last executing test programs: 3m39.268170155s ago: executing program 4 (id=12245): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x37fe0) 3m39.244129607s ago: executing program 4 (id=12246): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002"], 0x110) setsockopt$inet_group_source_req(r4, 0x0, 0x2c, &(0x7f00000006c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) 3m39.220667029s ago: executing program 4 (id=12247): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) syz_clone(0x80020000, 0x0, 0x0, 0x0, 0x0, 0x0) 3m39.189350393s ago: executing program 4 (id=12249): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000240)={[{}, {@errors_continue}, {@sb={'sb', 0x3d, 0xffff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@noload}]}, 0x1, 0x443, &(0x7f00000063c0)="$eJzs28tvG0UYAPBv10lK+iAByqMPIFAQEY+kSQv0wAUEUg8gIcGhHEOSVqVug5og0SqCgFA5okrcEUck/gJOcEHACYkr3FGlCuXSwslo7d3Ycew0SZ244N9P2nZmd635Ps+OPbsTB9CzRrJ/koi9EfF7RAzVqqtPGKn9d3N5cfrv5cXpJCqVt/5KqufdWF6cLk4tXrcnr4ymEelnSRxq0e78pcvnpsrl2Yt5fXzh/Pvj85cuP3f2/NSZ2TOzFyZPnDh+bOLFFyaf70ieWUw3Dn40d/jAyXeuvjF96uq7P3+bFPk35dEhI+sdfLJS6XBz3bWvoZz0dTEQNqUUEVl39VfH/1CUot55Q/Hap10NDthWlUqlsqf94aUK8D+WRLcjALqj+KLP7n+LbYemHneE6y/XboCyvG/mW+1IX6T5Of1N97edNBIRp5b++SrbYnueQwAArPJ9Nv95ttX8L40HGs67O18bGo6IeyLi3oi4LyL2R8T9EdVzH4yIhzbZfvMiydr5T3ptS4ltUDb/eylf28q2XVHPPzdcymv7qvn3J6fPlmeP5u/JaPTvyuoT67Txw6u/fdHuWOP8L9uyGIq5YB7Htb5dq18zM7UwdTs5N7r+ScTBvnr+9flvsrISkETEgYg4uMU2zj79zeF2x26d/zo6sM5U+TriqVr/L0VT/oVk/fXJ8buiPHt0vLgq1vrl1ytvtmt/Jf+TgxGbzb8Dsv7fHa37PzecNK7Xzm++jSt/fN7inqY2vrZ6/Q8kb1fLA/m+D6cWFi5ORAwkr9eCbtw/WX9tUS/Oz/IfPdIq/7T6GVe8E4ciIruIH46IRyLi0Tz2xyLi8Yg4sk7+P73yxHvtjt3W9d8BWf4zm+r/emEgmve0LpTO/fjdqkaH2+dfilb9f7xaGs33bOTzbyNxbe1qBgAAgP+eNCL2RpKOrZTTdGys9vfy+2N3Wp6bX3jm9NwHF2ZqvxEYjv60eNI11PA8dCK/rS/qk031Y/lz4y9Lg9X62PRceabbyUOP29Nm/Gf+LHU7OmDb+b0W9C7jH3qX8Q+9y/iH3tVi/A92Iw5g57X6/v+4C3EAO69p/Fv2gx7i/h96l/EPvcv4h540Pxi3/pG8gsKaQqR3RBgK21To9icTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//8DJ4Ow=") bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x84c00, 0x0, 0x0, 0x0, &(0x7f0000000000)) socket$packet(0x11, 0x3, 0x300) syz_usb_connect$uac1(0x2, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0xa0835c, &(0x7f0000000340)={[{@abort}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@dioread_nolock}, {@usrjquota}, {@oldalloc}, {@sysvgroups}]}, 0x2, 0x44a, &(0x7f0000000880)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)}) mount$incfs(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x80, 0x140) r1 = openat$incfs(r0, &(0x7f0000000000)='.pending_reads\x00', 0x800, 0x80) ioctl$TIOCL_GETKMSGREDIRECT(r1, 0xc058671e, &(0x7f00000000c0)) 3m38.389094532s ago: executing program 4 (id=12269): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r2, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00), 0x0, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mount$incfs(0x0, 0x0, 0x0, 0x2010800, 0x0) 3m38.279355703s ago: executing program 4 (id=12271): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$vsock_stream(0x28, 0x1, 0x0) 3m38.2116344s ago: executing program 32 (id=12271): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$vsock_stream(0x28, 0x1, 0x0) 1.648085455s ago: executing program 2 (id=18804): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="6b0d7fbb0e2837bf4eba2b78", 0xc}], 0x1) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 1.511947469s ago: executing program 0 (id=18811): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000040)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES8, @ANYRES8=r1, @ANYRES32=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r2) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x4042841) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, 0x0) 1.478706443s ago: executing program 0 (id=18813): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f0000000600)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) 1.456788875s ago: executing program 0 (id=18815): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) 1.445420645s ago: executing program 2 (id=18816): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='freezer.self_freezing\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000012380)="580000001500add427323b470c47b45602067fffffff81004e220700000000000000a8002000eaa57b00090080020efffeffe809020000ff0004f03a007357ac8ddc1fdd00000000000004ffffffe7ee0000000044c60000", 0x58}], 0x1) 1.434797367s ago: executing program 0 (id=18817): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32], 0x118) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000340)=ANY=[]) 1.410622769s ago: executing program 2 (id=18819): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r3, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x44f, 0xb304, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x64, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x8}}}}}]}}]}}, 0x0) 1.343688156s ago: executing program 0 (id=18820): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, 0x0, 0x0, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r6, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 1.342159996s ago: executing program 0 (id=18821): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r6 = syz_usb_connect$uac1(0x2, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a00030100000009040000000101"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) 984.141822ms ago: executing program 2 (id=18829): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, 0x0, 0x0, 0x4) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) 832.658056ms ago: executing program 2 (id=18836): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0xfffffffffffffec0, 0x80, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) pipe2$9p(0x0, 0x0) 795.8576ms ago: executing program 1 (id=18838): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r1, 0x0, 0x0, 0x805, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendto$inet(r1, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000180)={{0x2, 0x4e23, @empty}, {0x20000010304, @broadcast}, 0x4, {0x2, 0x4e20, @rand_addr=0x64010102}}) 794.622301ms ago: executing program 2 (id=18839): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x32f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0) 702.6931ms ago: executing program 5 (id=18841): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='freezer.self_freezing\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x42) listen(r4, 0x80000003) 701.71557ms ago: executing program 5 (id=18842): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r6, &(0x7f0000007cc0)=[{{&(0x7f0000000240)={0x2, 0x4e22, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) sendmsg$nl_route(r7, 0x0, 0x0) 628.542717ms ago: executing program 5 (id=18844): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$sock_timeval(r5, 0x1, 0x43, &(0x7f0000000040)={0x0, 0x2710}, 0x10) 628.306687ms ago: executing program 5 (id=18845): rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) writev(r2, &(0x7f0000000040)=[{&(0x7f00000000c0)="57c8", 0x2}], 0x1) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r3, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) 579.368042ms ago: executing program 3 (id=18849): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00), 0x1, 0x41) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x4c, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20008004}, 0x4) 563.678614ms ago: executing program 3 (id=18850): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r4, 0x0, 0x8, &(0x7f0000000040)=0x1, 0x4) 561.625684ms ago: executing program 5 (id=18851): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32=r0, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000d00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="24000000000000000100000001", @ANYRES32, @ANYRES64, @ANYBLOB="2bd5bb48db59834b9328618036678ec4c6dac89cb841b8b4c8fd04de9f9a66cd495d5a1a543b82ba037c0c6e2fa0b40f4a5b546d90c1166fdd8b667154295b2d"], 0xf0, 0x1}}], 0x1, 0x44015) r5 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f00000001c0)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f700000000000000000000000000000000000000000000000000000000000000060000000000000000050000000a004e200e8a34c38f36f0c7eb2700d609bcf41076d88144448ebe7994dd1b33d7c8787734cc315672f62261ceeede940774fd94d2767288cfb3a20882449d601ff878eedd3d57c9eb3a723b62102bd534c8a304a975d752e82cc8d5f969771c94a1d69cfd8694e29b9468fca5df65ece31ed7c209325604001fcd06adc3ac391f60a3523d6d0b4a8a"], 0x310) setsockopt$inet6_group_source_req(r5, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) 533.447157ms ago: executing program 3 (id=18852): rt_sigaction(0x3e, &(0x7f0000000040)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0xc, r5}, 0x14) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64=r6], 0x118) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r7, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r8, 0xffffffffffffffff, 0x0) 532.705386ms ago: executing program 3 (id=18853): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="6b0d7fbb0e2837bf4eba2b78", 0xc}], 0x1) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 532.394187ms ago: executing program 5 (id=18854): ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 409.217789ms ago: executing program 3 (id=18855): mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000440)='.\x00', 0x12000021) lsetxattr$security_ima(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040), 0x0, 0x0, 0x1) 364.317544ms ago: executing program 1 (id=18856): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) sendmmsg$inet6(r3, &(0x7f000000a380)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)="5f2269782a5f6e1e", 0x8}], 0x1, &(0x7f0000000880)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x2, 0x0, 0xb638fcbd7d2b2b19, 0x5}}}, @rthdrdstopts={{0x38, 0x29, 0x37, {0x2c, 0x4, '\x00', [@jumbo={0xc2, 0x4, 0x4}, @generic={0xd8, 0x18, "0d62bc34d8f79247745bf4745ca55e0eb0011bcd1f67e23a"}]}}}], 0x50}}], 0x1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r6, 0xae9a) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 346.632215ms ago: executing program 3 (id=18857): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet6(0xa, 0x2, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r6, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r8}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 143.876565ms ago: executing program 1 (id=18858): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000140)=[{{0x0, 0x16, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r5, 0x0, 0x0, 0x1, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat\x00') 68.719343ms ago: executing program 1 (id=18859): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r2, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x80000800) 419.4µs ago: executing program 1 (id=18860): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000040)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES8, @ANYRES8=r1, @ANYRES32=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r2) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x4042841) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, 0x0) 0s ago: executing program 1 (id=18861): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x0, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0) write$tcp_mem(r2, &(0x7f0000000300), 0x48) kernel console output (not intermixed with test programs): 492897][ T517] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 570.509583][ T517] ext4 filesystem being mounted at /528/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 570.548797][ T535] input: syz0 as /devices/virtual/input/input11 [ 570.590253][ T48] device bridge_slave_1 left promiscuous mode [ 570.616601][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.634903][ T24] audit: type=1326 audit(1763280059.469:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=516 comm="syz.0.14676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9efd5f6c9 code=0x7ffc0000 [ 570.660741][ T24] audit: type=1326 audit(1763280059.469:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=516 comm="syz.0.14676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd9efd5f6c9 code=0x7ffc0000 [ 570.684806][ T24] audit: type=1326 audit(1763280059.469:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=516 comm="syz.0.14676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9efd5f6c9 code=0x7ffc0000 [ 570.708445][ T48] device veth1_macvtap left promiscuous mode [ 570.716923][ T24] audit: type=1326 audit(1763280059.469:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=516 comm="syz.0.14676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd9efd5f6c9 code=0x7ffc0000 [ 570.723915][ T48] device veth0_vlan left promiscuous mode [ 570.755256][ T24] audit: type=1326 audit(1763280059.469:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=516 comm="syz.0.14676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9efd5f6c9 code=0x7ffc0000 [ 570.783167][ T24] audit: type=1326 audit(1763280059.469:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=516 comm="syz.0.14676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd9efd5f6c9 code=0x7ffc0000 [ 570.985439][ T553] fuseblk: Bad value for 'fd' [ 571.253794][ T584] fuseblk: Bad value for 'fd' [ 571.335240][ T591] incfs: Backing dir is not set, filesystem can't be mounted. [ 571.342973][ T591] incfs: mount failed -2 [ 571.692159][ T586] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 571.756612][ T586] ext4 filesystem being mounted at /511/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 573.547496][ T690] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14745'. [ 573.571460][ T696] netlink: 48 bytes leftover after parsing attributes in process `syz.1.14759'. [ 573.651823][ T706] 9pnet: Insufficient options for proto=fd [ 573.898087][ T726] netlink: 48 bytes leftover after parsing attributes in process `syz.1.14773'. [ 573.958257][ T732] 9pnet: Insufficient options for proto=fd [ 574.062826][ T736] fuseblk: Bad value for 'fd' [ 575.761147][ T24] kauditd_printk_skb: 56 callbacks suppressed [ 575.761156][ T24] audit: type=1400 audit(1763280064.839:1132): avc: denied { append } for pid=811 comm="syz.0.14811" name="loop6" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 575.846302][ T822] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14816'. [ 575.856475][ T822] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.874539][ T822] device bridge_slave_0 left promiscuous mode [ 575.892695][ T822] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.444309][ T883] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #11: comm syz.1.14847: ea_inode with extended attributes [ 576.485620][ T892] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14849'. [ 576.487248][ T883] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.14847: error while reading EA inode 11 err=-117 [ 576.507506][ T883] EXT4-fs (loop1): 1 orphan inode deleted [ 576.513415][ T883] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 576.725511][ T905] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14858'. [ 576.769560][ T905] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.791283][ T905] device bridge_slave_0 left promiscuous mode [ 576.797366][ T905] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.881736][ T909] netlink: 720 bytes leftover after parsing attributes in process `syz.0.14854'. [ 576.927036][ T906] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.936282][ T906] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.944587][ T906] device bridge_slave_0 entered promiscuous mode [ 576.957387][ T914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14860'. [ 576.977531][ T906] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.989565][ T906] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.996937][ T906] device bridge_slave_1 entered promiscuous mode [ 577.038929][ T935] netlink: 720 bytes leftover after parsing attributes in process `syz.0.14870'. [ 577.051633][ T937] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14871'. [ 577.100365][ T906] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.107434][ T906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 577.114710][ T906] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.121737][ T906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 577.166386][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 577.178665][T19322] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.195625][T19322] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.217841][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 577.230425][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.237481][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 577.310254][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 577.323680][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.330743][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 577.338763][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 577.364263][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 577.389453][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 577.409455][ T906] device veth0_vlan entered promiscuous mode [ 577.418371][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 577.428545][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 577.456626][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 577.486427][ T906] device veth1_macvtap entered promiscuous mode [ 577.760521][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 577.800529][ T1002] @0Ù: renamed from bond_slave_1 [ 577.806808][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 577.829361][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 577.930269][ T48] device bridge_slave_1 left promiscuous mode [ 577.937481][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.974342][ T48] device veth1_macvtap left promiscuous mode [ 577.985999][ T48] device veth0_vlan left promiscuous mode [ 578.269443][ T1032] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 578.298478][ T1032] EXT4-fs (loop2): Test dummy encryption mode enabled [ 578.312818][ T1032] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 578.320328][ T1032] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 578.338222][ T1032] EXT4-fs (loop2): 1 truncate cleaned up [ 578.344137][ T1032] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid, [ 578.549500][ T1048] fuseblk: Bad value for 'fd' [ 578.623944][ T1055] loop1: p1 < > p4 < > [ 578.669277][T10308] udevd[10308]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 578.696729][ T309] udevd[309]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 578.850186][ T1077] netlink: 'syz.1.14927': attribute type 11 has an invalid length. [ 578.899027][ T1077] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.14927'. [ 579.422324][ T1110] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 579.449557][ T1110] EXT4-fs (loop2): Test dummy encryption mode enabled [ 579.456635][ T1110] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 579.463912][ T1110] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 579.491375][ T1110] EXT4-fs (loop2): 1 truncate cleaned up [ 579.509612][ T1110] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid, [ 579.567399][ T1126] netlink: 'syz.0.14952': attribute type 6 has an invalid length. [ 579.616069][ T1136] 9pnet: Insufficient options for proto=fd [ 580.620574][ T1166] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 581.525125][ T1236] netlink: 16 bytes leftover after parsing attributes in process `syz.5.15004'. [ 581.898283][ T24] audit: type=1400 audit(1763280070.969:1133): avc: denied { compute_member } for pid=1272 comm="syz.3.15020" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 582.099799][ T24] audit: type=1400 audit(1763280070.999:1134): avc: denied { remount } for pid=1260 comm="syz.5.15015" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 582.157690][ T1276] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 582.168470][ T1276] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 582.178773][ T1276] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xd3779459, utbl_chksum : 0xe619d30d) [ 582.456028][ T1292] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.475468][ T1292] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.490974][ T1292] device bridge_slave_0 entered promiscuous mode [ 582.517051][ T1292] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.537505][ T1292] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.561456][ T1292] device bridge_slave_1 entered promiscuous mode [ 582.703925][ T1315] 9pnet: Insufficient options for proto=fd [ 582.731420][ T1292] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.738477][ T1292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 582.745754][ T1292] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.752799][ T1292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 582.832615][ T24] audit: type=1400 audit(1763280071.909:1135): avc: denied { unmount } for pid=478 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 582.854608][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 582.866723][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.880098][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 582.899673][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 582.918124][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 582.940188][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.947212][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 582.990711][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 583.014097][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 583.039199][ T1292] device veth0_vlan entered promiscuous mode [ 583.054353][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 583.070080][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 583.099996][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 583.115146][ T1340] 9pnet: Insufficient options for proto=fd [ 583.123522][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 583.138753][ T1292] device veth1_macvtap entered promiscuous mode [ 583.151374][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 583.182924][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 583.209651][ T1342] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #11: comm syz.1.15050: ea_inode with extended attributes [ 583.226920][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 583.259803][ T1342] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.15050: error while reading EA inode 11 err=-117 [ 583.309962][ T1342] EXT4-fs (loop1): 1 orphan inode deleted [ 583.320376][ T296] device bridge_slave_1 left promiscuous mode [ 583.329661][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 583.347080][ T296] device bridge_slave_0 left promiscuous mode [ 583.353570][ T1342] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 583.357074][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 583.450545][ T296] device veth1_macvtap left promiscuous mode [ 583.456577][ T296] device veth0_vlan left promiscuous mode [ 583.547597][ T1370] 9pnet: Insufficient options for proto=fd [ 583.562798][ T1373] overlayfs: missing 'lowerdir' [ 583.766164][ T1393] 9pnet: Insufficient options for proto=fd [ 583.800420][ T1389] attempt to access beyond end of device [ 583.800420][ T1389] loop5: rw=2049, want=324, limit=256 [ 583.925162][ T1398] attempt to access beyond end of device [ 583.925162][ T1398] loop0: rw=2049, want=324, limit=256 [ 584.035441][ T1422] netlink: 'syz.3.15082': attribute type 6 has an invalid length. [ 584.068235][ T1425] 9pnet: Insufficient options for proto=fd [ 584.159078][ T1437] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 584.169589][ T1437] EXT4-fs (loop2): Test dummy encryption mode enabled [ 584.188395][ T1437] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 584.207604][ T1437] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 584.248559][ T1437] EXT4-fs (loop2): 1 truncate cleaned up [ 584.254396][ T1437] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid, [ 584.364436][ T1460] netlink: 'syz.2.15099': attribute type 6 has an invalid length. [ 584.392086][ T1457] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #11: comm syz.1.15098: ea_inode with extended attributes [ 584.430074][ T1457] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.15098: error while reading EA inode 11 err=-117 [ 584.460131][ T1457] EXT4-fs (loop1): 1 orphan inode deleted [ 584.466130][ T1457] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 584.489151][T20932] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 584.598878][ T1475] netlink: 16 bytes leftover after parsing attributes in process `syz.2.15105'. [ 584.678374][ T1483] netlink: 'syz.1.15110': attribute type 6 has an invalid length. [ 584.861767][ T1500] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15116'. [ 584.883892][T20932] usb 6-1: config 0 has no interfaces? [ 584.889454][ T1496] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #11: comm syz.1.15115: ea_inode with extended attributes [ 584.932178][ T1496] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.15115: error while reading EA inode 11 err=-117 [ 584.969785][ T1496] EXT4-fs (loop1): 1 orphan inode deleted [ 584.975579][ T1496] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 585.041549][ T24] audit: type=1326 audit(1763280074.119:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1511 comm="syz.0.15122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca53476c9 code=0x7ffc0000 [ 585.049599][T20932] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 585.066391][ T24] audit: type=1326 audit(1763280074.119:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1511 comm="syz.0.15122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7ca53476c9 code=0x7ffc0000 [ 585.075580][T20932] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.098292][ T24] audit: type=1326 audit(1763280074.119:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1511 comm="syz.0.15122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca53476c9 code=0x7ffc0000 [ 585.106244][T20932] usb 6-1: Product: syz [ 585.129668][ T24] audit: type=1326 audit(1763280074.119:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1511 comm="syz.0.15122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7ca53476c9 code=0x7ffc0000 [ 585.147173][T20932] usb 6-1: Manufacturer: syz [ 585.162514][T20932] usb 6-1: SerialNumber: syz [ 585.168104][T20932] usb 6-1: config 0 descriptor?? [ 585.173831][ T24] audit: type=1326 audit(1763280074.119:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1511 comm="syz.0.15122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca53476c9 code=0x7ffc0000 [ 585.197583][ T24] audit: type=1326 audit(1763280074.119:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1511 comm="syz.0.15122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f7ca53476c9 code=0x7ffc0000 [ 585.224612][ T24] audit: type=1326 audit(1763280074.119:1142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1511 comm="syz.0.15122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca53476c9 code=0x7ffc0000 [ 585.259914][ T1512] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 585.279662][ T1512] ext4 filesystem being mounted at /15/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 585.303507][ T1530] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15127'. [ 585.315929][ T1530] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.340682][ T1530] device bridge_slave_0 left promiscuous mode [ 585.346761][ T1530] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.368598][ T1532] netlink: 'syz.0.15128': attribute type 11 has an invalid length. [ 585.383627][ T1532] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.15128'. [ 585.437878][ T3308] usb 6-1: USB disconnect, device number 4 [ 585.452484][ T1542] overlayfs: missing 'lowerdir' [ 585.590506][ T1554] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 585.599658][ T1554] ext4 filesystem being mounted at /28/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 585.759276][ T1571] overlayfs: missing 'lowerdir' [ 586.077968][ T1606] netlink: 720 bytes leftover after parsing attributes in process `syz.2.15163'. [ 586.159557][ T4332] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 586.223056][ T1629] netlink: 720 bytes leftover after parsing attributes in process `syz.5.15175'. [ 586.419058][ T1637] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 586.438197][ T1637] ext4 filesystem being mounted at /20/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 586.529602][ T4332] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 586.549520][ T4332] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 586.569534][ T4332] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 586.588707][ T4332] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.620067][ T4332] usb 2-1: config 0 descriptor?? [ 586.659982][ T4332] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 586.687513][ T1647] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.15182: ea_inode with extended attributes [ 586.729697][ T1647] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.15182: error while reading EA inode 11 err=-117 [ 586.752610][ T1647] EXT4-fs (loop0): 1 orphan inode deleted [ 586.758346][ T1647] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 586.862180][ T15] usb 2-1: USB disconnect, device number 35 [ 586.887440][ T1658] netlink: 720 bytes leftover after parsing attributes in process `syz.2.15187'. [ 587.080874][ T1671] incfs: Backing dir is not set, filesystem can't be mounted. [ 587.098549][ T1671] incfs: mount failed -2 [ 587.260683][ T1675] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #11: comm syz.2.15196: ea_inode with extended attributes [ 587.289717][ T1675] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.15196: error while reading EA inode 11 err=-117 [ 587.329562][ T1675] EXT4-fs (loop2): 1 orphan inode deleted [ 587.353428][ T1675] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 587.436071][ T1688] netlink: 720 bytes leftover after parsing attributes in process `syz.1.15199'. [ 587.477415][ T1691] netlink: 'syz.1.15202': attribute type 11 has an invalid length. [ 587.491420][ T1691] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.15202'. [ 587.574764][ T1695] incfs: Backing dir is not set, filesystem can't be mounted. [ 587.602594][ T1695] incfs: mount failed -2 [ 588.187864][ T1706] netlink: 16 bytes leftover after parsing attributes in process `syz.3.15208'. [ 588.267408][ T1712] netlink: 720 bytes leftover after parsing attributes in process `syz.3.15212'. [ 588.539451][ T1724] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.580050][ T1724] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.590959][ T1724] device bridge_slave_0 entered promiscuous mode [ 588.623600][ T1724] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.630771][ T1724] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.639386][ T1724] device bridge_slave_1 entered promiscuous mode [ 588.692302][ T1724] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.699331][ T1724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 588.706778][ T1724] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.713811][ T1724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 588.766317][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 588.780370][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.822104][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.847317][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 588.860495][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.867520][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 588.898744][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 588.899773][ T3308] usb 1-1: new full-speed USB device number 39 using dummy_hcd [ 588.916865][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.923906][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 588.931795][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 588.957544][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 588.970907][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 588.983199][ T1724] device veth0_vlan entered promiscuous mode [ 588.994421][ T1790] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15248'. [ 589.005677][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 