syz.7.2906'. [ 242.101137][T12155] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 242.393497][T12176] netlink: 108 bytes leftover after parsing attributes in process `syz.7.2929'. [ 243.046412][T12216] fuse: Bad value for 'fd' [ 243.188307][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 243.188321][ T26] audit: type=1326 audit(1763588804.754:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12221 comm="syz.8.2946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c496d7749 code=0x7ffc0000 [ 243.871021][ T26] audit: type=1326 audit(1763588805.434:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12255 comm="syz.9.2959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 243.899934][T12264] netlink: 156 bytes leftover after parsing attributes in process `syz.7.2961'. [ 243.961780][ T26] audit: type=1326 audit(1763588805.464:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12255 comm="syz.9.2959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 244.036023][T12263] device wg2 entered promiscuous mode [ 244.122019][T12270] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2964'. [ 244.479047][ T26] audit: type=1326 audit(1763588806.044:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.7.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 244.567969][ T26] audit: type=1326 audit(1763588806.044:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12292 comm="syz.7.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 245.038731][T12330] loop4: detected capacity change from 0 to 128 [ 245.104289][ T26] audit: type=1326 audit(1763588806.664:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.7.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 245.157452][T12330] EXT4-fs (loop4): Ignoring removed nobh option [ 245.218135][T12330] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: none. [ 245.248622][T12330] ext4 filesystem being mounted at /606/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 245.319288][T12345] loop9: detected capacity change from 0 to 128 [ 245.666722][ T26] audit: type=1326 audit(1763588807.234:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12370 comm="syz.7.3001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 246.214301][ T26] audit: type=1326 audit(1763588807.784:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12408 comm="syz.8.3016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c496d7749 code=0x7ffc0000 [ 246.350529][T12415] tmpfs: Bad value for 'mpol' [ 246.360311][ T26] audit: type=1326 audit(1763588807.784:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12408 comm="syz.8.3016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c496d7749 code=0x7ffc0000 [ 246.635704][T12431] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.665874][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806075fc00: rx timeout, send abort [ 246.848477][ T26] audit: type=1326 audit(1763588808.414:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12441 comm="syz.9.3028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 247.167655][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880242eb000: rx timeout, send abort [ 247.176433][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806075fc00: abort rx timeout. Force session deactivation [ 247.668371][ C1] vcan0: j1939_tp_rxtimer: 0xffff888060a66800: rx timeout, send abort [ 247.677438][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880242eb000: abort rx timeout. Force session deactivation [ 247.790070][T12487] loop5: detected capacity change from 0 to 128 [ 247.847786][T12487] FAT-fs (loop5): Directory bread(block 414) failed [ 247.862797][T12487] FAT-fs (loop5): Directory bread(block 415) failed [ 247.880966][T12487] FAT-fs (loop5): Directory bread(block 416) failed [ 247.902021][T12487] FAT-fs (loop5): Directory bread(block 417) failed [ 247.934784][T12487] FAT-fs (loop5): Directory bread(block 418) failed [ 247.950426][T12487] FAT-fs (loop5): Directory bread(block 419) failed [ 247.971680][T12487] FAT-fs (loop5): Directory bread(block 420) failed [ 247.982279][T12487] FAT-fs (loop5): Directory bread(block 421) failed [ 248.080367][ T4628] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 248.176654][ C1] vcan0: j1939_tp_rxtimer: 0xffff888060a66800: abort rx timeout. Force session deactivation [ 248.313126][T12502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 248.332444][ T4628] usb 5-1: Using ep0 maxpacket: 16 [ 248.455075][ T4628] usb 5-1: too many endpoints for config 0 interface 0 altsetting 32: 253, using maximum allowed: 30 [ 248.487169][ T4628] usb 5-1: config 0 interface 0 altsetting 32 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 248.561515][ T4628] usb 5-1: config 0 interface 0 has no altsetting 0 [ 248.569892][ T4628] usb 5-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00 [ 248.589508][ T4628] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.631063][ T4628] usb 5-1: config 0 descriptor?? [ 248.982568][ T4628] usbhid 5-1:0.0: can't add hid device: -71 [ 248.993670][ T4628] usbhid: probe of 5-1:0.0 failed with error -71 [ 249.022490][ T4630] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 249.055365][ T4628] usb 5-1: USB disconnect, device number 6 [ 249.392490][ T4630] usb 8-1: config 1 has an invalid interface number: 7 but max is 0 [ 249.416877][ T4630] usb 8-1: config 1 has no interface number 0 [ 249.443530][ T4630] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0xB has invalid maxpacket 8 [ 249.476937][ T4630] usb 8-1: config 1 interface 7 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 249.512066][ T4630] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 249.520201][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 249.520219][ T26] audit: type=1107 audit(1763588811.074:126): pid=12543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 249.532447][ T4630] usb 8-1: config 1 interface 7 altsetting 0 endpoint 0x4 has an invalid bInterval 36, changing to 9 [ 249.702690][ T4630] usb 8-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 249.742481][ T4630] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.772237][ T4630] usb 8-1: Product: syz [ 249.782561][ T4630] usb 8-1: Manufacturer: syz [ 249.787273][ T4630] usb 8-1: SerialNumber: syz [ 249.852680][T12520] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 249.881133][ T4630] usb 8-1: Error in usbnet_get_endpoints (-22) [ 249.901075][T12556] loop4: detected capacity change from 0 to 128 [ 249.993891][T12541] chnl_net:caif_netlink_parms(): no params data found [ 250.032307][T12556] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 250.099532][ T1324] usb 8-1: USB disconnect, device number 5 [ 250.276094][T12537] loop8: detected capacity change from 0 to 40427 [ 250.292310][T12537] F2FS-fs (loop8): build fault injection attr: rate: 690, type: 0x1ffff [ 250.301432][T12537] F2FS-fs (loop8): build fault injection attr: rate: 0, type: 0x35f7 [ 250.323031][T12537] F2FS-fs (loop8): invalid crc value [ 250.336436][T12537] F2FS-fs (loop8): Found nat_bits in checkpoint [ 250.379268][T12537] F2FS-fs (loop8): Start checkpoint disabled! [ 250.390254][T12541] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.398052][T12541] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.407312][T12541] device bridge_slave_0 entered promiscuous mode [ 250.414003][T12537] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6 [ 250.437328][T12541] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.460796][T12541] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.492743][T12541] device bridge_slave_1 entered promiscuous mode [ 250.556795][T12574] loop9: detected capacity change from 0 to 128 [ 250.584405][T12537] F2FS-fs (loop8) : inject no more block in inc_valid_block_count of __allocate_data_block+0x472/0x9e0 [ 250.620412][T12541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.639734][T12574] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 250.651734][T12541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.661434][T12574] ext4 filesystem being mounted at /87/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 250.757900][T12537] F2FS-fs (loop8) : inject no more block in inc_valid_block_count of __allocate_data_block+0x472/0x9e0 [ 250.760402][T12541] team0: Port device team_slave_0 added [ 250.857721][T12585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 250.876386][T12541] team0: Port device team_slave_1 added [ 250.954266][T12541] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 250.961247][T12541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.013096][ T4268] attempt to access beyond end of device [ 251.013096][ T4268] loop8: rw=2049, want=40984, limit=40427 [ 251.061433][T12541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.092770][T12541] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.121843][T12541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.149295][T12541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.171255][ T150] block nbd7: Attempted send on invalid socket [ 251.198593][ T150] blk_update_request: I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 251.212832][T12595] XFS (nbd7): SB validate failed with error -5. [ 251.355308][T12541] device hsr_slave_0 entered promiscuous mode [ 251.362876][T12541] device hsr_slave_1 entered promiscuous mode [ 251.410433][T12541] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 251.425979][T12541] Cannot create hsr debugfs directory [ 251.524692][T12606] netlink: 'syz.8.3086': attribute type 13 has an invalid length. [ 251.552559][ T4628] Bluetooth: hci1: command 0x0409 tx timeout [ 251.923299][T12606] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.931293][T12606] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.257772][T12606] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 252.306496][T12606] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 252.612699][T12606] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.621639][T12606] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.631732][T12606] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.641434][T12606] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.905416][T12631] loop8: detected capacity change from 0 to 512 [ 252.968447][T12631] EXT4-fs (loop8): Ignoring removed bh option [ 252.975948][T12631] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem [ 253.067210][T12631] EXT4-fs (loop8): 1 truncate cleaned up [ 253.089634][T12631] EXT4-fs (loop8): mounted filesystem without journal. Opts: quota,resgid=0x000000000000ee00,bh,noload,data_err=ignore,abort,,errors=continue. Quota mode: writeback. [ 253.649369][ T4638] Bluetooth: hci1: command 0x041b tx timeout [ 254.287007][T12541] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 254.336128][T12541] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 254.351696][T12698] Z, [ 254.413085][T12541] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 254.470908][T12541] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 254.784827][T12541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.815238][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 254.848472][ T4686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 254.881813][T12541] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.935273][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 254.999400][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 255.017761][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.024890][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.047162][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 255.093142][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 