last executing test programs: 9.806109647s ago: executing program 2 (id=546): dup(0xffffffffffffffff) r0 = openat$incfs(0xffffffffffffffff, &(0x7f00000001c0)='.log\x00', 0x0, 0x130) read$FUSE(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r4, 0x0, r3, 0x0, 0x6, 0x0) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r2, r5, 0x7ffffffc, 0x7) 8.569145891s ago: executing program 2 (id=552): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x80, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) 5.927948813s ago: executing program 2 (id=555): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x10, 0x6, &(0x7f0000000580)=ANY=[@ANYBLOB="050000000000000071114500000000008510000002000000850000000000000095000000000000009500a50500000000e286bbf946957b6a5c11f4497d32c46b50142ee70e0e47d6e554517a10f3571cc22a6a3d05a60cf72942de930f7e5a96df225eb5edc551439e0abdf620a7104b5e0eca500271a4533996170f0ae2ff89158ee7b6d8af763091c6158a780ff1e4c668da2fed23be552a59672acfaae9b94d900e1d1a2cf110799781d92cf29f29c4c6c979da63e236b62dcdd83a67bdd6a2d9ad4c28f9e5cebe55a77128c16bedb1fd718e9375ba4fcddf2a1e9b57b06d2285bad6862cc395c0b49a50a4d3775f87ba9527"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x6}, 0x70) r0 = open_tree(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x89901) move_mount(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x7e, &(0x7f00000004c0)={@link_local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53aff", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x2080}}]}]}}}}}}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c0000001000190026bd7000feffffff00000000", @ANYRES32=0x0, @ANYBLOB="a4250100000000001400030076657468315f746f5f7465616d000000140014006970365f7674693000000000001f000014001680100001800c0009"], 0x5c}}, 0x80) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@newlink={0x2c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r2, 0x21eae, 0x162}, [@IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000180)={'ip_vti0\x00', &(0x7f0000000100)={'sit0\x00', r2, 0x8, 0x40, 0x0, 0x3, {{0x15, 0x4, 0x3, 0x9, 0x54, 0x68, 0x0, 0xf, 0x4, 0x0, @loopback, @rand_addr=0x64010102, {[@ra={0x94, 0x4}, @lsrr={0x83, 0xb, 0xeb, [@dev={0xac, 0x14, 0x14, 0x31}, @multicast1]}, @timestamp_addr={0x44, 0x24, 0xe, 0x1, 0x5, [{@rand_addr=0x64010100, 0x6}, {@empty, 0x2}, {@multicast1, 0x4}, {@rand_addr=0x64010100, 0x4}]}, @noop, @ra={0x94, 0x4}, @noop, @ra={0x94, 0x4}]}}}}}) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000006b113a00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000001f80)={[{@nogrpid}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@noquota}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@dioread_lock}, {@resuid}, {@bh}, {@dioread_nolock}]}, 0x5, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") listxattr(&(0x7f00000000c0)='./file1\x00', 0x0, 0x300) 5.765097897s ago: executing program 0 (id=557): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000440)={'#! ', '', [{0x20, '[\\'}, {0x20, '\xe976\x8c\x97H\xf6*\x9d\xfe\xf0\xc17e\xda\x9e\x9cy\xa0\xebn\xa6\x9f8\xf4\xd7\xe9}27\x8a]\xbf\xb4\xf9\xb8W\xf8\xb8\aY}0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=@delchain={0x24, 0x2a, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x6}, {0x0, 0xffff}}}, 0x24}}, 0x0) 4.939514453s ago: executing program 0 (id=563): r0 = socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000025c0)=@nat={'nat\x00', 0x62, 0x5, 0x1438, 0x1170, 0x10c8, 0xffffffff, 0x10c8, 0x1170, 0x13a0, 0x13a0, 0xffffffff, 0x13a0, 0x13a0, 0x5, 0x0, {[{{@ip={@multicast2, @dev={0xac, 0x14, 0x14, 0x29}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00', {0xff}}, 0x0, 0x10a0, 0x10c8, 0x0, {0x22e}, [@common=@unspec=@cgroup1={{0x1030}, {0xfd, 0x1, 0x0, 0x0, './cgroup.net/syz0\x00', 0x9, {0x100040001}}}]}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x3, 0x6}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x10, @private=0xa010100, @broadcast, @gre_key=0x7, @port=0x4e23}}}}, {{@ip={@broadcast, @rand_addr=0x64010100, 0x0, 0x0, 'veth1_to_team\x00', 'syzkaller1\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key, @icmp_id}}}}, {{@ip={@remote, @dev, 0x0, 0x0, 'pimreg1\x00', 'netdevsim0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@unspec=@ipvs={{0x48}, {@ipv4=@empty, [0xff000000, 0xffffff00, 0xff, 0xffffffff], 0x4e24, 0x73, 0x1, 0x4e22, 0x8, 0x23}}, @common=@icmp={{0x28}, {0x0, "6e82"}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x1498) 4.821937735s ago: executing program 1 (id=564): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000180)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0) 4.507883851s ago: executing program 1 (id=565): socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff]}) 4.483821872s ago: executing program 3 (id=567): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$sndctrl(0x0, 0x1ff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0x31, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001000390400"/20, @ANYRES32=r4, @ANYBLOB="059900f3ffffff111800128008000100677470000c000280050005"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x8000) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 3.819671175s ago: executing program 2 (id=568): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@get={0xe0, 0x13, 0x1, 0x70bd26, 0x25dfdbff, {{'sha256\x00'}, '\x00', '\x00', 0x400, 0x2000}}, 0xe0}, 0x1, 0x0, 0x0, 0x4001}, 0x0) 3.760727146s ago: executing program 1 (id=569): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0x1, 0x5479, 0x103d, 0x200000000006, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x8000000000005, 0x800000068], 0x2000, 0x80cd4}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xb, 0x5, 0x10001, 0xa, 0x1, 0xffffffffffffffff, 0x3}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.759966836s ago: executing program 0 (id=570): syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000a80)='./file1\x00', 0x2800810, &(0x7f00000025c0)=ANY=[@ANYRES16], 0x3, 0x15d, &(0x7f0000000f00)="$eJzs27+KE1EUB+AzJmrUJrVYDNhYBbWyVCSCOKAoKbRSiDaJBEwzWgWfxNaHEyRVCuGKzpLshoRl/8zO7ub7mhz4ccM9xZ3LGZj3dz6PhpPpp8mreXSyLNqPI49FFt24Eq2ozAIAuEwWKcXvlFK6PosbPyKl1PSOAIC6uf8BYPccev8/amhjAEBtzP8AsHvevH334klR9F/neSfi16wclIPqt8qfPS/69/P/uqtV87IctJb5gyrPD+ZX4+Ze/nBjfi3u3a3yf9nTl8VafiuG9bcPAAAAO6GXL22c73u9bXlV7Xs/sDa/t+N2+8zaAACOYPr12+jDePzxi0JxQYs/KaVjLP/+szoC56SL0y2yiDjZ/zT9ZALqtjr0Te8EAAAAAAAAAAAAAADYpt6vkVpNtwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb/Q0AAP//LjxONw==") syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x4002, 0x0, 0x1, 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x2045090, 0x0, 0xfe, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]}) syz_mount_image$fuse(0x0, 0x0, 0x3242cac, 0x0, 0xff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0xec37}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0xc000802) r3 = socket(0x11, 0x2, 0x10001) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000180)=@ethtool_sfeatures={0x3b, 0x2, [{0xae9, 0x8}, {0x11, 0x30000080}]}}) 2.585259839s ago: executing program 2 (id=571): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000080)={0x5, 0x8, 0x9}) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffffd, @loopback, 0x3681}, 0x1c) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0x20, &(0x7f0000000000)={@in6={{0xa, 0x4e22, 0x7, @local, 0x7}}, 0x0, 0x0, 0x3a, 0x0, "a30b3b28af4d2f246a016542daa845f387713f4048ff2ece1e75f1fc0100f41e4de6256109383664417165bba0dd5ace522fa788000000000033035551502f07b4001a00"}, 0xd8) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, r0, 0xe4776000) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e62, 0x1ff, @loopback, 0x23}, 0x1c) timer_create(0x1, &(0x7f0000000240)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d036ae269b2, 0x8031, 0xffffffffffffffff, 0x0) 2.58217203s ago: executing program 3 (id=579): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x200}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x1f}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0) 2.499026241s ago: executing program 0 (id=572): socket$inet6(0xa, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28) recvfrom$inet6(r0, &(0x7f0000000400)=""/217, 0xd9, 0x120, 0x0, 