589.020769][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 589.035820][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 589.066860][ T1724] device veth1_macvtap entered promiscuous mode [ 589.074721][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 589.087414][ T24] kauditd_printk_skb: 83 callbacks suppressed [ 589.087425][ T24] audit: type=1326 audit(1763280078.159:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1805 comm="syz.2.15256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 589.119313][ T24] audit: type=1326 audit(1763280078.159:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1805 comm="syz.2.15256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 589.126543][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 589.151201][ T24] audit: type=1326 audit(1763280078.159:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1805 comm="syz.2.15256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 589.175155][ T24] audit: type=1326 audit(1763280078.159:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1805 comm="syz.2.15256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 589.205308][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 589.218991][ T1806] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 589.224890][ T24] audit: type=1326 audit(1763280078.159:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1805 comm="syz.2.15256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 589.244905][ T1806] ext4 filesystem being mounted at /451/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 589.256028][ T24] audit: type=1326 audit(1763280078.159:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1805 comm="syz.2.15256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 589.301978][ T24] audit: type=1326 audit(1763280078.169:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1805 comm="syz.2.15256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 589.327484][ T24] audit: type=1326 audit(1763280078.169:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1805 comm="syz.2.15256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 589.353461][ T296] device bridge_slave_1 left promiscuous mode [ 589.360096][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.368246][ T24] audit: type=1326 audit(1763280078.169:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1805 comm="syz.2.15256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 589.392692][ T296] device veth1_macvtap left promiscuous mode [ 589.398884][ T296] device veth0_vlan left promiscuous mode [ 589.404652][ T3308] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 589.405143][ T24] audit: type=1326 audit(1763280078.169:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1805 comm="syz.2.15256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 589.427084][ T3308] usb 1-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00 [ 589.450712][ T3308] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.465480][ T3308] usb 1-1: config 0 descriptor?? [ 589.489570][ T1745] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 589.809560][ T3308] usbhid 1-1:0.0: can't add hid device: -71 [ 589.819728][ T3308] usbhid: probe of 1-1:0.0 failed with error -71 [ 589.842214][ T3308] usb 1-1: USB disconnect, device number 39 [ 589.850145][ T1851] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 589.869199][ T1851] ext4 filesystem being mounted at /457/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 589.900026][ T1857] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 589.907181][ T1857] EXT4-fs (loop5): Test dummy encryption mode enabled [ 589.919610][ T1857] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 589.947038][ T1857] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 589.980365][ T1857] EXT4-fs (loop5): 1 truncate cleaned up [ 589.986058][ T1857] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid, [ 590.289436][ T1902] netlink: 16 bytes leftover after parsing attributes in process `syz.1.15298'. [ 590.380276][ T1901] attempt to access beyond end of device [ 590.380276][ T1901] loop0: rw=2049, want=324, limit=256 [ 591.049799][ T1940] attempt to access beyond end of device [ 591.049799][ T1940] loop1: rw=2049, want=324, limit=256 [ 591.203499][ T1949] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 591.223924][ T1949] EXT4-fs (loop5): Test dummy encryption mode enabled [ 591.249843][ T1949] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 591.264783][ T1949] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 591.317617][ T1949] EXT4-fs (loop5): 1 truncate cleaned up [ 591.329665][ T1949] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid, [ 592.096993][ T1966] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15327'. [ 592.106912][ T1966] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.116776][ T1966] device bridge_slave_0 left promiscuous mode [ 592.122956][ T1966] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.297080][ T1986] incfs_lookup_dentry err:-14 [ 592.308067][ T1986] incfs: Can't find or create .index dir in ./file0 [ 592.354843][ T1986] incfs: mount failed -14 [ 592.450395][ T1992] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 592.466315][ T1992] ext4 filesystem being mounted at /14/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 593.051077][ T2029] attempt to access beyond end of device [ 593.051077][ T2029] loop3: rw=2049, want=324, limit=256 [ 593.857273][ T2080] fuse: Bad value for 'fd' [ 594.189656][ T2093] attempt to access beyond end of device [ 594.189656][ T2093] loop2: rw=2049, want=324, limit=256 [ 595.641921][ T2136] netlink: 16 bytes leftover after parsing attributes in process `syz.5.15405'. [ 595.941081][ T2156] attempt to access beyond end of device [ 595.941081][ T2156] loop1: rw=2049, want=324, limit=256 [ 596.160647][ T2166] 9pnet: Insufficient options for proto=fd [ 596.345502][ T2174] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 596.345884][ T2177] netlink: 16 bytes leftover after parsing attributes in process `syz.3.15416'. [ 596.361802][ T2174] EXT4-fs (loop0): Test dummy encryption mode enabled [ 596.368582][ T2174] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 596.429727][ T2174] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 596.496695][ T2174] EXT4-fs (loop0): 1 truncate cleaned up [ 596.510697][ T2174] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid, [ 596.779500][ T15] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 597.019510][ T15] usb 4-1: Using ep0 maxpacket: 16 [ 597.139583][ T15] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 597.157630][ T15] usb 4-1: config 0 interface 0 has no altsetting 0 [ 597.189526][ T15] usb 4-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 597.198573][ T15] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.230109][ T15] usb 4-1: config 0 descriptor?? [ 597.559544][ T15] usbhid 4-1:0.0: can't add hid device: -71 [ 597.565560][ T15] usbhid: probe of 4-1:0.0 failed with error -71 [ 597.588639][ T15] usb 4-1: USB disconnect, device number 28 [ 597.650305][ T2228] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2228 comm=syz.2.15447 [ 597.660992][ T2232] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=2232 comm=syz.0.15448 [ 598.234214][ T2286] overlayfs: missing 'lowerdir' [ 598.507646][ T24] kauditd_printk_skb: 83 callbacks suppressed [ 598.507657][ T24] audit: type=1400 audit(1763280087.579:1319): avc: denied { create } for pid=2307 comm="syz.1.15485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 598.605728][ T2315] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 598.613319][ T2315] EXT4-fs (loop1): Test dummy encryption mode enabled [ 598.619903][ T2318] overlayfs: missing 'lowerdir' [ 598.620345][ T2315] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 598.632748][ T2315] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 598.650591][ T2315] EXT4-fs (loop1): 1 truncate cleaned up [ 598.679526][ T2315] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid, [ 598.851221][ T2334] 9pnet: Insufficient options for proto=fd [ 599.037732][ T2343] overlayfs: missing 'lowerdir' [ 599.738035][ T24] audit: type=1326 audit(1763280088.809:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2362 comm="syz.3.15511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35ca9a56c9 code=0x7ffc0000 [ 599.779529][ T24] audit: type=1326 audit(1763280088.839:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2362 comm="syz.3.15511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f35ca9a56c9 code=0x7ffc0000 [ 599.820449][ T24] audit: type=1326 audit(1763280088.839:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2362 comm="syz.3.15511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35ca9a56c9 code=0x7ffc0000 [ 599.847150][ T24] audit: type=1326 audit(1763280088.839:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2362 comm="syz.3.15511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35ca9a56c9 code=0x7ffc0000 [ 599.860875][ T2368] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15509'. [ 599.872040][ T24] audit: type=1326 audit(1763280088.839:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2362 comm="syz.3.15511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35ca9a56c9 code=0x7ffc0000 [ 599.893355][ T2370] overlayfs: missing 'lowerdir' [ 599.905151][ T24] audit: type=1326 audit(1763280088.839:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2362 comm="syz.3.15511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f35ca9a56c9 code=0x7ffc0000 [ 599.932143][ T2368] bridge0: port 1(bridge_slave_0) entered disabled state [ 599.939443][ T24] audit: type=1326 audit(1763280088.839:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2362 comm="syz.3.15511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35ca9a56c9 code=0x7ffc0000 [ 599.963234][ T24] audit: type=1326 audit(1763280088.839:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2362 comm="syz.3.15511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35ca9a56c9 code=0x7ffc0000 [ 599.963822][ T2363] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 599.986864][ T24] audit: type=1326 audit(1763280088.839:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2362 comm="syz.3.15511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35ca9a56c9 code=0x7ffc0000 [ 600.019780][ T2368] device bridge_slave_0 left promiscuous mode [ 600.020870][ T2363] ext4 filesystem being mounted at /192/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 600.026439][ T2368] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.180641][ T2383] netlink: 'syz.5.15519': attribute type 6 has an invalid length. [ 600.250258][ T2391] 9pnet: Insufficient options for proto=fd [ 600.345627][ T2406] netlink: 720 bytes leftover after parsing attributes in process `syz.1.15529'. [ 600.367469][ T2406] device veth3 entered promiscuous mode [ 600.398998][ T2397] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 600.441461][ T2397] ext4 filesystem being mounted at /197/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 600.574645][ T2414] netlink: 'syz.3.15532': attribute type 6 has an invalid length. [ 600.908344][ T2434] netlink: 'syz.3.15543': attribute type 6 has an invalid length. [ 601.001240][ T2444] overlayfs: missing 'lowerdir' [ 601.136019][ T2450] netlink: 'syz.3.15550': attribute type 11 has an invalid length. [ 601.154209][ T2450] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.15550'. [ 601.291746][ T2452] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 601.309127][ T2452] EXT4-fs (loop3): Test dummy encryption mode enabled [ 601.316088][ T2452] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 601.323727][ T2452] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 601.344594][ T2452] EXT4-fs (loop3): 1 truncate cleaned up [ 601.359554][ T2452] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid, [ 601.533288][ T2474] 9pnet: Insufficient options for proto=fd [ 601.739512][ T4338] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 601.759605][ T2702] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 601.989493][ T4338] usb 6-1: Using ep0 maxpacket: 32 [ 601.999593][ T2702] usb 4-1: Using ep0 maxpacket: 16 [ 602.053650][ T2499] 9pnet: Insufficient options for proto=fd [ 602.091845][ T2505] binder: 2504:2505 unknown command 0 [ 602.097242][ T2505] binder: 2504:2505 ioctl c0306201 200000000080 returned -22 [ 602.110503][ T4338] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 602.118974][ T4338] usb 6-1: config 0 has no interface number 0 [ 602.127393][ T4338] usb 6-1: config 0 interface 184 has no altsetting 0 [ 602.134268][ T2702] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 602.145302][ T2702] usb 4-1: config 0 interface 0 has no altsetting 0 [ 602.152106][ T2702] usb 4-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 602.161514][ T2702] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.172065][ T2702] usb 4-1: config 0 descriptor?? [ 602.178288][ T2511] netlink: 760 bytes leftover after parsing attributes in process `syz.0.15579'. [ 602.309592][ T4338] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 602.318678][ T4338] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.327204][ T4338] usb 6-1: Product: syz [ 602.331538][ T4338] usb 6-1: Manufacturer: syz [ 602.340406][ T4338] usb 6-1: SerialNumber: syz [ 602.400008][ T2538] fuseblk: Bad value for 'fd' [ 602.596280][ T4338] usb 6-1: config 0 descriptor?? [ 602.604904][ T2543] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=2543 comm=syz.2.15594 [ 602.639846][ T4338] smsc75xx v1.0.0 [ 602.669634][ T2702] usbhid 4-1:0.0: can't add hid device: -71 [ 602.675601][ T2702] usbhid: probe of 4-1:0.0 failed with error -71 [ 602.682864][ T2702] usb 4-1: USB disconnect, device number 29 [ 602.691300][ T2551] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 602.698461][ T2551] EXT4-fs (loop2): Test dummy encryption mode enabled [ 602.705420][ T2551] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 602.712591][ T2551] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 602.723377][ T2551] EXT4-fs (loop2): 1 truncate cleaned up [ 602.729069][ T2551] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid, [ 603.289570][ T4338] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 603.300789][ T4338] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 603.489538][ T15] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 603.625580][ T2614] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=2614 comm=syz.0.15628 [ 603.652973][ T2616] netlink: 16 bytes leftover after parsing attributes in process `syz.0.15629'. [ 603.739542][ T15] usb 4-1: Using ep0 maxpacket: 16 [ 603.859639][ T15] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.879505][ T15] usb 4-1: config 0 interface 0 has no altsetting 0 [ 603.889516][ T15] usb 4-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 603.908752][ T15] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.929546][ T15] usb 4-1: config 0 descriptor?? [ 603.986510][ T2638] netlink: 16 bytes leftover after parsing attributes in process `syz.1.15640'. [ 603.999623][ T4338] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 604.011215][ T4338] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 604.020985][ T4338] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 604.047970][ T4338] smsc75xx: probe of 6-1:0.184 failed with error -61 [ 604.269575][ T15] usbhid 4-1:0.0: can't add hid device: -71 [ 604.275796][ T15] usbhid: probe of 4-1:0.0 failed with error -71 [ 604.303906][ T15] usb 4-1: USB disconnect, device number 30 [ 604.692574][ T2691] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 604.699941][ T2691] EXT4-fs (loop3): Test dummy encryption mode enabled [ 604.706810][ T2691] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 604.714126][ T2691] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 604.731132][ T2691] EXT4-fs (loop3): 1 truncate cleaned up [ 604.736958][ T2691] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid, [ 605.167209][ T2711] fuseblk: Bad value for 'fd' [ 605.248146][T23038] usb 6-1: USB disconnect, device number 5 [ 605.280965][ T2720] netlink: 720 bytes leftover after parsing attributes in process `syz.5.15676'. [ 605.290262][ T2720] netlink: 20 bytes leftover after parsing attributes in process `syz.5.15676'. [ 605.326102][ T2720] device veth3 entered promiscuous mode [ 605.449503][ T3308] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 605.689535][ T3308] usb 2-1: Using ep0 maxpacket: 16 [ 605.751318][ T2736] overlayfs: missing 'lowerdir' [ 605.819611][ T3308] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.830705][ T3308] usb 2-1: config 0 interface 0 has no altsetting 0 [ 605.837503][ T3308] usb 2-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 605.841587][ T2742] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #11: comm syz.5.15683: ea_inode with extended attributes [ 605.846788][ T3308] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.860760][ T2742] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.15683: error while reading EA inode 11 err=-117 [ 605.870584][ T3308] usb 2-1: config 0 descriptor?? [ 605.884694][ T2742] EXT4-fs (loop5): 1 orphan inode deleted [ 605.890547][ T2742] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 606.069523][T23038] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 606.148102][ T2759] netlink: 720 bytes leftover after parsing attributes in process `syz.5.15693'. [ 606.157349][ T2759] netlink: 20 bytes leftover after parsing attributes in process `syz.5.15693'. [ 606.168960][ T2759] device veth5 entered promiscuous mode [ 606.203889][ T2767] binder: 2766:2767 unknown command 0 [ 606.210099][ T2767] binder: 2766:2767 ioctl c0306201 200000000080 returned -22 [ 606.239525][ T3308] usbhid 2-1:0.0: can't add hid device: -71 [ 606.248457][ T2773] binder: 2772:2773 ioctl c0306201 0 returned -14 [ 606.254990][ T3308] usbhid: probe of 2-1:0.0 failed with error -71 [ 606.277293][ T3308] usb 2-1: USB disconnect, device number 36 [ 606.352876][ T2782] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=2782 comm=syz.0.15703 [ 606.364520][T23038] usb 4-1: Using ep0 maxpacket: 32 [ 606.386289][ T2784] binder: 2783:2784 unknown command 0 [ 606.391859][ T2784] binder: 2783:2784 ioctl c0306201 200000000080 returned -22 [ 606.451784][ T2788] netlink: 720 bytes leftover after parsing attributes in process `syz.0.15706'. [ 606.463267][ T2788] device veth3 entered promiscuous mode [ 606.490250][T23038] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 606.501595][T23038] usb 4-1: config 0 has no interface number 0 [ 606.513856][T23038] usb 4-1: config 0 interface 184 has no altsetting 0 [ 606.719587][T23038] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 606.728708][T23038] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.736949][T23038] usb 4-1: Product: syz [ 606.741689][T23038] usb 4-1: Manufacturer: syz [ 606.746323][T23038] usb 4-1: SerialNumber: syz [ 606.760986][T23038] usb 4-1: config 0 descriptor?? [ 606.778880][ T2805] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=2805 comm=syz.1.15714 [ 606.801233][T23038] smsc75xx v1.0.0 [ 607.248146][ T2829] netlink: 16 bytes leftover after parsing attributes in process `syz.0.15725'. [ 607.314634][ T2831] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15721'. [ 607.330033][ T2833] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=2833 comm=syz.0.15726 [ 607.460464][T23038] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 607.485214][T23038] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 607.534562][ T2857] netlink: 12 bytes leftover after parsing attributes in process `syz.0.15737'. [ 607.564906][ T2857] bridge0: port 1(bridge_slave_0) entered disabled state [ 607.581292][ T2857] device bridge_slave_0 left promiscuous mode [ 607.597551][ T2857] bridge0: port 1(bridge_slave_0) entered disabled state [ 607.688519][ T2870] netlink: 16 bytes leftover after parsing attributes in process `syz.5.15743'. [ 607.764612][ T2879] attempt to access beyond end of device [ 607.764612][ T2879] loop1: rw=2049, want=324, limit=256 [ 608.199839][T23038] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 608.238744][T23038] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 608.248759][T23038] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 608.258906][T23038] smsc75xx: probe of 4-1:0.184 failed with error -61 [ 608.328166][ T2916] attempt to access beyond end of device [ 608.328166][ T2916] loop0: rw=2049, want=324, limit=256 [ 608.450216][ T2928] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15768'. [ 608.810287][ T2951] attempt to access beyond end of device [ 608.810287][ T2951] loop2: rw=2049, want=324, limit=256 [ 609.455813][ T4331] usb 4-1: USB disconnect, device number 31 [ 609.542231][ T2976] attempt to access beyond end of device [ 609.542231][ T2976] loop3: rw=2049, want=324, limit=256 [ 609.803454][ T3003] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=3003 comm=syz.1.15801 [ 609.949532][ T7227] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 610.058237][ T24] kauditd_printk_skb: 50 callbacks suppressed [ 610.058250][ T24] audit: type=1326 audit(1763280099.129:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3023 comm="syz.2.15812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 610.092291][ T24] audit: type=1326 audit(1763280099.169:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3023 comm="syz.2.15812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 610.116099][ T24] audit: type=1326 audit(1763280099.169:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3023 comm="syz.2.15812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 610.139962][ T24] audit: type=1326 audit(1763280099.169:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3023 comm="syz.2.15812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 610.164054][ T24] audit: type=1326 audit(1763280099.169:1383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3023 comm="syz.2.15812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 610.187690][ T24] audit: type=1326 audit(1763280099.169:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3023 comm="syz.2.15812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 610.212860][ T24] audit: type=1326 audit(1763280099.169:1385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3023 comm="syz.2.15812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 610.220720][ T7227] usb 1-1: Using ep0 maxpacket: 16 [ 610.236589][ T24] audit: type=1326 audit(1763280099.169:1386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3023 comm="syz.2.15812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 610.265913][ T3024] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 610.267288][ T3030] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=3030 comm=syz.3.15814 [ 610.274955][ T3024] ext4 filesystem being mounted at /543/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 610.298070][ T24] audit: type=1326 audit(1763280099.169:1387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3023 comm="syz.2.15812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 610.344297][ T24] audit: type=1326 audit(1763280099.169:1388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3023 comm="syz.2.15812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fded2c816c9 code=0x7ffc0000 [ 610.449727][ T7227] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 610.471286][ T7227] usb 1-1: config 0 interface 0 has no altsetting 0 [ 610.477958][ T7227] usb 1-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 610.517634][ T7227] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.531591][ T7227] usb 1-1: config 0 descriptor?? [ 610.879641][ T7227] usbhid 1-1:0.0: can't add hid device: -71 [ 610.892325][ T7227] usbhid: probe of 1-1:0.0 failed with error -71 [ 610.922216][ T7227] usb 1-1: USB disconnect, device number 40 [ 611.852050][ T3107] __nla_validate_parse: 2 callbacks suppressed [ 611.852059][ T3107] netlink: 16 bytes leftover after parsing attributes in process `syz.5.15851'. [ 613.339034][ T3168] 9pnet: Insufficient options for proto=fd [ 613.355736][ T3172] netlink: 16 bytes leftover after parsing attributes in process `syz.1.15882'. [ 613.386504][ T3176] netlink: 760 bytes leftover after parsing attributes in process `syz.3.15885'. [ 613.400924][ T3180] overlayfs: missing 'lowerdir' [ 613.496353][ T3197] netlink: 16 bytes leftover after parsing attributes in process `syz.0.15894'. [ 613.505285][ T3200] 9pnet: Insufficient options for proto=fd [ 613.533564][ T3206] netlink: 760 bytes leftover after parsing attributes in process `syz.1.15898'. [ 613.558753][ T3209] overlayfs: missing 'lowerdir' [ 613.596248][ T3217] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=3217 comm=syz.3.15904 [ 613.970121][ T3234] netlink: 760 bytes leftover after parsing attributes in process `syz.5.15912'. [ 614.028708][ T3238] overlayfs: missing 'lowerdir' [ 614.355077][ T3253] netlink: 504 bytes leftover after parsing attributes in process `syz.5.15923'. [ 614.535911][ T3272] netlink: 'syz.1.15930': attribute type 11 has an invalid length. [ 614.572002][ T3272] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.15930'. [ 614.646024][ T3285] netlink: 504 bytes leftover after parsing attributes in process `syz.1.15936'. [ 615.740896][ T3307] netlink: 'syz.2.15946': attribute type 11 has an invalid length. [ 615.760050][ T3307] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.15946'. [ 616.669802][ T3362] attempt to access beyond end of device [ 616.669802][ T3362] loop5: rw=2049, want=324, limit=256 [ 617.128420][ T3395] binder: 3394:3395 unknown command 0 [ 617.154617][ T3399] netlink: 'syz.1.15986': attribute type 11 has an invalid length. [ 617.170658][ T3395] binder: 3394:3395 ioctl c0306201 200000000080 returned -22 [ 617.186704][ T3399] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.15986'. [ 617.201368][ T3406] overlayfs: missing 'lowerdir' [ 617.214832][ T3403] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #11: comm syz.3.15987: ea_inode with extended attributes [ 617.282237][ T3403] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.15987: error while reading EA inode 11 err=-117 [ 617.295560][ T3403] EXT4-fs (loop3): 1 orphan inode deleted [ 617.301557][ T3403] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 617.339795][ T3415] attempt to access beyond end of device [ 617.339795][ T3415] loop0: rw=2049, want=324, limit=256 [ 617.491402][ T3433] overlayfs: missing 'lowerdir' [ 617.509810][ T3434] netlink: 'syz.2.16001': attribute type 11 has an invalid length. [ 617.543290][ T3434] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.16001'. [ 617.682115][ T3457] overlayfs: missing 'lowerdir' [ 617.778136][ T3473] netlink: 'syz.2.16021': attribute type 11 has an invalid length. [ 617.813325][ T3473] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.16021'. [ 618.220926][ T3505] netlink: 'syz.3.16035': attribute type 11 has an invalid length. [ 618.270241][ T3505] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.16035'. [ 618.565968][ T3523] attempt to access beyond end of device [ 618.565968][ T3523] loop5: rw=2049, want=324, limit=256 [ 618.810390][ T3536] binder: 3535:3536 unknown command 0 [ 618.829930][ T3536] binder: 3535:3536 ioctl c0306201 200000000080 returned -22 [ 619.130304][ T3569] binder: 3568:3569 unknown command 1140850692 [ 619.136647][ T3569] binder: 3568:3569 ioctl c0306201 200000000080 returned -22 [ 619.570474][ T3593] binder: 3592:3593 unknown command 1140850692 [ 619.586060][ T3593] binder: 3592:3593 ioctl c0306201 200000000080 returned -22 [ 620.186134][ T3622] binder: 3621:3622 unknown command 1140850692 [ 620.207560][ T3622] binder: 3621:3622 ioctl c0306201 200000000080 returned -22 [ 620.230337][ T3624] netlink: 16 bytes leftover after parsing attributes in process `syz.2.16087'. [ 620.315361][ T3640] binder: 3639:3640 unknown command 0 [ 620.330106][ T3640] binder: 3639:3640 ioctl c0306201 200000000080 returned -22 [ 620.428411][ T3657] netlink: 16 bytes leftover after parsing attributes in process `syz.0.16103'. [ 620.566216][ T3675] binder: 3673:3675 unknown command 1140850692 [ 620.598941][ T3675] binder: 3673:3675 ioctl c0306201 200000000080 returned -22 [ 620.642503][ T3685] netlink: 16 bytes leftover after parsing attributes in process `syz.1.16116'. [ 621.058613][ T3708] binder: 3707:3708 unknown command 1140850692 [ 621.079798][ T3708] binder: 3707:3708 ioctl c0306201 200000000080 returned -22 [ 621.354020][ T3722] attempt to access beyond end of device [ 621.354020][ T3722] loop5: rw=2049, want=324, limit=256 [ 621.542145][ T3734] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #11: comm syz.5.16142: ea_inode with extended attributes [ 621.604478][ T3734] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.16142: error while reading EA inode 11 err=-117 [ 621.659895][ T3734] EXT4-fs (loop5): 1 orphan inode deleted [ 621.667273][ T3734] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 621.699112][ T3752] binder: 3749:3752 unknown command 1140850692 [ 621.706747][ T3752] binder: 3749:3752 ioctl c0306201 200000000080 returned -22 [ 621.790806][ T3759] overlayfs: missing 'lowerdir' [ 621.807594][ T3761] netlink: 16 bytes leftover after parsing attributes in process `syz.5.16151'. [ 622.021611][ T3779] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #11: comm syz.1.16160: ea_inode with extended attributes [ 622.044773][ T3779] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.16160: error while reading EA inode 11 err=-117 [ 622.069732][ T3779] EXT4-fs (loop1): 1 orphan inode deleted [ 622.075483][ T3779] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 622.455720][ T3790] netlink: 16 bytes leftover after parsing attributes in process `syz.1.16166'. [ 622.550535][ T3794] overlayfs: missing 'lowerdir' [ 622.731112][ T3811] netlink: 'syz.1.16175': attribute type 11 has an invalid length. [ 622.748138][ T3811] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.16175'. [ 622.806515][ T3821] overlayfs: missing 'lowerdir' [ 623.480619][ T3872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16204'. [ 623.530742][ T3874] overlayfs: missing 'lowerdir' [ 623.755256][ T3900] overlayfs: missing 'lowerdir' [ 623.941249][ T3922] overlayfs: missing 'lowerdir' [ 623.954027][ T3924] netlink: 8 bytes leftover after parsing attributes in process `syz.5.16215'. [ 624.724873][ T3942] fuseblk: Bad value for 'fd' [ 624.727007][ T3944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16241'. [ 624.993432][ T3972] fuseblk: Bad value for 'fd' [ 625.105799][ T3980] 9pnet: Insufficient options for proto=fd [ 625.212037][ T3986] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=3986 comm=syz.1.16259 [ 625.249502][ T3308] usb 1-1: new full-speed USB device number 41 using dummy_hcd [ 625.310172][ T3992] fuseblk: Bad value for 'fd' [ 625.423030][ T3999] 9pnet: Insufficient options for proto=fd [ 625.484011][ T4007] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=4007 comm=syz.1.16270 [ 625.605728][ T4013] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #11: comm syz.1.16273: ea_inode with extended attributes [ 625.632159][ T4013] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.16273: error while reading EA inode 11 err=-117 [ 625.644783][ T3308] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 625.660785][ T3308] usb 1-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00 [ 625.677524][ T4013] EXT4-fs (loop1): 1 orphan inode deleted [ 625.683497][ T3308] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.691971][ T4013] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 625.718049][ T3308] usb 1-1: config 0 descriptor?? [ 625.739586][ T3970] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 625.778676][ T4031] 9pnet: Insufficient options for proto=fd [ 625.829081][ T4034] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=4034 comm=syz.2.16281 [ 626.059520][ T3308] usbhid 1-1:0.0: can't add hid device: -71 [ 626.066002][ T3308] usbhid: probe of 1-1:0.0 failed with error -71 [ 626.100213][ T3308] usb 1-1: USB disconnect, device number 41 [ 626.151885][ T4070] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=4070 comm=syz.3.16296 [ 626.242305][ T4068] bridge0: port 1(bridge_slave_0) entered blocking state [ 626.249354][ T4068] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.277134][ T4068] device bridge_slave_0 entered