255.116842][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.124018][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.193947][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 255.209599][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 255.235551][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 255.253688][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 255.269861][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 255.284242][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 255.294465][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 255.340788][T12541] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 255.375218][T12541] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 255.409920][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 255.423004][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 255.431578][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 255.463212][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 255.471837][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 255.507778][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 255.553397][T12770] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3138'. [ 255.647637][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.653990][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.712509][ T4628] Bluetooth: hci1: command 0x040f tx timeout [ 255.913686][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 255.921232][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 255.972462][ T4257] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 256.008377][T12541] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 256.066578][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 256.093224][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 256.158013][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 256.224807][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 256.246655][T12541] device veth0_vlan entered promiscuous mode [ 256.274163][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 256.282110][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 256.301656][T12541] device veth1_vlan entered promiscuous mode [ 256.343777][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 256.355940][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 256.373459][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 256.389931][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 256.414112][ T4257] usb 10-1: config 1 has an invalid interface number: 7 but max is 0 [ 256.439267][T12541] device veth0_macvtap entered promiscuous mode [ 256.446911][ T4257] usb 10-1: config 1 has no interface number 0 [ 256.468751][T12541] device veth1_macvtap entered promiscuous mode [ 256.477066][ T4257] usb 10-1: config 1 interface 7 altsetting 0 bulk endpoint 0xB has invalid maxpacket 8 [ 256.512451][ T4257] usb 10-1: config 1 interface 7 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 256.541181][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.552427][ T4257] usb 10-1: config 1 interface 7 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 256.562177][ T4257] usb 10-1: config 1 interface 7 altsetting 0 endpoint 0x4 has an invalid bInterval 36, changing to 9 [ 256.592395][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.612459][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.648265][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.682429][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.697798][T12805] infiniband sy: set down [ 256.718380][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.728654][T12805] infiniband sy: added bond_slave_0 [ 256.744003][T12541] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 256.781219][ T5555] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 256.792667][ T4257] usb 10-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 256.801840][ T4257] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.810401][ T4257] usb 10-1: Product: syz [ 256.814884][ T4257] usb 10-1: Manufacturer: syz [ 256.819577][ T4257] usb 10-1: SerialNumber: syz [ 256.828129][ T5555] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 256.882806][T12776] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 256.891601][ T5555] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 256.900853][ T5555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 256.913332][ T4257] usb 10-1: Error in usbnet_get_endpoints (-22) [ 256.932948][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.961701][T12805] RDS/IB: sy: added [ 256.967263][T12805] smc: adding ib device sy with port count 1 [ 256.974016][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.975687][T12805] smc: ib device sy port 1 has pnetid [ 257.025808][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 257.067679][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 257.106495][T12541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 257.127253][ T5948] usb 10-1: USB disconnect, device number 2 [ 257.148529][T12541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 257.191431][T12541] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 257.233613][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 257.250464][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 257.285707][T12541] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.333124][T12541] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.352726][T12541] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.365706][T12541] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.513564][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 257.541216][T12845] loop8: detected capacity change from 0 to 128 [ 257.561527][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 257.562629][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.578109][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.620801][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 257.660085][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 257.671242][T12845] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 257.761801][T12845] ext4 filesystem being mounted at /116/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 257.800256][ T4643] Bluetooth: hci1: command 0x0419 tx timeout [ 259.824687][T12964] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3197'. [ 259.871885][T12966] device syzkaller1 entered promiscuous mode [ 259.922951][T12964] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3197'. [ 261.655499][T13063] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3234'. [ 261.992534][ T4643] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 262.166053][T13088] netlink: 4100 bytes leftover after parsing attributes in process `syz.8.3242'. [ 262.355980][ T4643] usb 8-1: config 1 has an invalid interface number: 7 but max is 0 [ 262.377532][ T4643] usb 8-1: config 1 has no interface number 0 [ 262.401491][ T4643] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0xB has invalid maxpacket 8 [ 262.429353][ T4643] usb 8-1: config 1 interface 7 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 262.455085][ T4643] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 262.509701][ T4643] usb 8-1: config 1 interface 7 altsetting 0 endpoint 0x4 has an invalid bInterval 36, changing to 9 [ 262.719726][ T4643] usb 8-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 262.743719][ T4643] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.771379][ T4643] usb 8-1: Product: syz [ 262.793687][ T4643] usb 8-1: Manufacturer: syz [ 262.802565][T13107] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3247'. [ 262.818639][ T4643] usb 8-1: SerialNumber: syz [ 262.852733][T13062] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 262.877127][ T4643] usb 8-1: Error in usbnet_get_endpoints (-22) [ 263.099537][ T4630] usb 8-1: USB disconnect, device number 6 [ 263.365030][T13131] netlink: 4100 bytes leftover after parsing attributes in process `syz.8.3255'. [ 263.946618][T13172] netlink: 4100 bytes leftover after parsing attributes in process `syz.8.3268'. [ 264.088417][T13181] loop7: detected capacity change from 0 to 16 [ 264.194487][T13181] erofs: (device loop7): check_layout_compatibility: unidentified incompatible feature 8, please upgrade kernel version [ 264.277825][T13193] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 264.380735][T13196] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(8) [ 264.388044][T13196] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 264.477387][T13196] vhci_hcd vhci_hcd.0: Device attached [ 264.568175][T13198] vhci_hcd: connection closed [ 264.573125][ T4686] vhci_hcd: stop threads [ 264.585146][ T4686] vhci_hcd: release socket [ 264.665916][ T4686] vhci_hcd: disconnect device [ 264.685773][T13213] netlink: 4100 bytes leftover after parsing attributes in process `syz.9.3284'. [ 264.987296][T13227] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3289'. [ 265.293815][T13246] netlink: 4100 bytes leftover after parsing attributes in process `syz.4.3297'. [ 266.088321][T13284] kvm: pic: non byte write [ 266.232839][T13265] xt_hashlimit: size too large, truncated to 1048576 [ 266.308973][T13293] netlink: 4100 bytes leftover after parsing attributes in process `syz.1.3312'. [ 266.335853][T13296] loop9: detected capacity change from 0 to 128 [ 266.426570][T13296] FAT-fs (loop9): Directory bread(block 414) failed [ 266.464145][T13296] FAT-fs (loop9): Directory bread(block 415) failed [ 266.470802][T13296] FAT-fs (loop9): Directory bread(block 416) failed [ 266.529369][T13296] FAT-fs (loop9): Directory bread(block 417) failed [ 266.552707][T13296] FAT-fs (loop9): Directory bread(block 418) failed [ 266.590761][T13296] FAT-fs (loop9): Directory bread(block 419) failed [ 266.612597][T13296] FAT-fs (loop9): Directory bread(block 420) failed [ 266.632468][T13296] FAT-fs (loop9): Directory bread(block 421) failed [ 267.044974][T13331] netlink: 4100 bytes leftover after parsing attributes in process `syz.7.3325'. [ 268.287105][T13396] loop4: detected capacity change from 0 to 1024 [ 268.503666][T13396] EXT4-fs (loop4): Ignoring removed nobh option [ 268.509964][T13396] EXT4-fs (loop4): Ignoring removed bh option [ 268.552442][T13396] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 268.759313][T13421] binder: 13416:13421 ioctl c0306201 0 returned -14 [ 268.759929][T13396] EXT4-fs (loop4): mounted filesystem without journal. Opts: resuid=0x0000000000000000,data_err=abort,barrier=0x0000000000000001,dioread_nolock,grpjquota=,quota,data_err=ignore,grpquota,nobh,user_xattr,bh,minixdf,,errors=continue. Quota mode: writeback. [ 269.088466][T13439] autofs4:pid:13439:autofs_fill_super: called with bogus options [ 269.317302][T13447] netlink: 'syz.9.3361': attribute type 1 has an invalid length. [ 269.342476][T13447] netlink: 'syz.9.3361': attribute type 4 has an invalid length. [ 269.352980][T13444] loop4: detected capacity change from 0 to 512 [ 269.370676][T13447] netlink: 9462 bytes leftover after parsing attributes in process `syz.9.3361'. [ 269.442669][T13449] netlink: 'syz.9.3361': attribute type 1 has an invalid length. [ 269.478553][T13449] netlink: 'syz.9.3361': attribute type 4 has an invalid length. [ 269.488805][T13444] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 269.532580][T13444] ext4 filesystem being mounted at /691/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 269.545917][T13449] netlink: 9462 bytes leftover after parsing attributes in process `syz.9.3361'. [ 270.692603][ T4643] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 271.052581][ T4643] usb 5-1: config 1 has an invalid interface number: 7 but max is 0 [ 271.060862][ T4643] usb 5-1: config 1 has no interface number 0 [ 271.091116][ T4643] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0xB has invalid maxpacket 8 [ 271.122239][ T4643] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 271.166559][ T4643] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 271.212694][ T4643] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x4 has an invalid bInterval 36, changing to 9 [ 271.422866][ T4643] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 271.442202][ T4643] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.484475][ T4643] usb 5-1: Product: syz [ 271.488699][ T4643] usb 5-1: Manufacturer: syz [ 271.532943][ T4643] usb 5-1: SerialNumber: syz [ 271.562685][T13507] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 271.661551][ T4643] usb 5-1: Error in usbnet_get_endpoints (-22) [ 271.840459][ T4643] usb 5-1: USB disconnect, device number 7 [ 272.192674][ T26] audit: type=1326 audit(1763588833.744:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13597 comm="syz.9.