0x0) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x936, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r1, 0x47b6, 0x800000, 0x0, 0x0, 0x0) shutdown(r0, 0x0) 2.471048921s ago: executing program 1 (id=573): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)=ANY=[@ANYBLOB="020100000e000000000000000000000005000600000000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000fe8092d59736ee0f2c880000000000bb0000000000ebff000200130003"], 0x70}}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_open_procfs(0x0, 0x0) fchown(r1, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0xb, 0x0, @val=@netfilter={0x0, 0x1, 0x5, 0x1}}, 0x20) socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0xfffffffffffffffc, 0x0, 0x0, 0x1000000000}, 0x0, 0x0, 0x1}, {{@in=@private, 0x0, 0x3c}, 0xa, @in=@multicast2, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0x1001}}, 0xe8) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) io_uring_setup(0x10728, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) 2.111714839s ago: executing program 0 (id=574): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0) ptrace(0x10, r0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f0000000180)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r1}, 0x10) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0xa}], 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x10) ptrace$getregset(0x4204, r0, 0x201, &(0x7f0000000440)={0x0}) syz_usb_connect(0x5, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x201, 0x0, 0xa6, 0xcf, 0x10, 0x4e6, 0xa, 0x200, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x1c, 0x0, 0x64, [{{0x9, 0x4, 0x30, 0x2, 0x0, 0xf9, 0x9b, 0x5f, 0x5}}]}}]}}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0}) 1.379424403s ago: executing program 3 (id=575): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000740)={[{@test_dummy_encryption}, {@i_version}, {@noblock_validity}, {@commit={'commit', 0x3d, 0x5}}, {@inlinecrypt}, {@max_batch_time}, {@abort}, {@auto_da_alloc}, {@lazytime}, {@noauto_da_alloc}, {@block_validity}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) fdatasync(r0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=ANY=[], 0xe0}}], 0x1, 0x20000000) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r0, 0x81ff) 731.900445ms ago: executing program 3 (id=576): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000006c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) syz_usb_disconnect(0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 731.074466ms ago: executing program 1 (id=585): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40e00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r2 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000000)='\x00', &(0x7f0000000440)="21cb", 0x2) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000100)=""/161, 0xd8}], 0x1) tkill(r2, 0xb) 0s ago: executing program 1 (id=577): openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=@ipv6_getaddr={0x18, 0x16, 0x1, 0x70bd27, 0x25dfdbfc, {0xa, 0x0, 0x91}}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ff6000/0xa000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fanotify_init(0x40, 0x800) fanotify_mark(r1, 0x1, 0x48001013, r0, 0x0) r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x8, 0xc1}) setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)={0x2, [0x5, 0x2], 0x1ff}, 0x10) writev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2) pipe(&(0x7f0000000000)) io_uring_enter(r2, 0x2219, 0xcf74, 0x16, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts. [ 81.822454][ T5775] cgroup: Unknown subsys name 'net' [ 81.937236][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.674186][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.337696][ T5789] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.350224][ T5794] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.359777][ T5797] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.370032][ T5797] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.387616][ T5797] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.395514][ T5797] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.415189][ T5798] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.424167][ T5797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.424567][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.440351][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.449164][ T5797] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.450240][ T5798] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.464803][ T5798] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.467169][ T5797] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.472863][ T5798] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.480175][ T5801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.487538][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.493563][ T5797] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.502171][ T5801] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.515779][ T5801] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.523739][ T5801] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.525641][ T5797] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.541813][ T5797] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.551539][ T5797] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.096102][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 86.233142][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 86.259132][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 86.270580][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 86.293889][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.301255][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.308979][ T5791] bridge_slave_0: entered allmulticast mode [ 86.316479][ T5791] bridge_slave_0: entered promiscuous mode [ 86.331310][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.338545][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.345960][ T5791] bridge_slave_1: entered allmulticast mode [ 86.353343][ T5791] bridge_slave_1: entered promiscuous mode [ 86.474994][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.504510][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.605599][ T5791] team0: Port device team_slave_0 added [ 86.613975][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.621921][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.629754][ T5788] bridge_slave_0: entered allmulticast mode [ 86.637551][ T5788] bridge_slave_0: entered promiscuous mode [ 86.644880][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.652196][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.659480][ T5790] bridge_slave_0: entered allmulticast mode [ 86.666810][ T5790] bridge_slave_0: entered promiscuous mode [ 86.685792][ T5791] team0: Port device team_slave_1 added [ 86.704607][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.712103][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.719458][ T5788] bridge_slave_1: entered allmulticast mode [ 86.727883][ T5788] bridge_slave_1: entered promiscuous mode [ 86.734642][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.741907][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.749197][ T5790] bridge_slave_1: entered allmulticast mode [ 86.756314][ T5790] bridge_slave_1: entered promiscuous mode [ 86.825830][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.833187][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.840663][ T5785] bridge_slave_0: entered allmulticast mode [ 86.847900][ T5785] bridge_slave_0: entered promiscuous mode [ 86.856090][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.864041][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.890358][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.905076][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.918265][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.943083][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.953613][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.961097][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.968638][ T5785] bridge_slave_1: entered allmulticast mode [ 86.975620][ T5785] bridge_slave_1: entered promiscuous mode [ 