promiscuous mode [ 626.286964][ T4068] bridge0: port 2(bridge_slave_1) entered blocking state [ 626.294804][ T4068] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.305087][ T4068] device bridge_slave_1 entered promiscuous mode [ 626.353320][ T4068] bridge0: port 2(bridge_slave_1) entered blocking state [ 626.360381][ T4068] bridge0: port 2(bridge_slave_1) entered forwarding state [ 626.367622][ T4068] bridge0: port 1(bridge_slave_0) entered blocking state [ 626.374674][ T4068] bridge0: port 1(bridge_slave_0) entered forwarding state [ 626.397592][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 626.408960][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.420348][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.439501][ T4101] netlink: 16 bytes leftover after parsing attributes in process `syz.1.16311'. [ 626.452346][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 626.461450][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 626.468468][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 626.476021][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 626.485104][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 626.492150][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 626.500052][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 626.509180][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 626.538714][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 626.548842][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 626.569510][ T320] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 626.569990][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 626.599833][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 626.608770][ T4068] device veth0_vlan entered promiscuous mode [ 626.636743][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 626.646787][ T4068] device veth1_macvtap entered promiscuous mode [ 626.660096][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 626.680236][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 626.840162][ T6393] device bridge_slave_1 left promiscuous mode [ 626.846304][ T6393] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.856272][ T6393] device veth1_macvtap left promiscuous mode [ 626.939536][ T320] usb 4-1: config 0 has no interfaces? [ 627.099556][ T320] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 627.117306][ T320] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.125770][ T320] usb 4-1: Product: syz [ 627.131417][ T320] usb 4-1: Manufacturer: syz [ 627.136036][ T320] usb 4-1: SerialNumber: syz [ 627.144197][ T320] usb 4-1: config 0 descriptor?? [ 627.274778][ T4168] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=4168 comm=syz.2.16342 [ 627.934872][ T320] usb 4-1: USB disconnect, device number 32 [ 628.350713][ T4238] incfs: Backing dir is not set, filesystem can't be mounted. [ 628.389633][ T4238] incfs: mount failed -2 [ 628.877912][ T4267] kvm [4266]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x800 [ 628.925360][ T4267] kvm [4266]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x0 [ 628.963129][ T4267] kvm [4266]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0x900000000000 [ 629.026880][ T4267] kvm [4266]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x100000000000 [ 629.042119][ T4267] kvm [4266]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x800000000800 [ 629.172771][ T4315] fuseblk: Bad value for 'fd' [ 629.279311][ T4317] attempt to access beyond end of device [ 629.279311][ T4317] loop3: rw=2049, want=324, limit=256 [ 629.410581][ T4326] attempt to access beyond end of device [ 629.410581][ T4326] loop2: rw=2049, want=324, limit=256 [ 629.442410][ T4345] fuseblk: Bad value for 'fd' [ 629.669538][ T2702] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 630.078923][ T4375] fuseblk: Bad value for 'fd' [ 630.139533][ T2702] usb 6-1: Using ep0 maxpacket: 16 [ 630.145185][ T4374] attempt to access beyond end of device [ 630.145185][ T4374] loop1: rw=2049, want=324, limit=256 [ 630.245810][ T24] kauditd_printk_skb: 18 callbacks suppressed [ 630.245821][ T24] audit: type=1326 audit(1763280119.319:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4390 comm="syz.1.16437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 630.276449][ T2702] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 630.291387][ T2702] usb 6-1: config 0 interface 0 has no altsetting 0 [ 630.309735][ T2702] usb 6-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 630.318781][ T2702] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.360195][ T4392] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 630.367284][ T24] audit: type=1326 audit(1763280119.319:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4390 comm="syz.1.16437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 630.372372][ T4399] overlayfs: missing 'lowerdir' [ 630.395189][ T24] audit: type=1326 audit(1763280119.349:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4390 comm="syz.1.16437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 630.409583][ T4392] ext4 filesystem being mounted at /339/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 630.421401][ T2702] usb 6-1: config 0 descriptor?? [ 630.436821][ T24] audit: type=1326 audit(1763280119.349:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4390 comm="syz.1.16437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 630.460521][ T24] audit: type=1326 audit(1763280119.349:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4390 comm="syz.1.16437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 630.484902][ T24] audit: type=1326 audit(1763280119.349:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4390 comm="syz.1.16437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 630.513788][ T4403] fuseblk: Bad value for 'fd' [ 630.524550][ T24] audit: type=1326 audit(1763280119.349:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4390 comm="syz.1.16437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 630.558043][ T24] audit: type=1326 audit(1763280119.349:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4390 comm="syz.1.16437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 630.582761][ T24] audit: type=1326 audit(1763280119.349:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4390 comm="syz.1.16437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 630.606427][ T24] audit: type=1326 audit(1763280119.349:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4390 comm="syz.1.16437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 630.646919][ T4413] overlayfs: missing 'lowerdir' [ 630.789565][ T2702] usbhid 6-1:0.0: can't add hid device: -71 [ 630.798612][ T4443] attempt to access beyond end of device [ 630.798612][ T4443] loop3: rw=2049, want=324, limit=256 [ 630.810452][ T2702] usbhid: probe of 6-1:0.0 failed with error -71 [ 630.819713][ T2702] usb 6-1: USB disconnect, device number 6 [ 631.180124][ T4494] attempt to access beyond end of device [ 631.180124][ T4494] loop2: rw=2049, want=324, limit=256 [ 631.290301][ T4514] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16493'. [ 631.315272][ T4518] fuseblk: Bad value for 'fd' [ 631.469893][ T4529] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 631.607768][ T4535] attempt to access beyond end of device [ 631.607768][ T4535] loop3: rw=2049, want=324, limit=256 [ 631.961037][ T4569] attempt to access beyond end of device [ 631.961037][ T4569] loop5: rw=2049, want=324, limit=256 [ 632.294563][ T4594] attempt to access beyond end of device [ 632.294563][ T4594] loop0: rw=2049, want=324, limit=256 [ 632.318175][ T4606] fuseblk: Bad value for 'fd' [ 632.931073][ T4655] binder: 4654:4655 unknown command 0 [ 632.936503][ T4655] binder: 4654:4655 ioctl c0306201 200000000080 returned -22 [ 633.415444][ T4676] binder: 4675:4676 unknown command 1140850692 [ 633.449551][ T4676] binder: 4675:4676 ioctl c0306201 200000000080 returned -22 [ 633.760858][ T4700] binder: 4698:4700 unknown command 1140850692 [ 633.779483][ T4700] binder: 4698:4700 ioctl c0306201 200000000080 returned -22 [ 634.179770][ T3308] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 634.449467][ T3308] usb 2-1: Using ep0 maxpacket: 16 [ 634.579751][ T3308] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 634.596773][ T3308] usb 2-1: config 0 interface 0 has no altsetting 0 [ 634.619849][ T3308] usb 2-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 634.642847][ T3308] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.666388][ T3308] usb 2-1: config 0 descriptor?? [ 634.700638][ T4734] binder: 4733:4734 unknown command 1140850692 [ 634.714950][ T4734] binder: 4733:4734 ioctl c0306201 200000000080 returned -22 [ 634.756901][ T4736] overlayfs: missing 'lowerdir' [ 634.782952][ T4740] binder: 4739:4740 unknown command 1140850692 [ 634.789318][ T4740] binder: 4739:4740 ioctl c0306201 200000000080 returned -22 [ 635.009515][ T3308] usbhid 2-1:0.0: can't add hid device: -71 [ 635.015689][ T3308] usbhid: probe of 2-1:0.0 failed with error -71 [ 635.036455][ T3308] usb 2-1: USB disconnect, device number 37 [ 635.079487][ T320] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 635.449552][ T320] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 635.479470][ T320] usb 1-1: config 0 has no interfaces? [ 635.649525][ T320] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 635.678717][ T320] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 635.692565][ T320] usb 1-1: Product: syz [ 635.699605][ T320] usb 1-1: Manufacturer: syz [ 635.704193][ T320] usb 1-1: SerialNumber: syz [ 635.729199][ T320] usb 1-1: config 0 descriptor?? [ 635.872488][ T24] kauditd_printk_skb: 25 callbacks suppressed [ 635.872497][ T24] audit: type=1400 audit(1763280124.949:1442): avc: denied { getopt } for pid=4809 comm="syz.3.16627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 636.472024][ T15] usb 1-1: USB disconnect, device number 42 [ 637.372977][ T4904] netlink: 24 bytes leftover after parsing attributes in process `syz.5.16673'. [ 637.820799][ T4917] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=4917 comm=syz.0.16669 [ 637.998720][ T4935] binder: 4934:4935 unknown command 0 [ 638.024302][ T4935] binder: 4934:4935 ioctl c0306201 200000000080 returned -22 [ 638.138126][ T4943] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.16686: ea_inode with extended attributes [ 638.168356][ T4943] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.16686: error while reading EA inode 11 err=-117 [ 638.208496][ T4943] EXT4-fs (loop0): 1 orphan inode deleted [ 638.225672][ T4943] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue [ 639.221787][ T4992] netlink: 24 bytes leftover after parsing attributes in process `syz.3.16709'. [ 639.867184][ T5014] netlink: 16 bytes leftover after parsing attributes in process `syz.3.16717'. [ 639.987540][ T5024] binder: 5023:5024 unknown command 0 [ 640.002259][ T5024] binder: 5023:5024 ioctl c0306201 200000000080 returned -22 [ 641.326766][ T5098] netlink: 'syz.0.16755': attribute type 4 has an invalid length. [ 641.352024][ T5096] overlayfs: missing 'lowerdir' [ 641.373561][ T5098] netlink: 17 bytes leftover after parsing attributes in process `syz.0.16755'. [ 641.565852][ T5139] binder: 5138:5139 unknown command 0 [ 641.568515][ T5135] overlayfs: missing 'lowerdir' [ 641.589499][ T5139] binder: 5138:5139 ioctl c0306201 200000000080 returned -22 [ 641.705328][ T5165] netlink: 12 bytes leftover after parsing attributes in process `syz.1.16786'. [ 641.723938][ T5169] overlayfs: missing 'lowerdir' [ 641.873825][ T5198] netlink: 12 bytes leftover after parsing attributes in process `syz.2.16801'. [ 641.891407][ T5196] overlayfs: missing 'lowerdir' [ 641.909075][ T5198] bridge0: port 1(bridge_slave_0) entered disabled state [ 641.930846][ T5198] device bridge_slave_0 left promiscuous mode [ 641.971782][ T5198] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.141930][ T5217] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 642.159216][ T5217] ext4 filesystem being mounted at /293/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 642.181345][ T5231] netlink: 24 bytes leftover after parsing attributes in process `syz.3.16817'. [ 642.249536][ T4331] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 642.319980][ T5267] netlink: 24 bytes leftover after parsing attributes in process `syz.3.16833'. [ 642.509543][T23038] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 642.521778][ T4331] usb 2-1: Using ep0 maxpacket: 16 [ 642.639585][ T4331] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 642.658278][ T4331] usb 2-1: config 0 interface 0 has no altsetting 0 [ 642.665481][ T4331] usb 2-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 642.674743][ T4331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.687579][ T4331] usb 2-1: config 0 descriptor?? [ 642.753028][ T5346] netlink: 'syz.2.16872': attribute type 4 has an invalid length. [ 642.759497][T23038] usb 1-1: Using ep0 maxpacket: 16 [ 642.769687][ T5346] netlink: 17 bytes leftover after parsing attributes in process `syz.2.16872'. [ 642.889608][T23038] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 642.907856][T23038] usb 1-1: config 0 interface 0 has no altsetting 0 [ 642.917346][T23038] usb 1-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 642.936759][T23038] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.956008][T23038] usb 1-1: config 0 descriptor?? [ 643.029514][ T4331] usbhid 2-1:0.0: can't add hid device: -71 [ 643.035542][ T4331] usbhid: probe of 2-1:0.0 failed with error -71 [ 643.052347][ T4331] usb 2-1: USB disconnect, device number 38 [ 643.309564][T23038] usbhid 1-1:0.0: can't add hid device: -71 [ 643.315736][T23038] usbhid: probe of 1-1:0.0 failed with error -71 [ 643.340943][T23038] usb 1-1: USB disconnect, device number 43 [ 643.537679][ T5386] netlink: 140 bytes leftover after parsing attributes in process `syz.1.16890'. [ 643.789500][T20932] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 643.992480][ T5428] netlink: 'syz.2.16907': attribute type 4 has an invalid length. [ 644.019812][ T5430] binder: 5429:5430 unknown command 0 [ 644.024328][ T5428] netlink: 17 bytes leftover after parsing attributes in process `syz.2.16907'. [ 644.029359][ T5430] binder: 5429:5430 ioctl c0306201 200000000080 returned -22 [ 644.149630][T20932] usb 6-1: config 0 has no interfaces? [ 644.309563][T20932] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 644.346821][T20932] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.366996][T20932] usb 6-1: Product: syz [ 644.377078][T20932] usb 6-1: Manufacturer: syz [ 644.395615][T20932] usb 6-1: SerialNumber: syz [ 644.410143][T20932] usb 6-1: config 0 descriptor?? [ 644.511238][ T5452] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=5452 comm=syz.3.16918 [ 644.662322][T20932] usb 6-1: USB disconnect, device number 7 [ 644.715207][ T5462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.16923'. [ 644.891336][ T5473] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=5473 comm=syz.3.16929 [ 645.404596][ T5503] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=5503 comm=syz.5.16942 [ 645.613631][ T5517] netlink: 'syz.5.16948': attribute type 11 has an invalid length. [ 645.631819][ T5517] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.16948'. [ 645.859526][ T15] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 645.936129][ T5525] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=5525 comm=syz.2.16953 [ 646.166435][ T5539] netlink: 'syz.0.16959': attribute type 11 has an invalid length. [ 646.174602][ T5539] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.16959'. [ 646.219538][ T15] usb 2-1: config 0 has no interfaces? [ 646.399546][ T15] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 646.419489][ T15] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.427483][ T15] usb 2-1: Product: syz [ 646.449527][ T15] usb 2-1: Manufacturer: syz [ 646.454156][ T15] usb 2-1: SerialNumber: syz [ 646.469473][ T15] usb 2-1: config 0 descriptor?? [ 646.640314][ T5565] netlink: 'syz.5.16971': attribute type 11 has an invalid length. [ 646.663690][ T5565] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.16971'. [ 646.719587][T23038] usb 