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 272.231171][T13596] autofs4:pid:13596:autofs_fill_super: called with bogus options [ 272.260763][T13594] loop8: detected capacity change from 0 to 32768 [ 272.278407][T13598] loop9: detected capacity change from 0 to 1024 [ 272.290064][ T26] audit: type=1326 audit(1763588833.744:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13597 comm="syz.9.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 272.312563][ T26] audit: type=1326 audit(1763588833.744:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13597 comm="syz.9.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 272.346767][T13594] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop8 scanned by syz.8.3413 (13594) [ 272.366367][T13594] BTRFS info (device loop8): using blake2b (blake2b-256-generic) checksum algorithm [ 272.376043][T13594] BTRFS info (device loop8): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 272.385486][T13594] BTRFS info (device loop8): use zstd compression, level 3 [ 272.392739][T13594] BTRFS info (device loop8): using free space tree [ 272.399247][T13594] BTRFS info (device loop8): has skinny extents [ 272.410614][T13598] EXT4-fs (loop9): inline encryption not supported [ 272.455372][ T26] audit: type=1326 audit(1763588833.744:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13597 comm="syz.9.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 272.504795][ T26] audit: type=1326 audit(1763588833.744:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13597 comm="syz.9.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 272.533118][T13598] EXT4-fs (loop9): mounted filesystem without journal. Opts: barrier=0x0000000000000008,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,nobarrier,errors=remount-ro,mb_optimize_scan=0x0000000000000000,noblock_validity,user_xattr,dioread_lock,errors=remount-ro,. Quota mode: none. [ 272.602214][ T26] audit: type=1326 audit(1763588833.744:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13597 comm="syz.9.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 272.631322][ T26] audit: type=1326 audit(1763588833.744:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13597 comm="syz.9.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 272.654714][ T26] audit: type=1326 audit(1763588833.744:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13597 comm="syz.9.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 272.688479][ T26] audit: type=1326 audit(1763588833.744:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13597 comm="syz.9.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 272.952714][T13594] BTRFS info (device loop8): enabling ssd optimizations [ 272.961249][ T26] audit: type=1326 audit(1763588833.744:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13597 comm="syz.9.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f5a595f8749 code=0x7ffc0000 [ 273.072763][ T7] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 273.224686][T13661] netlink: 'syz.9.3428': attribute type 4 has an invalid length. [ 273.282516][T13661] netlink: 'syz.9.3428': attribute type 5 has an invalid length. [ 273.307111][T13661] netlink: 3657 bytes leftover after parsing attributes in process `syz.9.3428'. [ 273.343636][ T7] usb 2-1: Using ep0 maxpacket: 32 [ 273.487258][ T7] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 273.515482][ T7] usb 2-1: config 0 has no interface number 0 [ 273.562592][ T7] usb 2-1: config 0 interface 184 has no altsetting 0 [ 273.697175][T13680] loop7: detected capacity change from 0 to 256 [ 273.739402][T13682] netlink: 'syz.9.3435': attribute type 1 has an invalid length. [ 273.772566][ T7] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 273.781642][ T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.817758][ T7] usb 2-1: Product: syz [ 273.827494][T13682] 8021q: adding VLAN 0 to HW filter on device bond1 [ 273.830924][ T7] usb 2-1: Manufacturer: syz [ 273.844152][T13689] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3435'. [ 273.877208][T13680] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 273.960824][ T7] usb 2-1: SerialNumber: syz [ 274.031879][T13691] loop9: detected capacity change from 0 to 2048 [ 274.034888][ T7] usb 2-1: config 0 descriptor?? [ 274.113249][ T7] smsc75xx v1.0.0 [ 274.392469][T13691] NILFS (loop9): broken superblock, retrying with spare superblock (blocksize = 1024) [ 274.415774][T13691] NILFS (loop9): unrecognized mount option "" [ 274.497671][T13689] bond1 (unregistering): Released all slaves [ 274.762806][ T7] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 274.774894][T13720] netlink: 'syz.4.3443': attribute type 4 has an invalid length. [ 274.789119][ T7] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 274.829360][T13720] netlink: 'syz.4.3443': attribute type 5 has an invalid length. [ 274.880028][T13720] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.3443'. [ 275.030578][T13730] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6) [ 275.037143][T13730] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 275.069519][T13730] vhci_hcd vhci_hcd.0: Device attached [ 275.093514][T13735] vhci_hcd: connection closed [ 275.097743][ T7497] vhci_hcd: stop threads [ 275.119513][ T7497] vhci_hcd: release socket [ 275.136433][ T7497] vhci_hcd: disconnect device [ 276.044741][T13745] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3451'. [ 276.099572][T13745] device lo entered promiscuous mode [ 276.105840][ T5949] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 276.192567][ T7] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 276.223080][ T7] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 276.247709][ T7] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 276.274435][ T7] smsc75xx: probe of 2-1:0.184 failed with error -71 [ 276.307143][ T7] usb 2-1: USB disconnect, device number 2 [ 276.392487][ T5949] usb 10-1: Using ep0 maxpacket: 16 [ 276.521087][T13795] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(6) [ 276.527663][T13795] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 276.554944][ T5949] usb 10-1: config 0 has no interfaces? [ 276.561296][ T5949] usb 10-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 276.588103][ T5949] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.606843][T13795] vhci_hcd vhci_hcd.0: Device attached [ 276.643935][ T5949] usb 10-1: config 0 descriptor?? [ 276.649965][T13796] vhci_hcd: connection closed [ 276.651817][ T7497] vhci_hcd: stop threads [ 276.661467][ T7497] vhci_hcd: release socket [ 276.681324][ T7497] vhci_hcd: disconnect device [ 276.938106][ T7] usb 10-1: USB disconnect, device number 3 [ 277.663544][T13841] xt_CT: No such helper "pptp" [ 277.769729][T13855] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6) [ 277.776288][T13855] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 277.889230][T13855] vhci_hcd vhci_hcd.0: Device attached [ 277.920332][T13857] vhci_hcd: connection closed [ 277.920697][ T144] vhci_hcd: stop threads [ 277.942811][ T144] vhci_hcd: release socket [ 277.947950][ T144] vhci_hcd: disconnect device [ 278.003650][T13878] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3488'. [ 279.632095][T13934] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 279.638657][T13934] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 279.676140][T13934] vhci_hcd vhci_hcd.0: Device attached [ 279.709235][T13936] vhci_hcd: connection closed [ 279.710275][ T4467] vhci_hcd: stop threads [ 279.722717][ T4467] vhci_hcd: release socket [ 279.727175][ T4467] vhci_hcd: disconnect device [ 279.792128][T13944] devpts: called with bogus options [ 280.023867][T13958] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3514'. [ 280.124025][T13958] device team1 entered promiscuous mode [ 280.144112][T13958] 8021q: adding VLAN 0 to HW filter on device team1 [ 280.409182][T13971] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3518'. [ 280.480101][T13980] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3523'. [ 280.532747][T13980] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 280.545100][T13990] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3526'. [ 280.573571][T13980] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 280.581125][T13990] netlink: 59 bytes leftover after parsing attributes in process `syz.8.3526'. [ 280.662592][T13990] netlink: 59 bytes leftover after parsing attributes in process `syz.8.3526'. [ 280.882308][T14006] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(6) [ 280.888874][T14006] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 280.940704][T14006] vhci_hcd vhci_hcd.0: Device attached [ 280.952635][T14015] loop1: detected capacity change from 0 to 256 [ 280.983045][T14008] vhci_hcd: connection closed [ 280.983871][ T4889] vhci_hcd: stop threads [ 281.026264][ T4889] vhci_hcd: release socket [ 281.045254][ T4889] vhci_hcd: disconnect device [ 281.056692][T14015] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 281.082461][T14015] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 281.144061][T14015] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 281.188687][ T26] kauditd_printk_skb: 39 callbacks suppressed [ 281.188701][ T26] audit: type=1800 audit(1763588842.754:176): pid=14015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3535" name="bus" dev="loop1" ino=1048625 res=0 errno=0 [ 281.279615][T14021] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3538'. [ 281.343038][T14021] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3538'. [ 281.382153][ T4467] Trying to write to read-only block-device loop1 [ 281.382509][T12541] Trying to write to read-only block-device loop1 [ 281.440517][ T4467] Trying to write to read-only block-device loop1 [ 281.986835][T14054] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 281.993384][T14054] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 282.012567][T14054] vhci_hcd vhci_hcd.0: Device attached [ 282.054764][T14043] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.072751][T14055] vhci_hcd: connection closed [ 282.086557][ T144] vhci_hcd: stop threads [ 282.101822][ T144] vhci_hcd: release socket [ 282.111970][ T144] vhci_hcd: disconnect device [ 282.218520][T14043] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.334572][T14043] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.377883][T14075] binder: 14073:14075 ioctl 4018620d 0 returned -22 [ 282.401570][T14078] loop9: detected capacity change from 0 to 7 [ 282.421893][T14078] loop9: [POWERTEC] p1 p2 p3 [ 282.440835][T14043] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.453188][T14078] loop9: p1 size 65536 extends beyond EOD, truncated [ 282.480632][T14078] loop9: p2 size 32766 extends beyond EOD, truncated [ 282.490995][T14078] loop9: p3 start 1572864 is beyond