86.983788][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.990899][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.017373][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.048717][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.137213][ T5788] team0: Port device team_slave_0 added [ 87.147259][ T5788] team0: Port device team_slave_1 added [ 87.168864][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.182035][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.234023][ T5790] team0: Port device team_slave_0 added [ 87.258970][ T5791] hsr_slave_0: entered promiscuous mode [ 87.270981][ T5791] hsr_slave_1: entered promiscuous mode [ 87.285466][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.299291][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.331161][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.344780][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.352386][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.379236][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.392894][ T5790] team0: Port device team_slave_1 added [ 87.478094][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.485124][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.511648][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.527019][ T5785] team0: Port device team_slave_0 added [ 87.564415][ T5785] team0: Port device team_slave_1 added [ 87.577560][ T5794] Bluetooth: hci3: command tx timeout [ 87.577579][ T5797] Bluetooth: hci1: command tx timeout [ 87.577880][ T5797] Bluetooth: hci2: command tx timeout [ 87.583508][ T51] Bluetooth: hci0: command tx timeout [ 87.608569][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.615580][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.648135][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.799257][ T5788] hsr_slave_0: entered promiscuous mode [ 87.811390][ T5788] hsr_slave_1: entered promiscuous mode [ 87.817983][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.825925][ T5788] Cannot create hsr debugfs directory [ 87.836872][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.843992][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.870262][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.907627][ T5790] hsr_slave_0: entered promiscuous mode [ 87.914442][ T5790] hsr_slave_1: entered promiscuous mode [ 87.921178][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.928979][ T5790] Cannot create hsr debugfs directory [ 87.935289][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.942807][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.968925][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.090015][ T5785] hsr_slave_0: entered promiscuous mode [ 88.098602][ T5785] hsr_slave_1: entered promiscuous mode [ 88.105047][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.113916][ T5785] Cannot create hsr debugfs directory [ 88.452368][ T5791] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.479641][ T5791] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.490869][ T5791] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.519945][ T5791] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.565884][ T5788] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.594328][ T5788] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.605291][ T5788] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.617329][ T5788] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.728846][ T5785] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.743603][ T5785] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.754989][ T5785] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.794522][ T5785] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.892876][ T5790] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.915318][ T5790] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.925942][ T5790] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.938696][ T5790] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.991792][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.033880][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.054923][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.084841][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.092333][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.152506][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.163094][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.170353][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.206563][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.213887][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.232418][ T2999] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.239649][ T2999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.305566][ T5791] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 89.316962][ T5791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.431525][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.489272][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.520611][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.599245][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.613967][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.621224][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.656884][ T51] Bluetooth: hci0: command tx timeout [ 89.656900][ T5797] Bluetooth: hci3: command tx timeout [ 89.662346][ T51] Bluetooth: hci2: command tx timeout [ 89.668390][ T5797] Bluetooth: hci1: command tx timeout [ 89.688159][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.695385][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.726098][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.733378][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.744095][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.751430][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.821997][ T5790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.900363][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.074846][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.129714][ T5791] veth0_vlan: entered promiscuous mode [ 90.204878][ T5791] veth1_vlan: entered promiscuous mode [ 90.295186][ T5791] veth0_macvtap: entered promiscuous mode [ 90.313170][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.331755][ T5791] veth1_macvtap: entered promiscuous mode [ 90.342370][ T5788] veth0_vlan: entered promiscuous mode [ 90.371643][ T5788] veth1_vlan: entered promiscuous mode [ 90.409038][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.430660][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.440235][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.474441][ T5791] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.483613][ T5791] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.492893][ T5791] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.502057][ T5791] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.539459][ T5788] veth0_macvtap: entered promiscuous mode [ 90.561638][ T5788] veth1_macvtap: entered promiscuous mode [ 90.654304][ T5790] veth0_vlan: entered promiscuous mode [ 90.674799][ T5785] veth0_vlan: entered promiscuous mode [ 90.692849][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.708965][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.724733][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.766655][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.779705][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.792200][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.804420][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.820217][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.871782][ T5788] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.881045][ T5788] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.891838][ T5788] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.900887][ T5788] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.914737][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.916681][ T5790] veth1_vlan: entered promiscuous mode [ 90.929396][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.941090][ T5785] veth1_vlan: entered promiscuous mode [ 91.014965][ T5785] veth0_macvtap: entered promiscuous mode [ 91.055118][ T5785] veth1_macvtap: entered promiscuous mode [ 91.113418][ T5790] veth0_macvtap: entered promiscuous mode [ 91.170517][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.189560][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.199890][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.213216][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.229895][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.260341][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.272316][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.282294][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.292878][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.305801][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.317201][ T5790] veth1_macvtap: entered promiscuous mode [ 91.340980][ T2999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.367878][ T2999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.401371][ T5785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.422095][ T5785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.441989][ T5785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.456520][ T5785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.522087][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.533911][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.545089][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.556052][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.566452][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.578686][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.592159][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.602650][ T2999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.610324][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.625584][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.627251][ T2999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.640492][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.664901][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.676617][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.687539][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.699984][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.744937][ T51] Bluetooth: hci2: command tx timeout [ 91.749531][ T5789] Bluetooth: hci1: command tx timeout [ 91.750720][ T51] Bluetooth: hci3: command tx timeout [ 91.755985][ T5789] Bluetooth: hci0: command tx timeout [ 91.810648][ T5790] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.831880][ T5790] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.844604][ T5790] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.856624][ T5790] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.017903][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.025820][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.123589][ T28] audit: type=1326 audit(1757638721.094:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9738eba9 code=0x7ffc0000 [ 92.166641][ T2999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.184751][ T2999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.204040][ T28] audit: type=1326 audit(1757638721.094:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9738eba9 code=0x7ffc0000 [ 92.238120][ T28] audit: type=1326 audit(1757638721.094:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9738eba9 code=0x7ffc0000 [ 92.278728][ T28] audit: type=1326 audit(1757638721.094:2): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9738eba9 code=0x7ffc0000 [ 92.287234][ T5889] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6'. [ 92.317870][ T28] audit: type=1326 audit(1757638721.124:6): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fcf9738eba9 code=0x7ffc0000 [ 92.341551][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.361448][ T28] audit: type=1326 audit(1757638721.124:7): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9738eba9 code=0x7ffc0000 [ 92.384991][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.410715][ T789] cfg80211: failed to load regulatory.db [ 92.424107][ T28] audit: type=1326 audit(1757638721.124:8): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9738eba9 code=0x7ffc0000 [ 92.493984][ T28] audit: type=1326 audit(1757638721.124:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9738eba9 code=0x7ffc0000 [ 92.548799][ T28] audit: type=1326 audit(1757638721.124:10): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fcf9738eba9 code=0x7ffc0000 [ 92.586347][ T2999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.604428][ T28] audit: type=1326 audit(1757638721.134:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9738eba9 code=0x7ffc0000 [ 92.630348][ T2999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.096755][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.329268][ T5893] cgroup: fork rejected by pids controller in /syz1 [ 93.479483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.582352][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.620590][ T5914] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'. [ 93.818340][ T5797] Bluetooth: hci3: command tx timeout [ 93.824068][ T5797] Bluetooth: hci1: command tx timeout [ 93.831543][ T5797] Bluetooth: hci2: command tx timeout [ 93.837322][ T5797] Bluetooth: hci0: command tx timeout [ 93.887026][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.989384][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.531790][ T5946] syz.1.10[5946]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 94.553278][ T5946] loop1: detected capacity change from 0 to 64 [ 94.753762][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 94.982244][ T5951] syz.1.10: attempt to access beyond end of device [ 94.982244][ T5951] loop1: rw=0, sector=65534, nr_sectors = 2 limit=64 [ 94.996470][ T5951] Buffer I/O error on dev loop1, logical block 32767, async page read [ 95.115630][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 95.218168][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 95.227330][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.337521][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.863951][ T5955] GUP no longer grows the stack in syz.3.13 (5955): 200000004000-200000008000 (200000002000) [ 95.864976][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14'. [ 95.911148][ T5955] CPU: 1 PID: 5955 Comm: syz.3.13 Not tainted syzkaller #0 [ 95.918468][ T5955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.928617][ T5955] Call Trace: [ 95.931949][ T5955] [ 95.934931][ T5955] dump_stack_lvl+0x16c/0x230 [ 95.939682][ T5955] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 95.945369][ T5955] ? show_regs_print_info+0x20/0x20 [ 95.950627][ T5955] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 95.956336][ T5955] __get_user_pages+0xfb9/0x1470 [ 95.961400][ T5955] ? populate_vma_page_range+0x370/0x370 [ 95.967007][ T5960] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14'. [ 95.975837][ T5955] get_user_pages_remote+0x3de/0xc10 [ 95.981213][ T5955] ? get_dump_page+0x200/0x200 [ 95.986584][ T5955] __access_remote_vm+0x1ff/0x570 [ 95.991691][ T5955] ? generic_access_phys+0x650/0x650 [ 95.997037][ T5955] ? alloc_pages+0x4dc/0x740 [ 96.001707][ T5955] proc_pid_cmdline_read+0x551/0x830 [ 96.007051][ T5955] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 96.012761][ T5955] ? comm_show+0x150/0x150 [ 96.017239][ T5955] do_iter_read+0x506/0xc80 [ 96.021784][ T5955] ? comm_show+0x150/0x150 [ 96.026263][ T5955] ? vfs_iter_read+0xa0/0xa0 [ 96.030877][ T5955] ? __import_iovec+0x5f2/0x860 [ 96.035850][ T5955] ? import_iovec+0x73/0xa0 [ 96.040458][ T5955] do_preadv+0x1fa/0x330 [ 96.044741][ T5955] ? do_writev+0x410/0x410 [ 96.049205][ T5955] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 96.055225][ T5955] ? lock_chain_count+0x20/0x20 [ 96.060123][ T5955] ? lockdep_hardirqs_on+0x98/0x150 [ 96.065450][ T5955] do_syscall_64+0x55/0xb0 [ 96.069897][ T5955] ? clear_bhb_loop+0x40/0x90 [ 96.074682][ T5955] ? clear_bhb_loop+0x40/0x90 [ 96.079383][ T5955] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 96.085308][ T5955] RIP: 0033:0x7fdd5a18eba9 [ 96.089747][ T5955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.109670][ T5955] RSP: 002b:00007fdd5afe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 