2-1: USB disconnect, device number 39 [ 646.934641][ T5588] netlink: 24 bytes leftover after parsing attributes in process `syz.5.16982'. [ 647.114024][ T5594] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 647.128025][ T5594] ext4 filesystem being mounted at /330/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 648.954222][ T5745] binder: 5744:5745 unknown command 0 [ 648.981369][ T5745] binder: 5744:5745 ioctl c0306201 200000000080 returned -22 [ 649.078348][ T5770] netlink: 'syz.0.17068': attribute type 4 has an invalid length. [ 649.114325][ T5770] netlink: 17 bytes leftover after parsing attributes in process `syz.0.17068'. [ 649.192458][ T5800] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17082'. [ 649.239425][ T5809] netlink: 'syz.1.17087': attribute type 4 has an invalid length. [ 649.270453][ T5809] netlink: 17 bytes leftover after parsing attributes in process `syz.1.17087'. [ 649.416976][ T5842] 9pnet: Insufficient options for proto=fd [ 649.913025][ T5903] 9pnet: Insufficient options for proto=fd [ 649.974295][ T5908] binder: 5907:5908 ioctl 4018620d 0 returned -22 [ 650.053361][ T5919] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1279 sclass=netlink_xfrm_socket pid=5919 comm=syz.5.17137 [ 650.151959][ T5926] binder: 5925:5926 unknown command 0 [ 650.176546][ T5926] binder: 5925:5926 ioctl c0306201 200000000080 returned -22 [ 650.716751][ T5973] 9pnet: Insufficient options for proto=fd [ 651.000629][ T5994] binder: 5993:5994 ioctl 4018620d 0 returned -22 [ 651.038567][ T5994] binder: 5993:5994 unknown command 0 [ 651.049469][ T5994] binder: 5993:5994 ioctl c0306201 200000000080 returned -22 [ 651.189248][ T6001] netlink: 24 bytes leftover after parsing attributes in process `syz.3.17176'. [ 651.346132][ T6007] EXT4-fs (loop3): external journal device major/minor numbers have changed [ 651.381689][ T6007] EXT4-fs (loop3): external journal has bad superblock [ 651.475424][ T6029] netlink: 24 bytes leftover after parsing attributes in process `syz.5.17187'. [ 651.577063][ T6039] netlink: 'syz.5.17193': attribute type 4 has an invalid length. [ 651.599506][ T6039] netlink: 17 bytes leftover after parsing attributes in process `syz.5.17193'. [ 652.098414][ T6082] binder: 6081:6082 ioctl c0306201 0 returned -14 [ 652.509866][ T6096] binder: 6095:6096 ioctl c0306201 0 returned -14 [ 652.935580][ T6128] binder: 6127:6128 ioctl c0306201 0 returned -14 [ 653.800604][ T6146] binder: 6145:6146 ioctl c0306201 0 returned -14 [ 653.993533][ T6148] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 654.009590][ T6148] EXT4-fs (loop1): external journal has bad superblock [ 654.227901][ T6163] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 654.240139][ T6163] ext4 filesystem being mounted at /411/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 654.469490][ T4331] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 654.709527][ T4331] usb 2-1: Using ep0 maxpacket: 16 [ 654.758865][ T6193] binder: 6192:6193 ioctl c0306201 0 returned -14 [ 654.779912][ T6195] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17262'. [ 654.829540][ T4331] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 654.850310][ T4331] usb 2-1: config 0 interface 0 has no altsetting 0 [ 654.867088][ T4331] usb 2-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 654.887243][ T4331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.920368][ T4331] usb 2-1: config 0 descriptor?? [ 655.259535][ T4331] usbhid 2-1:0.0: can't add hid device: -71 [ 655.265615][ T4331] usbhid: probe of 2-1:0.0 failed with error -71 [ 655.299299][ T4331] usb 2-1: USB disconnect, device number 40 [ 655.697694][ T6224] netlink: 12 bytes leftover after parsing attributes in process `syz.5.17274'. [ 655.759518][ T6232] netlink: 'syz.5.17279': attribute type 11 has an invalid length. [ 655.789521][ T6232] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.17279'. [ 656.525213][ T6246] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17289'. [ 656.791130][ T6266] netlink: 12 bytes leftover after parsing attributes in process `syz.1.17300'. [ 657.257556][ T6287] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.273066][ T6287] bridge0: port 1(bridge_slave_0) entered disabled state [ 657.292013][ T6287] device bridge_slave_0 entered promiscuous mode [ 657.311496][ T6287] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.336145][ T6287] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.349812][ T6287] device bridge_slave_1 entered promiscuous mode [ 657.487045][ T6287] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.494108][ T6287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 657.501395][ T6287] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.508408][ T6287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 657.568087][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 657.578424][T19322] bridge0: port 1(bridge_slave_0) entered disabled state [ 657.596294][T19322] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.640436][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 657.652510][T19322] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.659551][T19322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 657.679529][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 657.699529][T19322] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.706555][T19322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 657.719763][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 657.739632][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 657.753881][ T6287] device veth0_vlan entered promiscuous mode [ 657.772120][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 657.781204][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 657.809958][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 657.839918][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 657.855586][ T6287] device veth1_macvtap entered promiscuous mode [ 657.872293][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 657.900157][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 657.933342][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 657.971749][ T7] device bridge_slave_1 left promiscuous mode [ 657.977907][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.998936][ T7] device veth1_macvtap left promiscuous mode [ 658.071433][ T6311] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 658.102112][ T6311] ext4 filesystem being mounted at /413/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 658.481873][ T6357] netlink: 'syz.3.17334': attribute type 11 has an invalid length. [ 658.511480][ T6357] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.17334'. [ 658.865694][ T24] audit: type=1326 audit(1763280147.939:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6368 comm="syz.1.17338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 658.894644][ T24] audit: type=1326 audit(1763280147.939:1444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6368 comm="syz.1.17338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4f2856c9 code=0x7ffc0000 [ 659.265558][ T6400] netlink: 24 bytes leftover after parsing attributes in process `syz.1.17351'. [ 659.691173][ T6435] netlink: 140 bytes leftover after parsing attributes in process `syz.1.17368'. [ 662.055337][ T6505] netlink: 172 bytes leftover after parsing attributes in process `syz.0.17400'. [ 662.448617][ T6520] netlink: 24 bytes leftover after parsing attributes in process `syz.0.17407'. [ 664.825429][ T6618] netlink: 'syz.3.17450': attribute type 11 has an invalid length. [ 664.860557][ T6618] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.17450'. [ 666.393385][ T6703] netlink: 140 bytes leftover after parsing attributes in process `syz.5.17483'. [ 666.641473][ T6737] netlink: 172 bytes leftover after parsing attributes in process `syz.3.17506'. [ 666.994698][ T6764] netlink: 'syz.5.17520': attribute type 4 has an invalid length. [ 667.006473][ T6764] netlink: 17 bytes leftover after parsing attributes in process `syz.5.17520'. [ 668.401152][ T6866] EXT4-fs (loop5): external journal device major/minor numbers have changed [ 668.426222][ T6866] EXT4-fs (loop5): external journal has bad superblock [ 668.966280][ T6919] netlink: 24 bytes leftover after parsing attributes in process `syz.5.17590'. [ 668.989488][ T320] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 669.359526][ T320] usb 1-1: config index 0 descriptor too short (expected 28486, got 227) [ 669.388285][ T320] usb 1-1: config 15 has too many interfaces: 240, using maximum allowed: 32 [ 669.418534][ T320] usb 1-1: config 15 has an invalid descriptor of length 0, skipping remainder of the config [ 669.429025][ T320] usb 1-1: config 15 has 0 interfaces, different from the descriptor's value: 240 [ 669.599565][ T320] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 669.618789][ T320] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.641431][ T320] usb 1-1: Product: syz [ 669.654029][ T320] usb 1-1: Manufacturer: syz [ 669.658632][ T320] usb 1-1: SerialNumber: syz [ 669.741893][ T6960] netlink: 'syz.5.17609': attribute type 4 has an invalid length. [ 669.766625][ T6960] netlink: 17 bytes leftover after parsing attributes in process `syz.5.17609'. [ 669.953213][ T320] usb 1-1: USB disconnect, device number 44 [ 670.343545][ T6979] EXT4-fs (loop2): dax option not supported [ 670.603783][ T6989] netlink: 'syz.0.17622': attribute type 4 has an invalid length. [ 670.620297][ T6989] netlink: 17 bytes leftover after parsing attributes in process `syz.0.17622'. [ 670.881175][ T7019] netlink: 'syz.0.17634': attribute type 4 has an invalid length. [ 670.898492][ T7019] netlink: 17 bytes leftover after parsing attributes in process `syz.0.17634'. [ 671.129527][ T4338] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 671.559572][ T4338] usb 4-1: config index 0 descriptor too short (expected 28486, got 227) [ 671.568370][ T4338] usb 4-1: config 15 has too many interfaces: 240, using maximum allowed: 32 [ 671.578081][ T4338] usb 4-1: config 15 has an invalid descriptor of length 0, skipping remainder of the config [ 671.589213][ T4338] usb 4-1: config 15 has 0 interfaces, different from the descriptor's value: 240 [ 671.749614][ T4338] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 671.759090][ T4338] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.779285][ T4338] usb 4-1: Product: syz [ 671.783630][ T4338] usb 4-1: Manufacturer: syz [ 671.788210][ T4338] usb 4-1: SerialNumber: syz [ 672.101391][ T4338] usb 4-1: USB disconnect, device number 33 [ 672.155499][ T7144] netlink: 172 bytes leftover after parsing attributes in process `syz.2.17690'. [ 672.352470][ T7166] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=7166 comm=syz.2.17699 [ 672.811656][ T7219] netlink: 172 bytes leftover after parsing attributes in process `syz.3.17718'. [ 672.905955][ T24] audit: type=1326 audit(1763280161.979:1445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7239 comm="syz.2.17734" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1763ca76c9 code=0x0 [ 673.039459][ T2702] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 673.419610][ T2702] usb 1-1: config index 0 descriptor too short (expected 28486, got 227) [ 673.433547][ T2702] usb 1-1: config 15 has too many interfaces: 240, using maximum allowed: 32 [ 673.458691][ T2702] usb 1-1: config 15 has an invalid descriptor of length 0, skipping remainder of the config [ 673.479204][ T2702] usb 1-1: config 15 has 0 interfaces, different from the descriptor's value: 240 [ 673.663966][ T2702] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 673.683198][ T2702] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 673.701444][ T2702] usb 1-1: Product: syz [ 673.709587][ T2702] usb 1-1: Manufacturer: syz [ 673.724323][ T2702] usb 1-1: SerialNumber: syz [ 674.012868][ T2702] usb 1-1: USB disconnect, device number 45 [ 674.080746][ T7316] netlink: 140 bytes leftover after parsing attributes in process `syz.3.17767'. [ 675.822116][ T7409] netlink: 12 bytes leftover after parsing attributes in process `syz.0.17812'. [ 676.161163][ T7435] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17824'. [ 677.348802][ T7476] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17835'. [ 677.555580][ T7484] netlink: 140 bytes leftover after parsing attributes in process `syz.3.17843'. [ 678.218841][ T7506] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=7506 comm=syz.0.17855 [ 678.318308][ T7520] netlink: 12 bytes leftover after parsing attributes in process `syz.5.17856'. [ 678.386461][ T7516] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 678.416268][ T7516] EXT4-fs (loop1): external journal has bad superblock [ 678.561681][ T7539] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28789 sclass=netlink_route_socket pid=7539 comm=syz.5.17871 [ 678.645200][ T7548] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17876'. [ 678.676746][ T7548] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.706851][ T7548] device bridge_slave_0 left promiscuous mode [ 678.720040][ T7548] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.754745][ T7552] input: syz0 as /devices/virtual/input/input12 [ 679.135361][ T7586] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 679.175072][ T7586] ext4 filesystem being mounted at /541/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 679.408397][ T7616] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.429495][ T7616] bridge0: port 1(bridge_slave_0) entered disabled state [ 679.447078][ T7616] device bridge_slave_0 entered promiscuous mode [ 679.459238][ T7616] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.502556][ T7616] bridge0: port 2(bridge_slave_1) entered disabled state [ 679.519866][ T7616] device bridge_slave_1 entered promiscuous mode [ 679.526403][ T7623] netlink: 'syz.5.17909': attribute type 4 has an invalid length. [ 679.549480][ T7623] netlink: 17 bytes leftover after parsing attributes in process `syz.5.17909'. [ 679.676916][ T7616] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.683971][ T7616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 679.691238][ T7616] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.698263][ T7616] bridge0: port 1(bridge_slave_0) entered forwarding state [ 679.749959][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 679.764990][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 679.789603][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 679.809168][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 679.936593][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 680.014364][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 680.040473][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 680.047509][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 680.055280][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 680.063640][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 680.071815][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 680.078829][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 680.102400][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 680.120552][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 680.137611][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 680.153936][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 680.173015][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 680.188489][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 680.213308][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 680.224364][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 680.245665][ T7616] device veth0_vlan entered promiscuous mode [ 680.253975][ T7639] netlink: 24 bytes leftover after parsing attributes in process `syz.0.17915'. [ 680.263726][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 680.273426][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 680.290982][ T7646] netlink: 'syz.0.17919': attribute type 4 has an invalid length. [ 680.298856][ T7646] netlink: 17 bytes leftover after parsing attributes in process `syz.0.17919'. [ 680.310065][T19322] device bridge_slave_1 left promiscuous mode [ 680.317258][T19322] bridge0: port 2(bridge_slave_1) entered disabled state [ 