EOD, truncated [ 282.960556][T14043] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.027005][T14043] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.182793][T14043] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.241196][T14043] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.312437][ T4644] Bluetooth: hci3: command 0x0406 tx timeout [ 284.478535][T14173] loop8: detected capacity change from 0 to 1024 [ 284.557853][T14173] EXT4-fs (loop8): Ignoring removed nobh option [ 284.613032][T14173] EXT4-fs error (device loop8): ext4_ext_check_inode:501: inode #11: comm syz.8.3605: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 284.651498][T14173] EXT4-fs error (device loop8): ext4_orphan_get:1406: comm syz.8.3605: couldn't read orphan inode 11 (err -117) [ 284.733145][T14173] EXT4-fs (loop8): mounted filesystem without journal. Opts: sysvgroups,grpjquota=,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 285.621306][T14226] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 285.717455][T14226] IPVS: sh: FWM 3 0x00000003 - no destination available [ 285.792737][ C0] IPVS: sh: FWM 3 0x00000003 - no destination available [ 286.277011][T14266] loop4: detected capacity change from 0 to 512 [ 286.488600][T14266] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 286.589824][T14266] ext4 filesystem being mounted at /748/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 286.656930][T14288] loop1: detected capacity change from 0 to 128 [ 286.933453][ T7] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 287.382848][ T7] usb 8-1: config 1 has an invalid interface number: 7 but max is 0 [ 287.454385][ T7] usb 8-1: config 1 has no interface number 0 [ 287.627333][ T7] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0xB has invalid maxpacket 8 [ 287.829508][ T7] usb 8-1: config 1 interface 7 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 287.938764][ T7] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 288.001312][ T7] usb 8-1: config 1 interface 7 altsetting 0 endpoint 0x4 has an invalid bInterval 36, changing to 9 [ 288.283815][ T7] usb 8-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 288.302124][ T7] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.349360][ T7] usb 8-1: Product: syz [ 288.372727][ T7] usb 8-1: Manufacturer: syz [ 288.396115][ T7] usb 8-1: SerialNumber: syz [ 288.453065][T14285] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 288.483393][ T7] usb 8-1: Error in usbnet_get_endpoints (-22) [ 288.574782][T14347] netlink: 'syz.8.3676': attribute type 1 has an invalid length. [ 288.708119][T14352] 8021q: adding VLAN 0 to HW filter on device bond2 [ 288.715235][ T7] usb 8-1: USB disconnect, device number 7 [ 288.720545][T14352] bond1: (slave bond2): making interface the new active one [ 288.731198][T14352] bond1: (slave bond2): Enslaving as an active interface with an up link [ 288.774403][T14347] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 288.790297][T14347] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 289.750747][T14417] netlink: 'syz.9.3708': attribute type 13 has an invalid length. [ 289.811712][T14417] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 290.161229][T14417] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 290.190326][T14417] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 291.244423][T14490] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3741'. [ 291.322482][T14490] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3741'. [ 291.333542][T14490] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3741'. [ 291.370246][T14490] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3741'. [ 292.177235][ T26] audit: type=1326 audit(1763588853.744:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.9.3765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x50000 [ 292.238276][ T26] audit: type=1326 audit(1763588853.744:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.9.3765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x50000 [ 292.296896][ T26] audit: type=1326 audit(1763588853.744:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.9.3765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x50000 [ 292.334053][T14551] input: syz1 as /devices/virtual/input/input7 [ 292.341413][T14551] input: failed to attach handler leds to device input7, error: -6 [ 292.353290][ T26] audit: type=1326 audit(1763588853.744:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.9.3765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x50000 [ 292.415629][ T26] audit: type=1326 audit(1763588853.744:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.9.3765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x50000 [ 292.442191][ T26] audit: type=1326 audit(1763588853.744:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.9.3765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x50000 [ 292.466131][ T26] audit: type=1326 audit(1763588853.744:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.9.3765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x50000 [ 292.489421][ T26] audit: type=1326 audit(1763588853.744:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.9.3765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x50000 [ 292.512444][ T26] audit: type=1326 audit(1763588853.744:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.9.3765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x50000 [ 292.540532][ T26] audit: type=1326 audit(1763588853.744:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.9.3765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a595f8749 code=0x50000 [ 292.843891][T14567] input: syz1 as /devices/virtual/input/input8 [ 293.000197][T14571] netlink: 260 bytes leftover after parsing attributes in process `syz.8.3777'. [ 293.076765][T14571] netlink: 104 bytes leftover after parsing attributes in process `syz.8.3777'. [ 293.088489][T14571] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3777'. [ 293.682984][ T4638] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 293.712548][ T4644] Bluetooth: hci5: command 0x1003 tx timeout [ 293.718670][ T146] Bluetooth: hci5: sending frame failed (-49) [ 293.771891][T14600] tunl0: Caught tx_queue_len zero misconfig [ 294.049270][ T4638] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 294.061852][ T4638] usb 2-1: config 1 has no interface number 0 [ 294.068442][ T4638] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0xB has invalid maxpacket 8 [ 294.079064][ T4638] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 294.089206][ T4638] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 294.099000][ T4638] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x4 has an invalid bInterval 36, changing to 9 [ 294.266516][T14629] loop8: detected capacity change from 0 to 512 [ 294.273171][ T4638] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 294.282222][ T4638] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.306188][ T4638] usb 2-1: Product: syz [ 294.310413][ T4638] usb 2-1: Manufacturer: syz [ 294.328797][ T4638] usb 2-1: SerialNumber: syz [ 294.362555][T14589] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 294.390698][ T4638] usb 2-1: Error in usbnet_get_endpoints (-22) [ 294.440185][T14629] EXT4-fs (loop8): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 294.454242][T14629] ext4 filesystem being mounted at /261/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 294.591844][ T4638] usb 2-1: USB disconnect, device number 3 [ 294.701652][T14653] netlink: 'syz.9.3816': attribute type 1 has an invalid length. [ 294.896923][T14658] 8021q: adding VLAN 0 to HW filter on device bond2 [ 294.921261][T14658] bond1: (slave bond2): making interface the new active one [ 294.956447][T14658] bond1: (slave bond2): Enslaving as an active interface with an up link [ 295.002855][T14662] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 295.067978][T14662] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 295.130505][T14665] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 295.324151][T14669] loop2: detected capacity change from 0 to 7 [ 295.382218][T14669] Dev loop2: unable to read RDB block 7 [ 295.387864][T14669] loop2: unable to read partition table [ 295.421546][T14669] loop2: partition table beyond EOD, truncated [ 295.479486][T14669] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 295.568075][ T3561] Dev loop2: unable to read RDB block 7 [ 295.575611][ T3561] loop2: unable to read partition table [ 295.581391][ T3561] loop2: partition table beyond EOD, truncated [ 295.651246][T14681] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3826'. [ 295.675907][T14681] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 295.703924][T14681] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 295.737888][T14681] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 295.764681][T14681] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 295.794150][ T4644] Bluetooth: hci5: command 0x1001 tx timeout [ 295.801568][ T146] Bluetooth: hci5: sending frame failed (-49) [ 296.165989][T14704] netlink: 84 bytes leftover after parsing attributes in process `syz.8.3834'. [ 296.361984][T14715] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3840'. [ 296.653496][T14732] loop9: detected capacity change from 0 to 2048 [ 296.697770][ T4174] Alternate GPT is invalid, using primary GPT. [ 296.711349][ T4174] loop9: p1 p2 p3 [ 296.757939][T14732] Alternate GPT is invalid, using primary GPT. [ 296.779086][T14732] loop9: p1 p2 p3 [ 296.938745][ T3561] Dev loop2: unable to read RDB block 7 [ 296.956974][ T3561] loop2: unable to read partition table [ 296.968647][ T3561] loop2: partition table beyond EOD, truncated [ 297.119948][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory [ 297.140063][ T9576] udevd[9576]: inotify_add_watch(7, /dev/loop9p3, 10) failed: No such file or directory [ 297.146046][ T4176] udevd[4176]: inotify_add_watch(7, /dev/loop9p2, 10) failed: No such file or directory [ 297.254977][ T4194] udevd[4194]: inotify_add_watch(7, /dev/loop9p3, 10) failed: No such file or directory [ 297.258698][ T4176] udevd[4176]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory [ 297.280669][ T9576] udevd[9576]: inotify_add_watch(7, /dev/loop9p2, 10) failed: No such file or directory [ 297.870740][ T4644] Bluetooth: hci5: command 0x1009 tx timeout [ 298.137087][T14811] loop9: detected capacity change from 0 to 1024 [ 298.227372][ T26] kauditd_printk_skb: 60 callbacks suppressed [ 298.227387][ T26] audit: type=1326 audit(1763588859.796:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14818 comm="syz.8.3890" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1c496d7749 code=0x0 [ 298.357125][T14811] EXT4-fs (loop9): Ignoring removed oldalloc option [ 298.448661][T14811] EXT4-fs (loop9): mounted filesystem without journal. Opts: nodelalloc,auto_da_alloc=0x00000000000000e6,oldalloc,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 298.526476][T14811] ext4 filesystem being mounted at /248/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 299.138608][T14878] loop9: detected capacity change from 0 to 512 [ 299.240196][T14878] EXT4-fs (loop9): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 299.273200][T14878] ext4 filesystem being mounted at /253/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 300.125833][T14913] loop9: detected capacity change from 0 to 512 [ 300.296348][T14913] EXT4-fs (loop9): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 300.312584][T14913] ext4 filesystem being mounted at /261/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 300.873142][T14954] loop9: detected capacity change from 0 to 16 [ 300.948602][T14954] erofs: (device loop9): mounted with root inode @ nid 36. [ 301.670379][T15005] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3971'. [ 302.164044][T15037] netlink: 'syz.7.3985': attribute type 16 has an invalid length. [ 302.356829][T15048] loop7: detected capacity change from 0 to 512 [ 302.460720][T15052] netlink: 240 bytes leftover after parsing attributes in process `syz.1.3991'. [ 302.526578][T15048] EXT4-fs (loop7): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 302.615052][T15048] ext4 filesystem being mounted at /467/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 303.608641][T15098] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4012'. [ 304.396804][T15149] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4035'. [ 305.499731][ T26] audit: type=1326 audit(1763588867.080:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15181 comm="syz.7.