96.118125][ T5955] RAX: ffffffffffffffda RBX: 00007fdd5a3d5fa0 RCX: 00007fdd5a18eba9 [ 96.126127][ T5955] RDX: 0000000000000001 RSI: 0000200000000d00 RDI: 0000000000000006 [ 96.134127][ T5955] RBP: 00007fdd5a211e19 R08: 0000000000000200 R09: 0000000000000000 [ 96.142147][ T5955] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 96.150279][ T5955] R13: 00007fdd5a3d6038 R14: 00007fdd5a3d5fa0 R15: 00007fff3ef469b8 [ 96.158316][ T5955] [ 97.114744][ T5967] loop3: detected capacity change from 0 to 2048 [ 99.737987][ T5991] netlink: 34 bytes leftover after parsing attributes in process `syz.1.26'. [ 99.935521][ T5994] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 99.978891][ T5976] loop0: detected capacity change from 0 to 32768 [ 100.048173][ T5976] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.20 (5976) [ 100.160682][ T5976] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 100.183085][ T5976] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 100.224028][ T5976] BTRFS info (device loop0): force clearing of disk cache [ 100.252987][ T5976] BTRFS info (device loop0): enabling auto defrag [ 100.308826][ T5976] BTRFS info (device loop0): max_inline at 0 [ 100.411603][ T5976] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 100.563958][ T5976] BTRFS info (device loop0): force zstd compression, level 3 [ 100.592242][ T5976] BTRFS info (device loop0): using free space tree [ 100.646110][ T6006] __vm_enough_memory: pid: 6006, comm: syz.1.31, not enough memory for the allocation [ 101.576513][ T6023] loop1: detected capacity change from 0 to 128 [ 101.618101][ T6026] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.653431][ T6023] FAT-fs (loop1): bogus number of FAT sectors [ 101.675337][ T6023] FAT-fs (loop1): Can't find a valid FAT filesystem [ 101.690624][ T5976] BTRFS error (device loop0): open_ctree failed: -4 [ 101.770059][ T5786] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 101.896470][ T6023] netlink: 20 bytes leftover after parsing attributes in process `syz.1.33'. [ 101.937793][ T6023] netlink: 16 bytes leftover after parsing attributes in process `syz.1.33'. [ 102.221101][ T6033] loop1: detected capacity change from 0 to 256 [ 102.240519][ T6033] ======================================================= [ 102.240519][ T6033] WARNING: The mand mount option has been deprecated and [ 102.240519][ T6033] and is ignored by this kernel. Remove the mand [ 102.240519][ T6033] option from the mount to silence this warning. [ 102.240519][ T6033] ======================================================= [ 102.342789][ T6033] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 102.362188][ T6033] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 103.359882][ T6047] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.368666][ T6047] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.393067][ T6047] bridge0: entered allmulticast mode [ 103.725410][ T6055] netlink: 24 bytes leftover after parsing attributes in process `syz.0.41'. [ 103.970790][ T6061] netlink: 'syz.0.44': attribute type 10 has an invalid length. [ 103.980334][ T6061] macvlan0: entered promiscuous mode [ 104.022044][ T6061] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 104.122519][ T6061] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.292237][ T6069] loop1: detected capacity change from 0 to 512 [ 105.351211][ T6069] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 105.417221][ T6069] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 105.471587][ T6069] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 105.503137][ T6061] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 105.561537][ T6061] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 105.580762][ T6069] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 105.618979][ T6069] EXT4-fs (loop1): 1 truncate cleaned up [ 105.635012][ T6061] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 105.647219][ T6069] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.685531][ T6061] bond0 (unregistering): Released all slaves [ 105.803191][ T6075] kvm: pic: non byte write [ 105.857963][ T6075] kvm: vcpu 0: requested 1280 ns lapic timer period limited to 200000 ns [ 105.882788][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.998862][ T6067] loop3: detected capacity change from 0 to 40427 [ 106.062984][ T6067] F2FS-fs (loop3): Image doesn't support compression [ 106.101560][ T6067] F2FS-fs (loop3): heap/no_heap options were deprecated [ 106.151807][ T6067] F2FS-fs (loop3): invalid crc value [ 106.196304][ T6067] F2FS-fs (loop3): Found nat_bits in checkpoint [ 106.349023][ T6077] Zero length message leads to an empty skb [ 106.391149][ T6067] F2FS-fs (loop3): Start checkpoint disabled! [ 106.453791][ T6067] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 106.795542][ T28] kauditd_printk_skb: 204 callbacks suppressed [ 106.795558][ T28] audit: type=1800 audit(1757638735.764:216): pid=6067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.45" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 107.624658][ T6096] syz.3.45: attempt to access beyond end of device [ 107.624658][ T6096] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 107.790408][ T6096] syz.3.45: attempt to access beyond end of device [ 107.790408][ T6096] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 107.889723][ T6098] syz.3.45: attempt to access beyond end of device [ 107.889723][ T6098] loop3: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 108.044825][ T6098] syz.3.45: attempt to access beyond end of device [ 108.044825][ T6098] loop3: rw=2049, sector=53264, nr_sectors = 8 limit=40427 [ 108.122102][ T6098] syz.3.45: attempt to access beyond end of device [ 108.122102][ T6098] loop3: rw=2049, sector=53272, nr_sectors = 8 limit=40427 [ 108.167769][ T6098] syz.3.45: attempt to access beyond end of device [ 108.167769][ T6098] loop3: rw=2049, sector=53280, nr_sectors = 8 limit=40427 [ 108.226983][ T6098] syz.3.45: attempt to access beyond end of device [ 108.226983][ T6098] loop3: rw=2049, sector=53288, nr_sectors = 8 limit=40427 [ 108.317585][ T6098] syz.3.45: attempt to access beyond end of device [ 108.317585][ T6098] loop3: rw=2049, sector=53328, nr_sectors = 8 limit=40427 [ 108.405041][ T6098] syz.3.45: attempt to access beyond end of device [ 108.405041][ T6098] loop3: rw=2049, sector=53336, nr_sectors = 8 limit=40427 [ 108.449496][ T6098] syz.3.45: attempt to access beyond end of device [ 108.449496][ T6098] loop3: rw=2049, sector=53376, nr_sectors = 8 limit=40427 [ 108.833438][ T28] audit: type=1800 audit(1757638737.804:217): pid=6067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.45" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 110.155751][ T12] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 110.204241][ T12] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 111.877215][ T6141] loop2: detected capacity change from 0 to 512 [ 111.885734][ T6141] EXT4-fs: Ignoring removed mblk_io_submit option [ 111.913134][ T6141] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 111.945081][ T6141] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 112.404211][ T6141] EXT4-fs (loop2): 1 truncate cleaned up [ 112.586922][ T6141] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.872244][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.052107][ T6152] loop2: detected capacity change from 0 to 512 [ 113.126469][ T6152] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.70: casefold flag without casefold feature [ 113.223349][ T6152] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.70: couldn't read orphan inode 15 (err -117) [ 113.262476][ T6152] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.315467][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.766006][ T6177] process 'syz.2.77' launched '/dev/fd/4' with NULL argv: empty string added [ 115.309309][ T6185] Invalid ELF header magic: != ELF [ 115.372575][ T6185] loop0: detected capacity change from 0 to 1024 [ 115.432396][ T6185] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.609310][ T6191] loop3: detected capacity change from 0 to 8192 [ 115.645051][ T6191] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 