680.336436][T19322] device veth1_macvtap left promiscuous mode [ 680.456006][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 680.469321][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 680.493794][ T7616] device veth1_macvtap entered promiscuous mode [ 680.515311][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 680.531214][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 680.620041][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 680.653047][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 680.667976][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 681.758428][ T7749] netlink: 24 bytes leftover after parsing attributes in process `syz.2.17957'. [ 682.339037][ T7829] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1279 sclass=netlink_route_socket pid=7829 comm=syz.2.18002 [ 682.639455][ T7227] usb 1-1: new full-speed USB device number 46 using dummy_hcd [ 682.652703][ T7861] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 682.666167][ T7861] ext4 filesystem being mounted at /353/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 683.009536][ T7227] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 683.029724][ T7227] usb 1-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00 [ 683.048955][ T7227] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.067634][ T7227] usb 1-1: config 0 descriptor?? [ 683.099527][ T7832] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 683.419566][ T7227] usbhid 1-1:0.0: can't add hid device: -71 [ 683.429039][ T7227] usbhid: probe of 1-1:0.0 failed with error -71 [ 683.470503][ T7227] usb 1-1: USB disconnect, device number 46 [ 683.513970][ T7931] input: syz0 as /devices/virtual/input/input15 [ 683.916391][ T7999] netlink: 140 bytes leftover after parsing attributes in process `syz.2.18079'. [ 684.269475][ T4331] usb 2-1: new full-speed USB device number 41 using dummy_hcd [ 684.286631][ T8047] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 684.298905][ T8047] ext4 filesystem being mounted at /368/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 684.506233][ T8073] netlink: 12 bytes leftover after parsing attributes in process `syz.0.18112'. [ 684.548713][ T8067] bridge0: port 1(bridge_slave_0) entered blocking state [ 684.559195][ T8067] bridge0: port 1(bridge_slave_0) entered disabled state [ 684.592562][ T8067] device bridge_slave_0 entered promiscuous mode [ 684.608408][ T8067] bridge0: port 2(bridge_slave_1) entered blocking state [ 684.629577][ T4331] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 684.643220][ T8067] bridge0: port 2(bridge_slave_1) entered disabled state [ 684.654068][ T4331] usb 2-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00 [ 684.667837][ T8067] device bridge_slave_1 entered promiscuous mode [ 684.674381][ T4331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.711383][ T4331] usb 2-1: config 0 descriptor?? [ 684.729497][ T8014] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 684.783606][ T8067] bridge0: port 2(bridge_slave_1) entered blocking state [ 684.790681][ T8067] bridge0: port 2(bridge_slave_1) entered forwarding state [ 684.798296][ T8067] bridge0: port 1(bridge_slave_0) entered blocking state [ 684.805345][ T8067] bridge0: port 1(bridge_slave_0) entered forwarding state [ 684.836739][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 684.854633][T19322] bridge0: port 1(bridge_slave_0) entered disabled state [ 684.875680][T19322] bridge0: port 2(bridge_slave_1) entered disabled state [ 684.900792][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 684.919097][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 684.926177][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 684.947150][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 684.955732][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 684.962788][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 684.981552][ T8095] netlink: 172 bytes leftover after parsing attributes in process `syz.3.18121'. [ 684.998575][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 685.006897][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 685.016110][ T8097] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18122'. [ 685.026079][ T6393] device bridge_slave_1 left promiscuous mode [ 685.034705][ T4331] usbhid 2-1:0.0: can't add hid device: -71 [ 685.040743][ T6393] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.044837][ T4331] usbhid: probe of 2-1:0.0 failed with error -71 [ 685.056337][ T6393] device veth1_macvtap left promiscuous mode [ 685.070178][ T4331] usb 2-1: USB disconnect, device number 41 [ 685.176010][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 685.198218][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 685.209975][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 685.227676][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 685.240592][ T8067] device veth0_vlan entered promiscuous mode [ 685.263673][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 685.281532][ T8067] device veth1_macvtap entered promiscuous mode [ 685.302063][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 685.321523][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 685.552121][ T8115] netlink: 172 bytes leftover after parsing attributes in process `syz.5.18131'. [ 685.842637][ T8121] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18132'. [ 686.191222][ T8134] netlink: 'syz.3.18140': attribute type 4 has an invalid length. [ 686.199053][ T8134] netlink: 17 bytes leftover after parsing attributes in process `syz.3.18140'. [ 686.264981][ T8138] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18144'. [ 686.536401][ T8151] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 686.559569][ T8151] ext4 filesystem being mounted at /37/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 686.728474][ T8169] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18155'. [ 686.748645][ T8169] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.769973][ T8169] device bridge_slave_0 left promiscuous mode [ 686.776077][ T8169] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.867824][ T8171] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 686.887325][ T8171] ext4 filesystem being mounted at /41/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 687.430337][ T8193] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 687.447956][ T8200] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18168'. [ 687.466453][ T8193] ext4 filesystem being mounted at /178/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 687.656178][ T8231] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18182'. [ 687.715167][ T8229] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 687.728531][ T8229] ext4 filesystem being mounted at /582/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 687.888947][ T8248] input: syz0 as /devices/virtual/input/input16 [ 688.175164][ T8272] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 688.189619][ T8272] ext4 filesystem being mounted at /55/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 688.430104][ T8282] EXT4-fs (loop3): external journal device major/minor numbers have changed [ 688.439816][ T8282] EXT4-fs (loop3): external journal has bad superblock [ 688.700261][ T8304] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 688.747984][ T8304] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue [ 688.929508][ T4331] usb 2-1: new full-speed USB device number 42 using dummy_hcd [ 688.980286][ T8334] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 688.989382][ T8334] ext4 filesystem being mounted at /593/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 689.289563][ T4331] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 689.300533][ T4331] usb 2-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00 [ 689.309733][ T4331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.318811][ T4331] usb 2-1: config 0 descriptor?? [ 689.349488][ T8305] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 689.434900][ T8373] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 689.459817][ T8373] ext4 filesystem being mounted at /596/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 689.669512][ T4331] usbhid 2-1:0.0: can't add hid device: -71 [ 689.675549][ T4331] usbhid: probe of 2-1:0.0 failed with error -71 [ 689.696422][ T4331] usb 2-1: USB disconnect, device number 42 [ 689.807486][ T8391] netlink: 'syz.5.18254': attribute type 4 has an invalid length. [ 689.837495][ T8391] netlink: 'syz.5.18254': attribute type 17 has an invalid length. [ 689.850431][ T8391] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 689.890619][ T7227] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 690.124612][ T8408] attempt to access beyond end of device [ 690.124612][ T8408] loop1: rw=2049, want=260, limit=256 [ 690.139455][ T7227] usb 1-1: Using ep0 maxpacket: 32 [ 690.269563][ T7227] usb 1-1: config 0 has no interfaces? [ 690.429527][ T7227] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 690.438591][ T7227] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 690.468664][ T7227] usb 1-1: Product: syz [ 690.473066][ T7227] usb 1-1: Manufacturer: syz [ 690.477914][ T7227] usb 1-1: SerialNumber: syz [ 690.486075][ T7227] usb 1-1: config 0 descriptor?? [ 690.735951][ T7227] usb 1-1: USB disconnect, device number 47 [ 691.633561][ T8470] bridge0: port 1(bridge_slave_0) entered blocking state [ 691.654280][ T8470] bridge0: port 1(bridge_slave_0) entered disabled state [ 691.700143][ T8470] device bridge_slave_0 entered promiscuous mode [ 691.747191][ T8470] bridge0: port 2(bridge_slave_1) entered blocking state [ 691.799910][ T8470] bridge0: port 2(bridge_slave_1) entered disabled state [ 691.817515][ T8470] device bridge_slave_1 entered promiscuous mode [ 691.927089][ T8470] bridge0: port 2(bridge_slave_1) entered blocking state [ 691.934273][ T8470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 691.941545][ T8470] bridge0: port 1(bridge_slave_0) entered blocking state [ 691.948553][ T8470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 691.958499][ T8488] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 691.979358][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 691.986415][ T8488] ext4 filesystem being mounted at /214/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 691.997228][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 692.043931][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 692.089009][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 692.098110][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 692.105157][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 692.115366][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 692.123593][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 692.130632][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 692.170933][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 692.178912][T19322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 692.251483][ T8509] input: syz0 as /devices/virtual/input/input18 [ 692.257267][ T8470] device veth0_vlan entered promiscuous mode [ 692.274787][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 692.291175][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 692.299826][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 692.327820][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 692.343342][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 692.359946][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 692.383167][ T8470] device veth1_macvtap entered promiscuous mode [ 692.399012][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 692.409916][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 692.430743][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 692.453065][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 692.472555][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 692.487761][ T8521] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 692.498941][ T6393] device bridge_slave_1 left promiscuous mode [ 692.508358][ T6393] bridge0: port 2(bridge_slave_1) entered disabled state [ 692.540340][ T6393] device veth1_macvtap left promiscuous mode [ 692.552162][ T8521] ext4 filesystem being mounted at /72/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 692.570615][ T6393] device veth0_vlan left promiscuous mode [ 693.240694][ T8577] input: syz0 as /devices/virtual/input/input20 [ 693.277735][ T8582] netlink: 140 bytes leftover after parsing attributes in process `syz.1.18333'. [ 693.354680][ T8584] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 693.369612][ T8584] ext4 filesystem being mounted at /14/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 693.525574][ T8609] device syzkaller1 entered promiscuous mode [ 693.540887][ T8611] netlink: 24 bytes leftover after parsing attributes in process `syz.3.18346'. [ 693.550352][ T8613] netlink: 140 bytes leftover after parsing attributes in process `syz.0.18347'. [ 693.733439][ T8620] attempt to access beyond end of device [ 693.733439][ T8620] loop1: rw=2049, want=260, limit=256 [ 693.978647][ T8642] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 694.011478][ T8642] ext4 filesystem being mounted at /90/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 694.023663][ T8648] netlink: 140 bytes leftover after parsing attributes in process `syz.5.18360'. [ 694.235649][ T8676] netlink: 172 bytes leftover after parsing attributes in process `syz.0.18372'. [ 694.309160][ T8679] netlink: 140 bytes leftover after parsing attributes in process `syz.0.18374'. [ 694.630185][ T8708] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 694.659532][ T8708] ext4 filesystem being mounted at /32/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 695.053588][ T8758] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=61249 sclass=netlink_route_socket pid=8758 comm=syz.5.18408 [ 695.109811][ T8756] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 695.141974][ T8756] ext4 filesystem being mounted at /38/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 695.868467][ T8792] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 695.899553][ T8792] ext4 filesystem being mounted at /224/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 697.215159][ T8824] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 697.234693][ T8824] ext4 filesystem being mounted at /54/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 697.672661][ T24] audit: type=1400 audit(1763280186.749:1446): avc: denied { mounton } for pid=8845 comm="syz.5.18443" path="/60/file0" dev="tmpfs" ino=393 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 697.720352][ T8846] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,lazytime,,errors=continue [ 697.739539][ T8846] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 698.379284][ T8880] netlink: 140 bytes leftover after parsing attributes in process `syz.3.18458'. [ 698.628126][ T8911] netlink: 140 bytes leftover after parsing attributes in process `syz.5.18472'. [ 698.697122][ T8924] netlink: 104 bytes leftover after parsing attributes in process `syz.1.18478'. [ 698.717383][ T8921] EXT4-fs (loop3): external journal device major/minor numbers have changed [ 698.728484][ T8921] EXT4-fs (loop3): external journal has bad superblock [ 698.849757][ T8933] netlink: 172 bytes leftover after parsing attributes in process `syz.5.18481'. [ 699.004425][ T8951] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 699.050380][ T8951] EXT4-fs (loop1): 1 truncate cleaned up [ 699.056036][ T8951] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable,max_dir_size_kb=0x00000000000001ff,bsddf,noblock_validity,,errors=continue [ 699.103644][ T8951] syz.1.18491 (pid 8951) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 699.141718][ T8969] netlink: 172 bytes leftover after parsing attributes in process `syz.0.18497'. [ 699.330055][ T8984] input: syz0 as /devices/virtual/input/input22 [ 699.454449][ T8999] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18511'. [ 699.570118][ T9003] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 699.586511][ T9011] input: syz0 as /devices/virtual/input/input23 [ 699.605561][ T9003] ext4 filesystem being mounted at /84/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 699.829603][ T9033] input: syz0 as /devices/virtual/input/input24 [ 700.249497][T20932] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 700.519500][T20932] usb 1-1: Using ep0 maxpacket: 32 [ 700.669535][T20932] usb 1-1: config 0 has no interfaces? [ 700.820116][ T9109] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 700.839487][T20932] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 700.842059][ T9109] ext4 filesystem being mounted at /253/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 700.858633][T20932] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 700.877300][T20932] usb 1-1: Product: syz [ 700.881533][T20932] usb 1-1: Manufacturer: syz [ 700.890551][T20932] usb 1-1: SerialNumber: syz [ 700.895959][T20932] usb 1-1: config 0 descriptor?? [ 701.119445][ T24] audit: type=1400 audit(1763280190.189:1447): avc: denied { load_policy } for pid=9128 comm="syz.2.18571" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 701.141339][T20932] usb 1-1: USB disconnect, device number 48 [ 701.182021][ T9129] SELinux: failed to load policy [ 701.248596][ T9135] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 701.269579][ T9135] ext4 filesystem being mounted at /440/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 702.164152][ T9183] exfat: Deprecated parameter 'utf8' [ 702.175153][ T9183] exfat: Deprecated parameter 'namecase' [ 702.182959][ T9183] exfat: Deprecated parameter 'utf8' [ 702.191892][ T9183] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 702.228949][ T9183] attempt to access beyond end of device [ 702.228949][ T9183] loop3: rw=0, want=34359738496, limit=256 [ 703.271530][ T9225] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 703.289517][ T9225] EXT4-fs (loop1): external journal has bad superblock [ 703.698397][ T9243] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 703.710266][ T9243] ext4 filesystem being mounted at /111/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 703.961363][ T24] audit: type=1400 audit(1763280193.039:1448): avc: denied { connect } for pid=9272 comm="syz.5.18633" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 705.090637][ T9370] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18680'. [ 705.116725][ T9370] device bridge_slave_1 left promiscuous mode [ 705.134992][ T9370] bridge0: port 2(bridge_slave_1) entered disabled state [ 705.941733][ T9409] EXT4-fs (loop5): external journal device major/minor numbers have changed [ 705.942266][ T9418] netlink: 388 bytes leftover after parsing attributes in process `syz.3.18696'. [ 705.956003][ T9409] EXT4-fs (loop5): external journal has bad superblock [ 706.380153][ T9451] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 706.381195][ T9459] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18719'. [ 706.389165][ T9451] ext4 filesystem being mounted at /143/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 706.611413][ T24] audit: type=1401 audit(1763280195.679:1449): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 706.631226][ T9482] netlink: 172 bytes leftover after parsing attributes in process `syz.5.18730'. [ 706.863970][ T9517] netlink: 172 bytes leftover after parsing attributes in process `syz.3.18747'. [ 706.987384][ T9527] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 707.006969][ T9527] ext4 filesystem being mounted at /160/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 707.252038][ T9558] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 707.609586][T20932] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 707.634809][ T9594] netlink: 140 bytes leftover after parsing attributes in process `syz.5.18783'. [ 707.849446][T20932] usb 2-1: Using ep0 maxpacket: 16 [ 707.969534][T20932] usb 2-1: config 1 has an invalid interface number: 64 but max is 0 [ 707.988826][T20932] usb 2-1: config 1 has no interface number 0 [ 708.034981][ T9618] netlink: 140 bytes leftover after parsing attributes in process `syz.2.18794'. [ 708.159982][T20932] usb 2-1: New USB device found, idVendor=19d2, idProduct=ffbf, bcdDevice=68.78 [ 708.172480][T20932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.194733][T20932] usb 2-1: Product: syz [ 708.199067][T20932] usb 2-1: Manufacturer: syz [ 708.215264][T20932] usb 2-1: SerialNumber: syz [ 708.550375][T20932] usb 2-1: USB disconnect, device number 43 [ 708.791724][ T4332] usb 1-1: new full-speed USB device number 49 using dummy_hcd [ 709.149511][ T4332] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 709.164555][ T4332] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 709.329578][ T4332] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 709.348786][ T4332] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 709.358857][ T4332] usb 1-1: Product: syz [ 709.367385][ T4332] usb 1-1: Manufacturer: syz [ 709.372166][ T4332] usb 1-1: SerialNumber: syz [ 709.428365][ T24] audit: type=1400 audit(1763280198.499:1450): avc: denied { watch watch_reads } for pid=9751 comm="syz.3.18855" path="/314/bus" dev="incremental-fs" ino=1954 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 709.453602][ T24] audit: type=1400 audit(1763280198.529:1451): avc: denied { setattr } for pid=9751 comm="syz.3.18855" name="bus" dev="incremental-fs" ino=1959 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 709.482765][ T6287] ------------[ cut here ]------------ [ 709.488432][ T6287] WARNING: CPU: 1 PID: 6287 at fs/inode.c:304 drop_nlink+0xc5/0x110 [ 709.496580][ T6287] Modules linked in: [ 709.500525][ T6287] CPU: 1 PID: 6287 Comm: syz-executor Not tainted syzkaller #0 [ 709.508303][ T6287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 709.518487][ T6287] RIP: 0010:drop_nlink+0xc5/0x110 [ 709.523665][ T6287] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 93 22 f2 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 bb 30 b8 ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 709.543377][ T6287] RSP: 0018:ffffc90001b37cd0 EFLAGS: 00010293 [ 709.549468][ T6287] RAX: ffffffff81ab74e5 RBX: ffff888119be1280 RCX: ffff88810ca1bb40 [ 709.557498][ T6287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 709.565535][ T6287] RBP: ffffc90001b37cf8 R08: 0000000000000004 R09: 0000000000000003 [ 709.573566][ T6287] R10: fffff52000366f88 R11: 1ffff92000366f88 R12: dffffc0000000000 [ 709.581671][ T6287] R13: 1ffff1102337c259 R14: ffff888119be12c8 R15: 0000000000000000 [ 709.589879][ T6287] FS: 000055555d99d500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 709.598900][ T6287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 709.605652][ T6287] CR2: 000000110c3136a6 CR3: 00000001391cb000 CR4: 00000000003526a0 [ 709.613861][ T6287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 709.624016][ T6287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 709.632189][ T6287] Call Trace: [ 709.635497][ T6287] shmem_rmdir+0x5b/0x90 [ 709.640628][ T6287] vfs_rmdir+0x1b3/0x3e0 [ 709.644970][ T6287] incfs_kill_sb+0xfe/0x210 [ 709.649516][ T6287] deactivate_locked_super+0xa0/0x100 [ 709.654932][ T6287] deactivate_super+0xaf/0xe0 [ 709.659682][ T6287] cleanup_mnt+0x446/0x500 [ 709.664108][ T6287] __cleanup_mnt+0x19/0x20 [ 709.668522][ T6287] task_work_run+0x127/0x190 [ 709.673190][ T6287] exit_to_user_mode_loop+0xcb/0xe0 [ 709.678416][ T6287] exit_to_user_mode_prepare+0x76/0xa0 [ 709.684692][ T6287] syscall_exit_to_user_mode+0x1d/0x40 [ 709.690190][ T6287] do_syscall_64+0x3d/0x40 [ 709.694623][ T6287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 709.699978][ T4332] usb 1-1: cannot find UAC_HEADER [ 709.700648][ T6287] RIP: 0033:0x7ff7d9a9a9f7 [ 709.705596][ T4332] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 709.709950][ T6287] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 709.709957][ T6287] RSP: 002b:00007ffc0da85288 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 709.709970][ T6287] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff7d9a9a9f7 [ 709.709977][ T6287] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc0da85340 [ 709.709985][ T6287] RBP: 00007ffc0da85340 R08: 0000000000000000 R09: 0000000000000000 [ 709.709992][ T6287] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc0da863d0 [ 709.709999][ T6287] R13: 00007ff7d9b1bd7d R14: 00000000000ad351 R15: 00007ffc0da86410 [ 709.710012][ T6287] ---[ end trace af1a64f3df8aa423 ]--- [ 709.722010][ T4332] usb 1-1: USB disconnect, device number 49 [ 709.747858][ T6287] ================================================================== [ 709.804382][ T6287] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 709.810610][ T6287] Write of size 4 at addr 0000000000000170 by task syz-executor/6287 [ 709.818652][ T6287] [ 709.820973][ T6287] CPU: 1 PID: 6287 Comm: syz-executor Tainted: G W syzkaller #0 [ 709.829882][ T6287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 709.839921][ T6287] Call Trace: [ 709.843207][ T6287] __dump_stack+0x21/0x24 [ 709.847537][ T6287] dump_stack_lvl+0x169/0x1d8 [ 709.852273][ T6287] ? thaw_kernel_threads+0x220/0x220 [ 709.857534][ T6287] ? show_regs_print_info+0x18/0x18 [ 709.862705][ T6287] ? _raw_spin_lock+0x8e/0xe0 [ 709.867357][ T6287] ? _raw_spin_trylock_bh+0x130/0x130 [ 709.872705][ T6287] ? ihold+0x20/0x60 [ 709.876571][ T6287] kasan_report+0xd8/0x130 [ 709.880959][ T6287] ? ihold+0x20/0x60 [ 709.884824][ T6287] kasan_check_range+0x280/0x290 [ 709.889730][ T6287] __kasan_check_write+0x14/0x20 [ 709.894638][ T6287] ihold+0x20/0x60 [ 709.898330][ T6287] vfs_rmdir+0x247/0x3e0 [ 709.902547][ T6287] incfs_kill_sb+0xfe/0x210 [ 709.907021][ T6287] deactivate_locked_super+0xa0/0x100 [ 709.912363][ T6287] deactivate_super+0xaf/0xe0 [ 709.917011][ T6287] cleanup_mnt+0x446/0x500 [ 709.921409][ T6287] __cleanup_mnt+0x19/0x20 [ 709.925803][ T6287] task_work_run+0x127/0x190 [ 709.930721][ T6287] exit_to_user_mode_loop+0xcb/0xe0 [ 709.935904][ T6287] exit_to_user_mode_prepare+0x76/0xa0 [ 709.941340][ T6287] syscall_exit_to_user_mode+0x1d/0x40 [ 709.946771][ T6287] do_syscall_64+0x3d/0x40 [ 709.951170][ T6287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 709.957030][ T6287] RIP: 0033:0x7ff7d9a9a9f7 [ 709.961447][ T6287] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 709.981025][ T6287] RSP: 002b:00007ffc0da85288 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 709.989408][ T6287] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff7d9a9a9f7 [ 709.997351][ T6287] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc0da85340 [ 710.005299][ T6287] RBP: 00007ffc0da85340 R08: 0000000000000000 R09: 0000000000000000 [ 710.013245][ T6287] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc0da863d0 [ 710.021198][ T6287] R13: 00007ff7d9b1bd7d R14: 00000000000ad351 R15: 00007ffc0da86410 [ 710.029145][ T6287] ================================================================== [ 710.037185][ T6287] Disabling lock debugging due to kernel taint [ 710.043665][ T6287] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 710.045636][ T24] audit: type=1400 audit(1763280199.119:1452): avc: denied { read } for pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 710.051455][ T6287] #PF: supervisor write access in kernel mode [ 710.051460][ T6287] #PF: error_code(0x0002) - not-present page [ 710.051473][ T6287] PGD 1165e6067 P4D 1165e6067 PUD 0 [ 710.051492][ T6287] Oops: 0002 [#1] PREEMPT SMP KASAN [ 710.051507][ T6287] CPU: 0 PID: 6287 Comm: syz-executor Tainted: G B W syzkaller #0 [ 710.073585][ T24] audit: type=1400 audit(1763280199.119:1453): avc: denied { search } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 710.079492][ T6287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 710.079508][ T6287] RIP: 0010:ihold+0x26/0x60 [ 710.079524][ T6287] Code: 00 00 00 00 55 48 89 e5 41 56 53 48 89 fb e8 d1 28 b8 ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 80 1a f2 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 51 [ 710.086053][ T24] audit: type=1400 audit(1763280199.119:1454): avc: denied { write } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 710.090725][ T6287] RSP: 0018:ffffc90001b37d10 EFLAGS: 00010246 [ 710.090735][ T6287] RAX: ffff88810ca1bb00 RBX: 0000000000000000 RCX: 0000000000000286 [ 710.090741][ T6287] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 710.090754][ T6287] RBP: ffffc90001b37d20 R08: 0000000000000004 R09: 0000000000000003 [ 710.096191][ T24] audit: type=1400 audit(1763280199.119:1455): avc: denied { add_name } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 710.104828][ T6287] R10: fffffbfff0d8ee48 R11: 1ffffffff0d8ee48 R12: 1ffff11026a33e8e [ 710.104834][ T6287] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 710.104843][ T6287] FS: 000055555d99d500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 710.104856][ T6287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 710.126586][ T24] audit: type=1400 audit(1763280199.119:1456): avc: denied { create } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 710.136283][ T6287] CR2: 0000000000000170 CR3: 00000001391cb000 CR4: 00000000003506b0 [ 710.136293][ T6287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 710.136299][ T6287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 710.136302][ T6287] Call Trace: [ 710.136316][ T6287] vfs_rmdir+0x247/0x3e0 [ 710.136334][ T6287] incfs_kill_sb+0xfe/0x210 [ 710.141121][ T24] audit: type=1400 audit(1763280199.119:1457): avc: denied { append open } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 710.160399][ T6287] deactivate_locked_super+0xa0/0x100 [ 710.160408][ T6287] deactivate_super+0xaf/0xe0 [ 710.160418][ T6287] cleanup_mnt+0x446/0x500 [ 710.160434][ T6287] __cleanup_mnt+0x19/0x20 [ 710.181978][ T24] audit: type=1400 audit(1763280199.119:1458): avc: denied { getattr } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 710.187728][ T6287] task_work_run+0x127/0x190 [ 710.388864][ T6287] exit_to_user_mode_loop+0xcb/0xe0 [ 710.394033][ T6287] exit_to_user_mode_prepare+0x76/0xa0 [ 710.399463][ T6287] syscall_exit_to_user_mode+0x1d/0x40 [ 710.404890][ T6287] do_syscall_64+0x3d/0x40 [ 710.409283][ T6287] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 710.415179][ T6287] RIP: 0033:0x7ff7d9a9a9f7 [ 710.419567][ T6287] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 710.439234][ T6287] RSP: 002b:00007ffc0da85288 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 710.447714][ T6287] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff7d9a9a9f7 [ 710.455658][ T6287] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc0da85340 [ 710.463599][ T6287] RBP: 00007ffc0da85340 R08: 0000000000000000 R09: 0000000000000000 [ 710.471541][ T6287] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc0da863d0 [ 710.479490][ T6287] R13: 00007ff7d9b1bd7d R14: 00000000000ad351 R15: 00007ffc0da86410 [ 710.487431][ T6287] Modules linked in: [ 710.491298][ T6287] CR2: 0000000000000170 [ 710.495431][ T6287] ---[ end trace af1a64f3df8aa424 ]--- [ 710.500864][ T6287] RIP: 0010:ihold+0x26/0x60 [ 710.505336][ T6287] Code: 00 00 00 00 55 48 89 e5 41 56 53 48 89 fb e8 d1 28 b8 ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 80 1a f2 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 51 [ 710.524915][ T6287] RSP: 0018:ffffc90001b37d10 EFLAGS: 00010246 [ 710.530952][ T6287] RAX: ffff88810ca1bb00 RBX: 0000000000000000 RCX: 0000000000000286 [ 710.538897][ T6287] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 710.546837][ T6287] RBP: ffffc90001b37d20 R08: 0000000000000004 R09: 0000000000000003 [ 710.554782][ T6287] R10: fffffbfff0d8ee48 R11: 1ffffffff0d8ee48 R12: 1ffff11026a33e8e [ 710.562722][ T6287] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 710.570664][ T6287] FS: 000055555d99d500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 710.579561][ T6287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 710.586112][ T6287] CR2: 0000000000000170 CR3: 00000001391cb000 CR4: 00000000003506b0 [ 710.594056][ T6287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 710.602001][ T6287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 710.609943][ T6287] Kernel panic - not syncing: Fatal exception [ 710.616192][ T6287] Kernel Offset: disabled [ 710.620499][ T6287] Rebooting in 86400 seconds..