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 305.580507][ T26] audit: type=1326 audit(1763588867.080:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15181 comm="syz.7.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 305.660581][ T26] audit: type=1326 audit(1763588867.080:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15181 comm="syz.7.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 305.717014][T15199] netlink: 'syz.4.4058': attribute type 1 has an invalid length. [ 305.764097][ T26] audit: type=1326 audit(1763588867.080:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15181 comm="syz.7.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 305.828345][T15206] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4063'. [ 305.852592][T15206] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.858705][ T26] audit: type=1326 audit(1763588867.080:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15181 comm="syz.7.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 305.883131][T15206] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.926296][ T26] audit: type=1326 audit(1763588867.080:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15181 comm="syz.7.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 305.996513][ T26] audit: type=1326 audit(1763588867.080:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15181 comm="syz.7.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 306.080224][ T26] audit: type=1326 audit(1763588867.080:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15181 comm="syz.7.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 306.156118][ T26] audit: type=1326 audit(1763588867.080:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15181 comm="syz.7.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc113a0749 code=0x7ffc0000 [ 306.571219][T15232] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4073'. [ 306.810128][T15244] loop1: detected capacity change from 0 to 128 [ 308.345020][T15323] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.446976][T15323] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.471850][T15330] loop1: detected capacity change from 0 to 256 [ 308.542152][T15323] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.689025][T15323] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.841642][T15323] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.861422][T15323] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.881215][T15323] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.898646][T15323] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.214356][T15379] netlink: 20 bytes leftover after parsing attributes in process `syz.8.4140'. [ 309.249386][T15379] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4140'. [ 309.291955][T15385] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4141'. [ 309.492305][T15399] loop9: detected capacity change from 0 to 1024 [ 309.571497][T15399] EXT4-fs (loop9): Ignoring removed oldalloc option [ 309.635176][T15399] EXT4-fs (loop9): mounted filesystem without journal. Opts: nodelalloc,auto_da_alloc=0x00000000000000e6,oldalloc,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 309.658898][T15399] ext4 filesystem being mounted at /295/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 309.687451][T15415] netlink: 180 bytes leftover after parsing attributes in process `syz.8.4154'. [ 309.718492][T15408] netlink: 180 bytes leftover after parsing attributes in process `syz.8.4154'. [ 309.746999][T15408] netlink: 180 bytes leftover after parsing attributes in process `syz.8.4154'. [ 310.750849][T15477] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4182'. [ 311.121616][T15497] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4191'. [ 311.305051][T15507] loop7: detected capacity change from 0 to 1024 [ 311.354409][T15507] EXT4-fs (loop7): Ignoring removed oldalloc option [ 311.424589][T15507] EXT4-fs (loop7): mounted filesystem without journal. Opts: nodelalloc,auto_da_alloc=0x00000000000000e6,oldalloc,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 311.456016][T15507] ext4 filesystem being mounted at /512/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 311.725675][T15535] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4206'. [ 311.741603][T15535] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 311.794545][T15535] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 311.983577][T15546] loop1: detected capacity change from 0 to 1024 [ 312.468728][T15577] loop9: detected capacity change from 0 to 1024 [ 312.501656][T15575] loop1: detected capacity change from 0 to 1024 [ 312.511605][T15581] binder: 15580:15581 ioctl c0306201 200000000040 returned -14 [ 312.698139][T15577] EXT4-fs (loop9): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x0000000000000003,abort,,errors=continue. Quota mode: none. [ 312.735360][T15577] EXT4-fs error (device loop9): ext4_generic_delete_entry:2729: inode #12: block 7: comm syz.9.4224: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0 [ 312.857293][T15577] EXT4-fs error (device loop9) in ext4_delete_inline_entry:1790: Corrupt filesystem [ 313.119045][T15610] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4240'. [ 313.582829][T15641] loop4: detected capacity change from 0 to 7 [ 313.594896][ C1] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.606208][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 313.644977][ C1] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.655960][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 313.664129][ C0] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.675082][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 313.730708][ C0] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.741683][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 313.766148][ C1] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.777119][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 313.802898][ C1] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.813885][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 313.855813][ C1] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.866795][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 313.875495][T15641] ldm_validate_partition_table(): Disk read failed. [ 313.882288][ C0] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.893332][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 313.912988][ C0] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.923955][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 313.949498][ C0] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 313.960534][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 314.000304][T15641] Dev loop4: unable to read RDB block 0 [ 314.025643][T15641] loop4: unable to read partition table [ 314.072180][T15641] loop4: partition table beyond EOD, truncated [ 314.089022][T15641] loop_reread_partitions: partition scan of loop4 (gCj̖P=!MX %`搘ȵ4FLQk݊5) failed (rc=-5) [ 314.885709][T15697] netlink: 'syz.7.4277': attribute type 4 has an invalid length. [ 314.912082][T15697] netlink: 'syz.7.4277': attribute type 5 has an invalid length. [ 314.935707][T15697] netlink: 3657 bytes leftover after parsing attributes in process `syz.7.4277'. [ 315.030592][T15666] loop9: detected capacity change from 0 to 32768 [ 315.054732][T15666] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop9 scanned by syz.9.4263 (15666) [ 315.165742][T15666] BTRFS info (device loop9): using crc32c (crc32c-intel) checksum algorithm [ 315.193220][T15666] BTRFS info (device loop9): using free space tree [ 315.203668][T15666] BTRFS info (device loop9): has skinny extents [ 315.497142][T15730] loop4: detected capacity change from 0 to 4096 [ 315.512363][T15666] BTRFS info (device loop9): enabling ssd optimizations [ 315.532222][T15730] ntfs3: Unknown parameter 'hide_dot_files' [ 316.151215][ T26] audit: type=1800 audit(1763588877.725:257): pid=15743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.4263" name="file1" dev="loop9" ino=260 res=0 errno=0 [ 316.775119][T15759] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4296'. [ 316.813072][T15759] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 316.841277][T15759] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 316.866103][T15759] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 316.881200][T15759] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 317.066004][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.072357][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.390391][T15798] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4312'. [ 317.411397][T15798] netlink: 12 bytes leftover after parsing attributes in process `syz.9.4312'. [ 318.446208][T15865] netlink: 20 bytes leftover after parsing attributes in process `syz.9.4342'. [ 318.497871][T15872] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4344'. [ 318.537578][T15872] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4344'. [ 318.727530][T15887] netlink: 'syz.9.4351': attribute type 1 has an invalid length. [ 318.854616][T15887] bond3: (slave veth3): Enslaving as an active interface with a down link [ 318.899898][T15898] device bond3 entered promiscuous mode [ 318.932910][T15898] 8021q: adding VLAN 0 to HW filter on device bond3 [ 319.455293][T15953] loop9: detected capacity change from 0 to 128 [ 319.547547][T15953] EXT4-fs (loop9): Ignoring removed nobh option [ 319.576070][T15953] EXT4-fs (loop9): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 319.598558][T15953] ext4 filesystem being mounted at /336/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 319.702523][ T26] audit: type=1804 audit(1763588881.287:258): pid=15953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.4380" name="/newroot/336/mnt/bus" dev="loop9" ino=12 res=1 errno=0 [ 320.862256][T16027] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4415'. [ 320.899857][T16027] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4415'. [ 321.162264][T16004] loop7: detected capacity change from 0 to 32768 [ 321.213107][T16004] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop7 scanned by syz.7.4402 (16004) [ 321.263329][T16004] BTRFS info (device loop7): using crc32c (crc32c-intel) checksum algorithm [ 321.323207][T16004] BTRFS info (device loop7): using free space tree [ 321.394319][T16004] BTRFS info (device loop7): has skinny extents [ 321.711138][T16004] BTRFS info (device loop7): enabling ssd optimizations [ 321.886437][ T26] audit: type=1800 audit(1763588883.468:259): pid=16101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4402" name="file1" dev="loop7" ino=260 res=0 errno=0 [ 322.782101][T16137] loop7: detected capacity change from 0 to 1024 [ 322.880587][T16137] EXT4-fs (loop7): Ignoring removed oldalloc option [ 322.931158][T16137] EXT4-fs (loop7): mounted filesystem without journal. Opts: nodelalloc,auto_da_alloc=0x00000000000000e6,oldalloc,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 323.066670][T16137] ext4 filesystem being mounted at /552/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 324.612554][T16250] loop4: detected capacity change from 0 to 128 [ 324.673500][T16250] EXT4-fs (loop4): Ignoring removed nobh option [ 324.716422][T16250] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,max_dir_size_kb=0x0000000000000004,,errors=continue. Quota mode: none. [ 324.762111][T16262] loop1: detected capacity change from 0 to 1024 [ 324.769057][T16250] ext4 filesystem being mounted at /876/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 324.813646][T16265] netlink: 68 bytes leftover after parsing attributes in process `syz.8.4509'. [ 324.883301][T16250] EXT4-fs (loop4): shut down requested (1) [ 325.602193][T16291] loop7: detected capacity change from 0 to 32768 [ 325.695080][T16291] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop7 scanned by syz.7.4520 (16291) [ 326.479225][T16291] BTRFS info (device loop7): using xxhash64 (xxhash64-generic) checksum algorithm [ 326.488675][T16291] BTRFS info (device loop7): force zlib compression, level 3 [ 326.496062][T16291] BTRFS info (device loop7): force clearing of disk cache [ 326.503359][T16291] BTRFS info (device loop7): setting nodatasum [ 326.509594][T16291] BTRFS info (device loop7): allowing degraded mounts [ 326.516429][T16291] BTRFS info (device loop7): enabling disk space caching [ 326.523461][T16291] BTRFS info (device loop7): disk space caching is enabled [ 326.530742][T16291] BTRFS info (device loop7): has skinny extents [ 326.809749][T16281] loop4: detected capacity change from 0 to 32768 [ 326.887107][T16291] BTRFS info (device loop7): clearing free space tree [ 326.893992][T16291] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 326.904116][T16291] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 326.975650][T16281] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 scanned by syz.4.4514 (16281) [ 326.989967][T16291] BTRFS info (device loop7): balance: start -susage=7..17671 [ 327.001978][T16291] BTRFS info (device loop7): balance: ended with status: 0 [ 327.056335][T16281] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 327.101766][T16281] BTRFS info (device loop4): using free space tree [ 327.149471][T16281] BTRFS info (device loop4): has skinny extents [ 327.306843][ T4174] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 12 /dev/loop7 scanned by udevd (4174) [ 327.676659][T16281] BTRFS info (device loop4): enabling ssd optimizations [ 327.990847][T16378] loop1: detected capacity change from 0 to 8192 [ 328.090184][ T26] audit: type=1800 audit(1763588889.681:260): pid=16392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4514" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 328.291851][T16400] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4553'. [ 328.325409][T16400] netlink: 'syz.1.4553': attribute type 13 has an invalid length. [ 328.381301][T16400] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4553'. [ 328.417590][T16400] netlink: 'syz.1.4553': attribute type 13 has an invalid length. [ 328.901835][ T4625] kernel write not supported for file [eventfd] (pid: 4625 comm: kworker/1:5) [ 329.135049][ T4906] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 329.556199][ T4906] usb 5-1: config 0 has no interfaces? [ 329.744946][ T4906] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 329.754037][ T4906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.776286][ T4906] usb 5-1: Product: syz [ 329.780546][ T4906] usb 5-1: Manufacturer: syz [ 329.788226][ T4906] usb 5-1: SerialNumber: syz [ 329.802680][ T4906] usb 5-1: config 0 descriptor?? [ 330.018603][T16520] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 330.049257][T16520] overlayfs: missing 'lowerdir' [ 330.182921][T16527] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4610'. [ 330.197388][T16529] CUSE: unknown device info "" [ 330.212590][T16529] CUSE: zero length info key specified [ 330.329316][T16417] device veth0_vlan left promiscuous mode [ 330.347400][T16417] device veth0_vlan entered promiscuous mode [ 330.420209][ T4633] usb 5-1: USB disconnect, device number 8 [ 331.437258][T16597] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4642'. [ 331.941442][T16622] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4654'. [ 332.191407][T16633] overlayfs: failed to resolve './file1': -2 [ 332.601250][T16654] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4667'. [ 333.134717][T16681] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4681'. [ 333.399640][T16649] loop9: detected capacity change from 0 to 32768 [ 333.529579][T16649] XFS (loop9): Mounting V5 Filesystem [ 333.647241][T16649] XFS (loop9): Ending clean mount [ 333.895296][T11108] XFS (loop9): Unmounting Filesystem [ 334.251298][T16746] kvm: pic: single mode not supported [ 334.251594][T16746] kvm: pic: non byte read [ 334.286600][T16746] kvm: pic: non byte read [ 334.309251][T16746] kvm: pic: single mode not supported [ 334.309576][T16746] kvm: pic: level sensitive irq not supported [ 334.337138][T16746] kvm: pic: non byte read [ 334.374707][T16746] kvm: pic: level sensitive irq not supported [ 334.374768][T16746] kvm: pic: non byte read [ 334.434238][T16746] kvm: pic: single mode not supported [ 334.434296][T16746] kvm: pic: non byte read [ 334.487188][T16746] kvm: pic: non byte read [ 334.491779][T16746] kvm: pic: level sensitive irq not supported [ 334.491835][T16746] kvm: pic: non byte read [ 334.527527][T16746] kvm: pic: single mode not supported [ 334.527546][T16746] kvm: pic: level sensitive irq not supported [ 334.564192][T16746] kvm: pic: non byte read [ 334.622397][T16746] kvm: pic: level sensitive irq not supported [ 334.622461][T16746] kvm: pic: non byte read [ 334.806255][T16768] loop9: detected capacity change from 0 to 32768 [ 334.831662][T16737] loop4: detected capacity change from 0 to 32768 [ 334.987127][T16782] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4720'. [ 335.020627][T16737] XFS (loop4): Mounting V5 Filesystem [ 335.084247][T16782] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 335.112275][T16782] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 335.130004][T16782] bond0 (unregistering): Released all slaves [ 335.197371][T16737] XFS (loop4): Ending clean mount [ 335.394440][ T4195] XFS (loop4): Unmounting Filesystem [ 337.786428][T16924] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4784'. [ 338.408393][T16960] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4801'. [ 338.409799][T16958] loop7: detected capacity change from 0 to 164 [ 338.452982][T16962] netlink: 'syz.4.4802': attribute type 4 has an invalid length. [ 338.470368][T16962] netlink: 'syz.4.4802': attribute type 21 has an invalid length. [ 338.488786][T16962] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.4802'. [ 338.890714][T16986] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4812'. [ 338.984661][T16988] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4813'. [ 339.325215][T17008] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4823'. [ 339.484254][T17016] overlayfs: failed to resolve './file1': -2 [ 339.609863][ T4625] Bluetooth: hci2: command 0x0406 tx timeout [ 339.639973][ T4625] Bluetooth: hci0: command 0x0406 tx timeout [ 339.764714][T17030] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4835'. [ 339.890858][T17037] netlink: 88 bytes leftover after parsing attributes in process `syz.8.4837'. [ 341.376321][T17070] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4852'. [ 341.409743][T17070] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 341.432820][T17070] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 341.452687][T17070] bond0 (unregistering): Released all slaves [ 341.661957][T17078] xt_CT: No such helper "pptp" [ 342.251468][T17118] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4874'. [ 342.262156][T17111] process 'memfd:ndRi5ም[@8 9I=\'LҎ)JtTDqρ1 >\LϑM^T*' started with executable stack [ 342.502144][T17136] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4882'. [ 342.720381][T17149] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4888'. [ 342.743594][T17151] overlayfs: failed to resolve './file1': -2 [ 343.221188][T17175] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4901'. [ 343.306393][T17177] overlayfs: failed to resolve './file1': -2 [ 343.619269][T17200] overlayfs: failed to resolve './file1': -2 [ 344.112709][T17226] device syzkaller1 entered promiscuous mode [ 344.159806][T17226] af_packet: tpacket_rcv: packet too big, clamped from 65058 to 3952. macoff=96 [ 344.232240][T17236] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4932'. [ 344.264918][T17236] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4932'. [ 344.310289][T17236] netlink: 'syz.7.4932': attribute type 10 has an invalid length. [ 344.424807][T17253] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 344.477454][T17253] overlayfs: missing 'lowerdir' [ 344.793109][T17280] loop1: detected capacity change from 0 to 164 [ 345.171251][T17294] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4956'. [ 345.559976][T17321] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4971'. [ 345.830277][T17335] netdevsim netdevsim9 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.920928][T17335] netdevsim netdevsim9 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.984864][T17335] netdevsim netdevsim9 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.053236][T17335] netdevsim netdevsim9 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.096254][T17319] loop4: detected capacity change from 0 to 32768 [ 346.106035][T17350] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0 [ 346.116909][T17339] IPVS: stopping backup sync thread 17350 ... [ 346.151110][T17335] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.172670][T17335] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.188876][T17335] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.205436][T17335] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.251417][T17319] XFS (loop4): Mounting V5 Filesystem [ 346.348958][T17358] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4984'. [ 346.450417][T17319] XFS (loop4): Ending clean mount [ 346.569048][ T4195] XFS (loop4): Unmounting Filesystem [ 346.849110][T17384] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4997'. [ 346.852480][T17389] loop9: detected capacity change from 0 to 128 [ 347.346686][T17415] cgroup: Name too long [ 347.432172][T17418] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5011'. [ 347.460205][T17420] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5012'. [ 347.472927][T17418] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5011'. [ 347.604727][T17390] loop1: detected capacity change from 0 to 32768 [ 347.675897][T17390] /dev/loop1: Can't open blockdev [ 347.866257][ T4193] Bluetooth: hci6: sending frame failed (-49) [ 348.364218][T17481] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5040'. [ 349.653072][T17587] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.709878][T17587] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.769820][T17587] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.818317][T17587] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.854607][T16418] Bluetooth: hci5: command 0x1003 tx timeout [ 349.860849][ T4193] Bluetooth: hci5: sending frame failed (-49) [ 349.883654][T17587] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.896062][T17587] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.910763][T17587] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.922635][T17587] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.924575][ T4231] Bluetooth: hci6: command 0x1003 tx timeout [ 349.945833][ T4193] Bluetooth: hci6: sending frame failed (-49) [ 350.351589][T17619] overlayfs: failed to clone upperpath [ 350.637305][T17646] overlayfs: failed to clone upperpath [ 350.848551][T17662] loop1: detected capacity change from 0 to 256 [ 351.169313][T17675] overlayfs: failed to resolve './file1': -2 [ 351.249250][T17681] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5128'. [ 351.877567][T17701] fuse: Bad value for 'fd' [ 351.923637][ T4231] Bluetooth: hci5: command 0x1001 tx timeout [ 351.932306][ T4193] Bluetooth: hci5: sending frame failed (-49) [ 352.003536][ T6354] Bluetooth: hci6: command 0x1001 tx timeout [ 352.011858][ T4193] Bluetooth: hci6: sending frame failed (-49) [ 352.993425][T17796] netlink: 20 bytes leftover after parsing attributes in process `syz.8.5183'. [ 353.748447][T17841] overlayfs: failed to resolve './file1': -2 [ 354.012791][ T23] Bluetooth: hci5: command 0x1009 tx timeout [ 354.092591][ T23] Bluetooth: hci6: command 0x1009 tx timeout [ 355.001680][T17906] fuse: Bad value for 'group_id' [ 355.428054][T17930] fuse: Bad value for 'group_id' [ 355.676108][T17939] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 355.808855][T17947] loop1: detected capacity change from 0 to 512 [ 357.061101][ T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 357.300887][ T23] usb 2-1: Using ep0 maxpacket: 8 [ 357.580994][ T23] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 357.590088][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.599726][ T23] usb 2-1: Product: syz [ 357.605117][ T23] usb 2-1: Manufacturer: syz [ 357.610253][ T23] usb 2-1: SerialNumber: syz [ 357.627939][ T23] usb 2-1: config 0 descriptor?? [ 357.796315][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.804798][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.812966][ T5555] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 357.887846][T18019] overlayfs: failed to clone upperpath [ 357.890796][ T23] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 358.463560][T18059] fuse: Bad value for 'fd' [ 358.799856][T18067] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 358.972847][T18081] netlink: 'syz.4.5309': attribute type 5 has an invalid length. [ 359.104177][T18093] overlayfs: failed to resolve './file1': -2 [ 359.204784][T18102] loop7: detected capacity change from 0 to 512 [ 359.273382][T18102] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended [ 359.295889][T18109] netlink: 'syz.8.5329': attribute type 4 has an invalid length. [ 359.304714][T18109] netlink: 3657 bytes leftover after parsing attributes in process `syz.8.5329'. [ 359.376912][T18115] trusted_key: encrypted_key: insufficient parameters specified [ 359.383641][T18114] netlink: 312 bytes leftover after parsing attributes in process `syz.8.5331'. [ 359.434686][T18117] overlayfs: failed to resolve './file1': -2 [ 359.543276][T18125] loop4: detected capacity change from 0 to 512 [ 359.660942][T18125] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 359.669925][T18125] System zones: 1-12 [ 359.688722][T18125] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.5337: Directory hole found for htree index block 0 [ 359.713265][T18125] EXT4-fs (loop4): Remounting filesystem read-only [ 359.722663][T18125] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117 [ 359.733381][T18125] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.5337: Directory hole found for htree index block 0 [ 359.748652][T18125] EXT4-fs (loop4): Remounting filesystem read-only [ 359.755611][T18125] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 359.766997][T18125] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=Jdebug,jqfmt=vfsold,noquota,bsdgroups,usrjquota="nojournal_checksum,errors=remount-ro,,. Quota mode: writeback. [ 359.919679][ T23] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 359.931200][ T23] usb 2-1: USB disconnect, device number 4 [ 360.499733][ T13] Bluetooth: hci5: command 0x1003 tx timeout [ 360.508211][ T146] Bluetooth: hci5: sending frame failed (-49) [ 360.774394][T18214] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5377'. [ 360.793889][T18214] device bridge_slave_1 left promiscuous mode [ 360.809327][T18214] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.837300][T18214] device bridge_slave_0 left promiscuous mode [ 360.844246][T18214] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.213301][T18241] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5392'. [ 361.289538][T18246] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5394'. [ 361.359536][T18247] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5392'. [ 361.560417][T18264] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5401'. [ 361.616922][T18264] team0 (unregistering): Port device team_slave_0 removed [ 361.670007][T18264] team0 (unregistering): Port device team_slave_1 removed [ 361.812044][T18284] loop1: detected capacity change from 0 to 256 [ 362.067395][T18300] loop1: detected capacity change from 0 to 164 [ 362.568590][ T4231] Bluetooth: hci5: command 0x1001 tx timeout [ 362.574713][ T146] Bluetooth: hci5: sending frame failed (-49) [ 362.780403][T18353] loop4: detected capacity change from 0 to 512 [ 362.832486][T18353] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 363.248211][T18381] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5456'. [ 363.380623][T18385] loop4: detected capacity change from 0 to 164 [ 363.633989][T18401] fuse: Unknown parameter 'group_i00000000000000000000' [ 363.718901][T18409] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5470'. [ 363.847775][T18417] usb usb7: usbfs: process 18417 (syz.1.5472) did not claim interface 0 before use [ 363.982719][T18429] fuse: Unknown parameter 'group_id00000000000000000000' [ 364.056413][ T26] audit: type=1326 audit(1763588932.659:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18435 comm="syz.4.5482" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f35b209c749 code=0x0 [ 364.105117][T18440] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5484'. [ 364.354431][T18463] overlayfs: workdir and upperdir must reside under the same mount [ 364.391324][T18467] __nla_validate_parse: 1 callbacks suppressed [ 364.391365][T18467] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5497'. [ 364.515707][T18474] netlink: 52 bytes leftover after parsing attributes in process `syz.7.5500'. [ 364.529767][T18476] netlink: 244 bytes leftover after parsing attributes in process `syz.8.5501'. [ 364.616468][T18484] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 364.647938][ T4231] Bluetooth: hci5: command 0x1009 tx timeout [ 364.658026][T18482] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5504'. [ 364.793234][T18496] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5511'. [ 365.071057][T18514] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5519'. [ 365.418552][T18548] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5535'. [ 365.672683][T18566] loop1: detected capacity change from 0 to 256 [ 365.767916][T18579] loop7: detected capacity change from 0 to 136 [ 366.220994][T18607] overlayfs: failed to resolve './file1': -2 [ 366.364756][T18613] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5566'. [ 366.805304][T18638] overlayfs: failed to resolve './file1': -2 [ 366.832660][T18640] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5578'. [ 367.039664][T18651] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5583'. [ 367.387305][T18666] overlayfs: failed to resolve './file1': -2 [ 367.551762][T18678] device veth0_to_team entered promiscuous mode [ 367.982988][T18721] loop1: detected capacity change from 0 to 256 [ 368.344649][T18745] loop1: detected capacity change from 0 to 136 [ 368.530701][T18756] overlayfs: failed to resolve './file1': -2 [ 368.679377][T18764] fuse: Bad value for 'fd' [ 368.974063][T18778] loop7: detected capacity change from 0 to 136 [ 369.203701][T18791] netlink: 'syz.7.5650': attribute type 2 has an invalid length. [ 369.482483][ T146] Bluetooth: hci5: sending frame failed (-49) [ 369.492181][T18807] __nla_validate_parse: 5 callbacks suppressed [ 369.492196][T18807] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5657'. [ 369.644728][T18813] loop1: detected capacity change from 0 to 136 [ 370.105749][T18843] loop7: detected capacity change from 0 to 136 [ 370.407612][T18860] loop1: detected capacity change from 0 to 4096 [ 370.474354][T18860] /dev/loop1: Can't open blockdev [ 370.672299][T18860] loop1: detected capacity change from 0 to 4096 [ 370.702735][T18860] /dev/loop1: Can't open blockdev [ 370.995910][T18888] loop4: detected capacity change from 0 to 4096 [ 371.109801][T18888] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 371.171471][T18888] ntfs3: loop4: Failed to load $Extend. [ 371.381246][ T26] audit: type=1800 audit(1763588939.983:262): pid=18910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5696" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=33 res=0 errno=0 [ 371.523931][ T4906] Bluetooth: hci5: command 0x1003 tx timeout [ 371.533924][ T146] Bluetooth: hci5: sending frame failed (-49) [ 371.814108][T18933] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 371.872156][T18938] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5719'. [ 372.108345][T18954] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5726'. [ 372.164989][T18958] tipc: Started in network mode [ 372.172324][T18958] tipc: Node identity ac14142f, cluster identity 4711 [ 372.180668][T18958] tipc: New replicast peer: 0.0.0.0 [ 372.196669][T18958] tipc: Enabled bearer , priority 10 [ 372.741798][T18992] loop4: detected capacity change from 0 to 136 [ 372.932826][T19006] loop7: detected capacity change from 0 to 512 [ 373.001226][T19006] EXT4-fs (loop7): mounted filesystem without journal. Opts: noblock_validity,nodelalloc,,errors=continue. Quota mode: writeback. [ 373.019405][T19006] ext4 filesystem being mounted at /817/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 373.065561][T19006] EXT4-fs warning (device loop7): dx_probe:833: inode #2: comm syz.7.5750: Unrecognised inode hash code 20 [ 373.112943][T19006] EXT4-fs warning (device loop7): dx_probe:966: inode #2: comm syz.7.5750: Corrupt directory, running e2fsck is recommended [ 373.129300][ T4174] udevd[4174]: incorrect ext4 checksum on /dev/loop7 [ 373.151692][ T4174] udevd[4174]: incorrect ext4 checksum on /dev/loop7 [ 373.171403][T19006] EXT4-fs warning (device loop7): dx_probe:833: inode #2: comm syz.7.5750: Unrecognised inode hash code 20 [ 373.203079][T19006] EXT4-fs warning (device loop7): dx_probe:966: inode #2: comm syz.7.5750: Corrupt directory, running e2fsck is recommended [ 373.238427][T19006] EXT4-fs warning (device loop7): ext4_dirblock_csum_verify:406: inode #12: comm syz.7.5750: No space for directory leaf checksum. Please run e2fsck -D. [ 373.277771][T19025] loop1: detected capacity change from 0 to 136 [ 373.295500][T19006] EXT4-fs error (device loop7): ext4_empty_dir:3139: inode #12: comm syz.7.5750: Directory block failed checksum [ 373.322886][ T23] tipc: Node number set to 2886997039 [ 373.593947][ T4906] Bluetooth: hci5: command 0x1001 tx timeout [ 373.608824][ T146] Bluetooth: hci5: sending frame failed (-49) [ 373.796071][T19051] overlayfs: failed to clone upperpath [ 374.376979][T19086] loop4: detected capacity change from 0 to 136 [ 374.401530][T19088] fuse: Bad value for 'rootmode' [ 374.790552][T19119] loop4: detected capacity change from 0 to 136 [ 374.846465][T19122] fuse: Bad value for 'rootmode' [ 375.288912][T19155] loop1: detected capacity change from 0 to 136 [ 375.301123][T19154] fuse: Unknown parameter 