115.666516][ T6191] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 115.688575][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.721190][ T6191] REISERFS (device loop3): using journaled data mode [ 115.729184][ T6191] reiserfs: using flush barriers [ 115.767092][ T6191] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 115.849765][ T6191] REISERFS (device loop3): checking transaction log (loop3) [ 115.907073][ T6196] netlink: 12 bytes leftover after parsing attributes in process `syz.1.83'. [ 115.948412][ T6191] REISERFS (device loop3): Using r5 hash to sort names [ 115.962053][ T6191] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 116.016470][ T6191] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 116.138633][ T6196] bridge1: port 1(veth3) entered blocking state [ 116.152033][ T6196] bridge1: port 1(veth3) entered disabled state [ 116.159472][ T6196] veth3: entered allmulticast mode [ 116.169017][ T6196] veth3: entered promiscuous mode [ 116.191667][ T6202] bridge1: port 2(veth0_to_bond) entered blocking state [ 116.219338][ T6202] bridge1: port 2(veth0_to_bond) entered disabled state [ 116.250026][ T6202] veth0_to_bond: entered allmulticast mode [ 116.304811][ T6202] veth0_to_bond: entered promiscuous mode [ 117.975467][ T6236] netlink: 'syz.0.92': attribute type 1 has an invalid length. [ 117.990261][ T6236] netlink: 'syz.0.92': attribute type 4 has an invalid length. [ 117.998700][ T6236] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.92'. [ 123.640672][ T6299] loop3: detected capacity change from 0 to 128 [ 123.696553][ T6300] netlink: 4 bytes leftover after parsing attributes in process `syz.1.111'. [ 123.866790][ T28] audit: type=1800 audit(1757638752.844:218): pid=6299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.112" name="file2" dev="loop3" ino=1048600 res=0 errno=0 [ 125.971269][ T6313] loop2: detected capacity change from 0 to 512 [ 126.132287][ T6317] netlink: 12 bytes leftover after parsing attributes in process `syz.0.116'. [ 126.210906][ T6322] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 126.259218][ T6323] bond0: entered promiscuous mode [ 126.267368][ T6313] EXT4-fs (loop2): Test dummy encryption mode enabled [ 126.274220][ T6313] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 126.316063][ T6313] EXT4-fs (loop2): 1 truncate cleaned up [ 126.330168][ T6313] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.331499][ T6317] macvlan2: entered promiscuous mode [ 126.403112][ T6317] macvlan2: entered allmulticast mode [ 126.460308][ T6330] loop1: detected capacity change from 0 to 8 [ 126.476102][ T6317] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 126.481831][ T6330] SQUASHFS error: zlib decompression failed, data probably corrupt [ 126.492681][ T6330] SQUASHFS error: Failed to read block 0x9b: -5 [ 126.500281][ T6330] SQUASHFS error: Unable to read metadata cache entry [99] [ 126.513018][ T6330] SQUASHFS error: Unable to read inode 0x127 [ 126.807148][ T6331] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 126.923427][ T6339] bridge_slave_0: left allmulticast mode [ 126.931288][ T6339] bridge_slave_0: left promiscuous mode [ 126.943307][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.945339][ T6339] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.037890][ T6342] rtc_cmos 00:00: Alarms can be up to one day in the future [ 127.270893][ T6339] bridge_slave_1: left allmulticast mode [ 127.332733][ T6339] bridge_slave_1: left promiscuous mode [ 127.501202][ T6339] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.944661][ T6339] veth0_to_bond: left allmulticast mode [ 128.005889][ T6339] veth0_to_bond: left promiscuous mode [ 128.066889][ T6339] bridge1: port 2(veth0_to_bond) entered disabled state [ 128.225040][ T6339] bond0: (slave bond_slave_0): Releasing backup interface [ 128.424469][ T6339] bond0: (slave bond_slave_1): Releasing backup interface [ 128.612400][ T6339] team0: Port device team_slave_0 removed [ 128.667197][ T6339] team0: Port device team_slave_1 removed [ 128.708036][ T6339] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.720030][ T6339] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 128.737451][ T6339] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 128.750359][ T6339] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 128.802258][ T6339] veth3: left allmulticast mode [ 128.827996][ T6339] veth3: left promiscuous mode [ 128.834400][ T6339] bridge1: port 1(veth3) entered disabled state [ 128.882646][ T6346] vxcan1: entered promiscuous mode [ 128.927332][ T6346] team0: Port device vxcan1 added [ 129.470886][ T28] audit: type=1326 audit(1757638758.424:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be498eba9 code=0x7ffc0000 [ 129.533501][ T6377] trusted_key: encrypted_key: insufficient parameters specified [ 129.543424][ T28] audit: type=1326 audit(1757638758.424:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be498eba9 code=0x7ffc0000 [ 129.616792][ T28] audit: type=1326 audit(1757638758.434:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2be498eba9 code=0x7ffc0000 [ 129.670676][ T28] audit: type=1326 audit(1757638758.434:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be498eba9 code=0x7ffc0000 [ 129.732931][ T6370] netlink: 1347 bytes leftover after parsing attributes in process `syz.1.129'. [ 129.744023][ T28] audit: type=1326 audit(1757638758.434:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be498eba9 code=0x7ffc0000 [ 129.800577][ T5789] Bluetooth: hci3: Malformed Event: 0x2f [ 129.810643][ T28] audit: type=1326 audit(1757638758.494:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f2be498eba9 code=0x7ffc0000 [ 129.856395][ T28] audit: type=1326 audit(1757638758.494:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be498eba9 code=0x7ffc0000 [ 129.936328][ T28] audit: type=1326 audit(1757638758.494:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be498eba9 code=0x7ffc0000 [ 130.006534][ T28] audit: type=1326 audit(1757638758.494:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2be498eba9 code=0x7ffc0000 [ 130.059681][ T28] audit: type=1326 audit(1757638758.494:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be498eba9 code=0x7ffc0000 [ 130.091219][ T6372] loop0: detected capacity change from 0 to 32768 [ 130.187787][ T6389] netlink: 4 bytes leftover after parsing attributes in process `syz.1.135'. [ 130.203586][ T6389] warning: `syz.1.135' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 130.268256][ T6372] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 130.593343][ T6372] XFS (loop0): Ending clean mount [ 130.635229][ T6372] XFS (loop0): Quotacheck needed: Please wait. [ 131.322395][ T6372] XFS (loop0): Quotacheck: Done. [ 131.844530][ T5788] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 132.207299][ T6411] syzkaller0: entered promiscuous mode [ 132.212980][ T6411] syzkaller0: entered allmulticast mode [ 133.350009][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.358889][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.504767][ T6419] netlink: 24 bytes leftover after parsing attributes in process `syz.2.142'. [ 136.133070][ T6447] capability: warning: `syz.0.150' uses deprecated v2 capabilities in a way that may be insecure [ 136.999494][ T6448] loop2: detected capacity change from 0 to 2048 [ 137.109856][ T6448] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: writeback. [ 138.151217][ T6448] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 138.246376][ T6448] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 566 with error 28 [ 138.289895][ T6448] EXT4-fs (loop2): This should not happen!! Data will be lost [ 138.289895][ T6448] [ 138.336679][ T6448] EXT4-fs (loop2): Total free blocks count 0 [ 138.379958][ T6448] EXT4-fs (loop2): Free/Dirty block details [ 138.420630][ T6448] EXT4-fs (loop2): free_blocks=2415919104 [ 138.467609][ T6448] EXT4-fs (loop2): dirty_blocks=576 [ 138.472913][ T6448] EXT4-fs (loop2): Block reservation details [ 138.479053][ T6448] EXT4-fs (loop2): i_reserved_data_blocks=36 [ 138.646548][ T6446] loop3: detected capacity change from 0 to 32768 [ 138.670602][ T6446] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.149 (6446) [ 138.723851][ T6446] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 138.779332][ T6446] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 138.808836][ T6446] BTRFS info (device loop3): enabling auto defrag [ 138.818582][ T6446] BTRFS info (device loop3): max_inline at 0 [ 138.847863][ T6446] BTRFS info (device loop3): force clearing of disk cache [ 138.855176][ T6446] BTRFS info (device loop3): turning on sync discard [ 138.874084][ T6446] BTRFS info (device loop3): using free space tree [ 138.886607][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 138.904707][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 138.937479][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 138.967082][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 138.996452][ T1144] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 139.000711][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 139.059680][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 139.124167][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 139.186581][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 139.207456][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 139.223230][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 139.234495][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 139.255526][ T6446] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 139.482311][ T6446] BTRFS error (device loop3): open_ctree failed: -12 [ 144.370856][ T6518] Driver unsupported XDP return value 0 on prog (id 37) dev N/A, expect packet loss! [ 145.399899][ T6547] bridge_slave_0: left allmulticast mode [ 145.405903][ T6547] bridge_slave_0: left promiscuous mode [ 145.413488][ T6547] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.438637][ T6547] bridge_slave_1: left allmulticast mode [ 145.444520][ T6547] bridge_slave_1: left promiscuous mode [ 145.451637][ T6547] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.509413][ T6547] bond0: (slave bond_slave_0): Releasing backup interface [ 145.558040][ T6547] bond0: (slave bond_slave_1): Releasing backup interface [ 145.611903][ T6547] team0: Port device team_slave_0 removed [ 145.650663][ T6547] team0: Port device team_slave_1 removed [ 145.663677][ T6547] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.671481][ T6547] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.681608][ T6547] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.695711][ T6547] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 146.610791][ T6559] hub 9-0:1.0: USB hub found [ 146.617637][ T6559] hub 9-0:1.0: 1 port detected [ 147.176227][ T5789] Bluetooth: hci3: command tx timeout [ 147.402770][ T6569] syz.0.185: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 147.421634][ T6569] CPU: 1 PID: 6569 Comm: syz.0.185 Not tainted syzkaller #0 [ 147.429012][ T6569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 147.439134][ T6569] Call Trace: [ 147.442445][ T6569] [ 147.445527][ T6569] dump_stack_lvl+0x16c/0x230 [ 147.450281][ T6569] ? show_regs_print_info+0x20/0x20 [ 147.455536][ T6569] ? load_image+0x3b0/0x3b0 [ 147.460156][ T6569] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 147.466713][ T6569] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 147.473377][ T6569] warn_alloc+0x210/0x300 [ 147.477785][ T6569] ? stack_trace_save+0x9c/0xe0 [ 147.482667][ T6569] ? zone_watermark_ok_safe+0x230/0x230 [ 147.488282][ T6569] ? kasan_set_track+0x5f/0x70 [ 147.493106][ T6569] ? kasan_set_track+0x4e/0x70 [ 147.497967][ T6569] ? __kasan_kmalloc+0x8f/0xa0 [ 147.502795][ T6569] ? xsk_init_queue+0xb0/0x110 [ 147.507609][ T6569] ? xsk_setsockopt+0x43c/0x6f0 [ 147.512480][ T6569] ? do_sock_setsockopt+0x175/0x1a0 [ 147.517727][ T6569] ? __x64_sys_setsockopt+0x184/0x200 [ 147.523201][ T6569] __vmalloc_node_range+0x126/0x1320 [ 147.528589][ T6569] ? free_vm_area+0x50/0x50 [ 147.533187][ T6569] vmalloc_user+0x74/0x80 [ 147.537581][ T6569] ? xskq_create+0xbf/0x170 [ 147.542166][ T6569] xskq_create+0xbf/0x170 [ 147.546571][ T6569] xsk_init_queue+0xb0/0x110 [ 147.551224][ T6569] xsk_setsockopt+0x43c/0x6f0 [ 147.555971][ T6569] ? xsk_poll+0x670/0x670 [ 147.560445][ T6569] ? __fget_files+0x28/0x4d0 [ 147.565104][ T6569] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 147.570798][ T6569] ? security_socket_setsockopt+0x7e/0xa0 [ 147.576658][ T6569] ? xsk_poll+0x670/0x670 [ 147.581240][ T6569] do_sock_setsockopt+0x175/0x1a0 [ 147.586382][ T6569] ? __fdget+0x180/0x210 [ 147.590720][ T6569] __x64_sys_setsockopt+0x184/0x200 [ 147.595987][ T6569] do_syscall_64+0x55/0xb0 [ 147.600469][ T6569] ? clear_bhb_loop+0x40/0x90 [ 147.605267][ T6569] ? clear_bhb_loop+0x40/0x90 [ 147.610071][ T6569] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 147.616085][ T6569] RIP: 0033:0x7fcf9738eba9 [ 147.620561][ T6569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.640224][ T6569] RSP: 002b:00007fcf9820e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 147.648703][ T6569] RAX: ffffffffffffffda RBX: 00007fcf975d5fa0 RCX: 00007fcf9738eba9 [ 147.656821][ T6569] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006 [ 147.664938][ T6569] RBP: 00007fcf97411e19 R08: 0000000000000004 R09: 0000000000000000 [ 147.672967][ T6569] R10: 0000200000000500 R11: 0000000000000246 R12: 0000000000000000 [ 147.680995][ T6569] R13: 00007fcf975d6038 R14: 00007fcf975d5fa0 R15: 00007fff5c4db698 [ 147.689228][ T6569] [ 147.926958][ T6569] Mem-Info: [ 147.930325][ T6569] active_anon:5192 inactive_anon:0 isolated_anon:0 [ 147.930325][ T6569] active_file:11208 inactive_file:39878 isolated_file:0 [ 147.930325][ T6569] unevictable:0 dirty:121 writeback:24 [ 147.930325][ T6569] slab_reclaimable:10252 slab_unreclaimable:90914 [ 147.930325][ T6569] mapped:24145 shmem:1362 pagetables:517 [ 147.930325][ T6569] sec_pagetables:0 bounce:0 [ 147.930325][ T6569] kernel_misc_reclaimable:0 [ 147.930325][ T6569] free:1355667 free_pcp:9738 free_cma:0 [ 147.976163][ C0] vkms_vblank_simulate: vblank timer overrun [ 148.038243][ T6569] Node 0 active_anon:19832kB inactive_anon:0kB active_file:44832kB inactive_file:159300kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:96580kB dirty:484kB writeback:96kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11156kB pagetables:2068kB sec_pagetables:0kB all_unreclaimable? no [ 148.071500][ C0] vkms_vblank_simulate: vblank timer overrun [ 148.461244][ T6569] Node 1 active_anon:1536kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 148.492300][ C0] vkms_vblank_simulate: vblank timer overrun [ 148.777964][ T6569] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 148.902941][ T6569] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 148.923210][ T6569] Node 0 DMA32 free:1510216kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:21700kB inactive_anon:0kB active_file:44832kB inactive_file:157968kB unevictable:0kB writepending:728kB present:3129332kB managed:2589592kB mlocked:0kB bounce:0kB free_pcp:21008kB local_pcp:11820kB free_cma:0kB [ 149.166334][ T6569] lowmem_reserve[]: 0 0 1 1 1 [ 149.233231][ T6591] xt_nfacct: accounting object `syz1' does not exist [ 150.081621][ T6569] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1332kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 150.109146][ C0] vkms_vblank_simulate: vblank timer overrun [ 150.707932][ T6569] lowmem_reserve[]: 0 0 0 0 0 [ 150.712774][ T6569] Node 1 Normal free:3892864kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:1536kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:0kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20580kB local_pcp:9156kB free_cma:0kB [ 150.805224][ T6569] lowmem_reserve[]: 0 0 0 0 0 [ 150.814738][ T6569] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 150.846285][ T6569] Node 0 DMA32: 132*4kB (UM) 838*8kB (U) 405*16kB (U) 507*32kB (UM) 359*64kB (UM) 17*128kB (UM) 7*256kB (UM) 5*512kB (UM) 2*1024kB (M) 3*2048kB (ME) 349*4096kB (UM) = 1497136kB [ 150.876270][ T6569] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 150.921534][ T6569] Node 1 Normal: 232*4kB (UME) 62*8kB (UE) 41*16kB (UME) 61*32kB (UME) 19*64kB (UE) 8*128kB (UME) 1*256kB (E) 1*512kB (M) 1*1024kB (E) 1*2048kB (E) 948*4096kB (M) = 3893120kB [ 150.965484][ T6569] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 