'use00000000000000000000' [ 375.379977][T19150] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 375.432893][ T4231] Bluetooth: hci1: command 0x0406 tx timeout [ 375.681786][ T4906] Bluetooth: hci5: command 0x1009 tx timeout [ 375.701120][T19177] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5828'. [ 375.724604][T19181] fuse: Unknown parameter 'use00000000000000000000' [ 375.863077][T19190] overlayfs: failed to clone upperpath [ 376.356361][T19209] loop1: detected capacity change from 0 to 512 [ 376.924497][T19213] fuse: Unknown parameter 'use00000000000000000000' [ 378.000426][ C1] sched: RT throttling activated [ 378.485189][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.491654][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.776044][T19244] fuse: Unknown parameter 'user_i00000000000000000000' [ 378.931224][T19252] loop4: detected capacity change from 0 to 512 [ 379.069641][T19252] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 379.136512][T19252] ext4 filesystem being mounted at /1101/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 379.240735][T19273] netlink: 'syz.1.5870': attribute type 1 has an invalid length. [ 379.299369][T19273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 379.375302][T19278] bond0: (slave gretap1): making interface the new active one [ 379.425339][T19278] bond0: (slave gretap1): Enslaving as an active interface with an up link [ 379.438611][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 379.617014][T19291] overlayfs: failed to resolve './file1': -2 [ 380.398583][T19350] fuse: Unknown parameter 'user_id00000000000000000000' [ 380.737601][T19372] loop4: detected capacity change from 0 to 256 [ 380.746713][T19370] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5912'. [ 380.942940][T19382] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5918'. [ 381.192439][T19403] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5927'. [ 381.224568][T19409] loop1: detected capacity change from 0 to 256 [ 381.242553][T19405] ------------[ cut here ]------------ [ 381.259045][T19405] wlan1: Failed check-sdata-in-driver check, flags: 0x4 [ 381.303110][T19405] WARNING: CPU: 0 PID: 19405 at net/mac80211/driver-ops.h:172 ieee80211_bss_info_change_notify+0x37b/0x550 [ 381.328784][T19413] fuse: Unknown parameter 'user_id00000000000000000000' [ 381.361287][T19405] Modules linked in: [ 381.365240][T19405] CPU: 0 PID: 19405 Comm: syz.7.5929 Not tainted syzkaller #0 [ 381.386318][T19418] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 381.396432][T19405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 381.410495][T19405] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550 [ 381.417713][T19405] Code: 7d 8d f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 40 14 19 8b 4c 89 e6 89 ea e8 95 f1 6f 00 <0f> 0b e9 07 fd ff ff e8 a9 15 49 f8 0f 0b e9 b1 fe ff ff e8 9d 15 [ 381.452165][T19405] RSP: 0018:ffffc9000352f248 EFLAGS: 00010246 [ 381.468971][T19405] RAX: 14fe8942ffca4a00 RBX: 0000000000400000 RCX: 0000000000080000 [ 381.483562][T19405] RDX: ffffc90004189000 RSI: 000000000000671e RDI: 000000000000671f [ 381.484684][T19420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 381.506571][T19405] RBP: 0000000000000004 R08: dffffc0000000000 R09: ffffed10172067b0 [ 381.515407][T19405] R10: ffffed10172067b0 R11: 1ffff110172067af R12: ffff888079438000 [ 381.525647][T19405] R13: ffff888079439290 R14: ffff888079ee0da0 R15: ffff88807943a298 [ 381.535036][T19405] FS: 00007fdc0f6076c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 381.546343][T19405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 381.553162][T19405] CR2: 0000001b32c1eff8 CR3: 000000002bd0b000 CR4: 00000000003506f0 [ 381.563516][T19418] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 381.573504][T19405] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 381.584123][T19405] DR3: ffffffffefffff15 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 381.592726][T19405] Call Trace: [ 381.596643][T19405] [ 381.600037][T19405] ? netif_carrier_off+0x1/0xc0 [ 381.605074][T19405] ieee80211_ocb_leave+0x26f/0x320 [ 381.610727][T19405] __cfg80211_leave_ocb+0x219/0x3f0 [ 381.616071][T19405] cfg80211_leave_ocb+0x53/0x70 [ 381.621553][T19405] cfg80211_change_iface+0x4f1/0xeb0 [ 381.627012][T19405] nl80211_set_interface+0x598/0x7d0 [ 381.632851][T19405] ? nl80211_dump_interface+0x5c0/0x5c0 [ 381.639893][T19405] ? mutex_lock_nested+0x17/0x20 [ 381.645124][T19405] genl_rcv_msg+0xbc6/0xf40 [ 381.650143][T19405] ? genl_bind+0x370/0x370 [ 381.654705][T19405] ? verify_lock_unused+0x140/0x140 [ 381.660594][T19405] ? verify_lock_unused+0x140/0x140 [ 381.665929][T19405] ? nl80211_dump_interface+0x5c0/0x5c0 [ 381.678536][T19405] netlink_rcv_skb+0x1e0/0x430 [ 381.683660][T19405] ? genl_bind+0x370/0x370 [ 381.688102][T19405] ? netlink_ack+0xb60/0xb60 [ 381.693172][T19405] ? __lock_acquire+0x7c60/0x7c60 [ 381.698299][T19405] ? preempt_count_add+0x8d/0x190 [ 381.705691][T19405] ? down_read+0x1aa/0x2e0 [ 381.710846][T19405] genl_rcv+0x24/0x40 [ 381.714866][T19405] netlink_unicast+0x774/0x920 [ 381.719996][T19405] netlink_sendmsg+0x8ab/0xbc0 [ 381.724880][T19405] ? netlink_getsockopt+0x560/0x560 [ 381.735262][T19405] ? aa_sock_msg_perm+0x94/0x150 [ 381.744231][T19405] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 381.750167][T19405] ? security_socket_sendmsg+0x7c/0xa0 [ 381.755677][T19405] ? netlink_getsockopt+0x560/0x560 [ 381.760990][T19405] ____sys_sendmsg+0x5a2/0x8c0 [ 381.765802][T19405] ? memset+0x1e/0x40 [ 381.769900][T19405] ? __sys_sendmsg_sock+0x30/0x30 [ 381.774943][T19405] ? import_iovec+0x6f/0xa0 [ 381.779631][T19405] ___sys_sendmsg+0x1f0/0x260 [ 381.784340][T19405] ? __sys_sendmsg+0x250/0x250 [ 381.789162][T19405] ? sock_do_ioctl+0x27c/0x2f0 [ 381.794035][T19405] ? __fdget+0x18b/0x210 [ 381.798304][T19405] __se_sys_sendmsg+0x190/0x250 [ 381.803304][T19405] ? __x64_sys_sendmsg+0x80/0x80 [ 381.808267][T19405] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 381.815379][T19405] ? lockdep_hardirqs_on+0x94/0x140 [ 381.820688][T19405] do_syscall_64+0x4c/0xa0 [ 381.825113][T19405] ? clear_bhb_loop+0x30/0x80 [ 381.830108][T19405] ? clear_bhb_loop+0x30/0x80 [ 381.834809][T19405] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 381.840768][T19405] RIP: 0033:0x7fdc113a0749 [ 381.845281][T19405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 381.864947][T19405] RSP: 002b:00007fdc0f607038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 381.873411][T19405] RAX: ffffffffffffffda RBX: 00007fdc115f6fa0 RCX: 00007fdc113a0749 [ 381.881465][T19405] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 381.889517][T19405] RBP: 00007fdc11424f91 R08: 0000000000000000 R09: 0000000000000000 [ 381.897679][T19405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 381.905839][T19405] R13: 00007fdc115f7038 R14: 00007fdc115f6fa0 R15: 00007fff3cbad488 [ 381.913883][T19405] [ 381.916906][T19405] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 381.924173][T19405] CPU: 1 PID: 19405 Comm: syz.7.5929 Not tainted syzkaller #0 [ 381.931659][T19405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 381.941707][T19405] Call Trace: [ 381.944996][T19405] [ 381.947923][T19405] dump_stack_lvl+0x168/0x230 [ 381.952627][T19405] ? show_regs_print_info+0x20/0x20 [ 381.957814][T19405] ? load_image+0x3b0/0x3b0 [ 381.962309][T19405] panic+0x2c9/0x7f0 [ 381.966192][T19405] ? bpf_jit_dump+0xd0/0xd0 [ 381.970709][T19405] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 381.977142][T19405] __warn+0x248/0x2b0 [ 381.981118][T19405] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 381.987614][T19405] report_bug+0x1b7/0x2e0 [ 381.991967][T19405] handle_bug+0x3a/0x70 [ 381.996119][T19405] exc_invalid_op+0x16/0x40 [ 382.000620][T19405] asm_exc_invalid_op+0x16/0x20 [ 382.005468][T19405] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550 [ 382.012485][T19405] Code: 7d 8d f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 40 14 19 8b 4c 89 e6 89 ea e8 95 f1 6f 00 <0f> 0b e9 07 fd ff ff e8 a9 15 49 f8 0f 0b e9 b1 fe ff ff e8 9d 15 [ 382.032090][T19405] RSP: 0018:ffffc9000352f248 EFLAGS: 00010246 [ 382.038146][T19405] RAX: 14fe8942ffca4a00 RBX: 0000000000400000 RCX: 0000000000080000 [ 382.046109][T19405] RDX: ffffc90004189000 RSI: 000000000000671e RDI: 000000000000671f [ 382.054089][T19405] RBP: 0000000000000004 R08: dffffc0000000000 R09: ffffed10172067b0 [ 382.062055][T19405] R10: ffffed10172067b0 R11: 1ffff110172067af R12: ffff888079438000 [ 382.070024][T19405] R13: ffff888079439290 R14: ffff888079ee0da0 R15: ffff88807943a298 [ 382.078019][T19405] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 382.084427][T19405] ? netif_carrier_off+0x1/0xc0 [ 382.089276][T19405] ieee80211_ocb_leave+0x26f/0x320 [ 382.094415][T19405] __cfg80211_leave_ocb+0x219/0x3f0 [ 382.099609][T19405] cfg80211_leave_ocb+0x53/0x70 [ 382.104448][T19405] cfg80211_change_iface+0x4f1/0xeb0 [ 382.109913][T19405] nl80211_set_interface+0x598/0x7d0 [ 382.115210][T19405] ? nl80211_dump_interface+0x5c0/0x5c0 [ 382.120758][T19405] ? mutex_lock_nested+0x17/0x20 [ 382.125720][T19405] genl_rcv_msg+0xbc6/0xf40 [ 382.130220][T19405] ? genl_bind+0x370/0x370 [ 382.134628][T19405] ? verify_lock_unused+0x140/0x140 [ 382.139819][T19405] ? verify_lock_unused+0x140/0x140 [ 382.145034][T19405] ? nl80211_dump_interface+0x5c0/0x5c0 [ 382.150577][T19405] netlink_rcv_skb+0x1e0/0x430 [ 382.155331][T19405] ? genl_bind+0x370/0x370 [ 382.156918][ C0] vcan0: j1939_tp_rxtimer: 0xffff888062e13400: rx timeout, send abort [ 382.159733][T19405] ? netlink_ack+0xb60/0xb60 [ 382.159795][T19405] ? __lock_acquire+0x7c60/0x7c60 [ 382.177516][T19405] ? preempt_count_add+0x8d/0x190 [ 382.182569][T19405] ? down_read+0x1aa/0x2e0 [ 382.187023][T19405] genl_rcv+0x24/0x40 [ 382.191028][T19405] netlink_unicast+0x774/0x920 [ 382.195864][T19405] netlink_sendmsg+0x8ab/0xbc0 [ 382.200742][T19405] ? netlink_getsockopt+0x560/0x560 [ 382.205956][T19405] ? aa_sock_msg_perm+0x94/0x150 [ 382.210896][T19405] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 382.216214][T19405] ? security_socket_sendmsg+0x7c/0xa0 [ 382.221668][T19405] ? netlink_getsockopt+0x560/0x560 [ 382.226873][T19405] ____sys_sendmsg+0x5a2/0x8c0 [ 382.231749][T19405] ? memset+0x1e/0x40 [ 382.235790][T19405] ? __sys_sendmsg_sock+0x30/0x30 [ 382.240874][T19405] ? import_iovec+0x6f/0xa0 [ 382.245370][T19405] ___sys_sendmsg+0x1f0/0x260 [ 382.250046][T19405] ? __sys_sendmsg+0x250/0x250 [ 382.254808][T19405] ? sock_do_ioctl+0x27c/0x2f0 [ 382.259578][T19405] ? __fdget+0x18b/0x210 [ 382.263826][T19405] __se_sys_sendmsg+0x190/0x250 [ 382.268718][T19405] ? __x64_sys_sendmsg+0x80/0x80 [ 382.273834][T19405] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 382.279842][T19405] ? lockdep_hardirqs_on+0x94/0x140 [ 382.285036][T19405] do_syscall_64+0x4c/0xa0 [ 382.289520][T19405] ? clear_bhb_loop+0x30/0x80 [ 382.294201][T19405] ? clear_bhb_loop+0x30/0x80 [ 382.298867][T19405] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 382.304748][T19405] RIP: 0033:0x7fdc113a0749 [ 382.309151][T19405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.328873][T19405] RSP: 002b:00007fdc0f607038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 382.337279][T19405] RAX: ffffffffffffffda RBX: 00007fdc115f6fa0 RCX: 00007fdc113a0749 [ 382.345237][T19405] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 382.353204][T19405] RBP: 00007fdc11424f91 R08: 0000000000000000 R09: 0000000000000000 [ 382.361263][T19405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 382.369237][T19405] R13: 00007fdc115f7038 R14: 00007fdc115f6fa0 R15: 00007fff3cbad488 [ 382.377228][T19405] [ 382.380516][T19405] Kernel Offset: disabled [ 382.385194][T19405] Rebooting in 86400 seconds..