151.117276][ T6569] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 151.226786][ T6569] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 151.380719][ T6569] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 151.488633][ T6569] 52447 total pagecache pages [ 151.534403][ T6569] 0 pages in swap cache [ 151.591194][ T6569] Free swap = 124440kB [ 151.636741][ T6569] Total swap = 124996kB [ 151.686435][ T6569] 2097051 pages RAM [ 151.731756][ T6569] 0 pages HighMem/MovableOnly [ 151.788481][ T6569] 416139 pages reserved [ 151.827731][ T6569] 0 pages cma reserved [ 152.033753][ T6606] loop2: detected capacity change from 0 to 1024 [ 152.074549][ T6606] EXT4-fs: Ignoring removed orlov option [ 152.149313][ T6606] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.183971][ T28] kauditd_printk_skb: 20 callbacks suppressed [ 152.183989][ T28] audit: type=1800 audit(1757638781.154:249): pid=6606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.196" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 152.262489][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.437401][ T28] audit: type=1326 audit(1757638781.404:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.0.201" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf9738eba9 code=0x0 [ 153.168210][ T9] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 153.392120][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 153.429377][ T9] usb 2-1: config 128 has an invalid interface number: 59 but max is 0 [ 153.466260][ T9] usb 2-1: config 128 has no interface number 0 [ 153.472730][ T9] usb 2-1: config 128 interface 59 has no altsetting 0 [ 153.522263][ T9] usb 2-1: string descriptor 0 read error: -22 [ 153.542718][ T9] usb 2-1: New USB device found, idVendor=a2f1, idProduct=6ed8, bcdDevice=bc.ba [ 153.572942][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.680875][ T9] usb-storage 2-1:128.59: USB Mass Storage device detected [ 153.708491][ T5854] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 153.735830][ T6639] loop2: detected capacity change from 0 to 128 [ 153.750829][ T6639] EXT4-fs: Ignoring removed nobh option [ 154.583459][ T6639] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 154.597395][ T6639] ext4 filesystem being mounted at /53/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 154.788708][ T5854] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.827828][ T9] usb 2-1: USB disconnect, device number 2 [ 154.839806][ T5791] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 154.859932][ T5854] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.899803][ T5854] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 154.936346][ T5854] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 154.946001][ T5854] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.969400][ T5854] usb 1-1: config 0 descriptor?? [ 155.444281][ T5854] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 155.486182][ T5854] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 155.665234][ T6663] loop3: detected capacity change from 0 to 1024 [ 155.710777][ T6663] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 155.753423][ T6663] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 155.854874][ T6667] loop0: detected capacity change from 0 to 256 [ 155.892014][ T6667] FAT-fs (loop0): bogus sectors per cluster 255 [ 155.906348][ T6667] FAT-fs (loop0): Can't find a valid FAT filesystem [ 156.849729][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.313896][ T6681] netlink: 'syz.2.216': attribute type 10 has an invalid length. [ 157.443777][ T6681] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.501947][ T6681] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 157.559954][ T6682] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.567588][ T6682] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 157.576882][ T6682] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 157.585250][ T6682] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 158.226580][ T5854] usb 1-1: USB disconnect, device number 2 [ 158.258096][ T6682] bond0: (slave batadv0): Releasing backup interface [ 158.307554][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.219'. [ 159.874753][ T6700] netlink: 16 bytes leftover after parsing attributes in process `syz.1.223'. [ 160.058482][ T6706] overlayfs: missing 'workdir' [ 161.678909][ T6736] netlink: 12 bytes leftover after parsing attributes in process `syz.1.234'. [ 162.111558][ T6748] netlink: 35 bytes leftover after parsing attributes in process `syz.3.236'. [ 162.391793][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.238'. [ 162.442801][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.238'. [ 162.455239][ T6760] tipc: Started in network mode [ 162.460989][ T6760] tipc: Node identity 4, cluster identity 4711 [ 162.469290][ T6760] tipc: Node number set to 4 [ 162.476019][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.238'. [ 162.501755][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.238'. [ 162.511599][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.238'. [ 163.796881][ T6776] loop1: detected capacity change from 0 to 2048 [ 163.852435][ T6776] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: writeback. [ 163.879309][ T6780] netlink: 12 bytes leftover after parsing attributes in process `syz.0.244'. [ 164.234750][ T6776] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 164.277087][ T6776] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 136 with error 28 [ 164.299681][ T6776] EXT4-fs (loop1): This should not happen!! Data will be lost [ 164.299681][ T6776] [ 164.343742][ T6776] EXT4-fs (loop1): Total free blocks count 0 [ 164.368933][ T6776] EXT4-fs (loop1): Free/Dirty block details [ 164.386348][ T6776] EXT4-fs (loop1): free_blocks=2415919104 [ 164.396451][ T6776] EXT4-fs (loop1): dirty_blocks=144 [ 164.416449][ T6776] EXT4-fs (loop1): Block reservation details [ 164.440976][ T6776] EXT4-fs (loop1): i_reserved_data_blocks=9 [ 164.717302][ T6795] netlink: 4 bytes leftover after parsing attributes in process `syz.0.249'. [ 164.739424][ T42] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 164.947587][ T5777] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 165.192898][ T5777] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.225085][ T5777] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.250573][ T5777] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 165.275557][ T5777] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 165.296311][ T5777] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.361043][ T5777] usb 4-1: config 0 descriptor?? [ 166.026059][ T6802] loop1: detected capacity change from 0 to 128 [ 166.049136][ T6802] EXT4-fs: Ignoring removed nobh option [ 166.529790][ T6802] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 166.544740][ T6802] ext4 filesystem being mounted at /72/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 166.684620][ T5777] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 166.823472][ T5777] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 166.842608][ T5785] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 166.877516][ T5777] usb 4-1: USB disconnect, device number 2 [ 166.983274][ T6810] rtc_cmos 00:00: Alarms can be up to one day in the future [ 167.174240][ T6809] loop1: detected capacity change from 0 to 4096 [ 167.603826][ T6811] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 170.506845][ T6822] sched: RT throttling activated [ 171.819152][ T6825] netlink: 'syz.3.265': attribute type 10 has an invalid length. [ 171.832018][ T6809] syz.1.252 (6809) used greatest stack depth: 19792 bytes left [ 171.844292][ T6825] netlink: 2 bytes leftover after parsing attributes in process `syz.3.265'. [ 171.857707][ T6825] team0: entered promiscuous mode [ 171.863391][ T6825] bridge0: port 1(team0) entered blocking state [ 171.870292][ T6825] bridge0: port 1(team0) entered disabled state [ 171.877355][ T6825] team0: entered allmulticast mode [ 172.067661][ T6834] loop0: detected capacity change from 0 to 2048 [ 175.028847][ T6860] vlan2: entered promiscuous mode [ 175.140094][ T6851] loop1: detected capacity change from 0 to 32768 [ 175.252288][ T6851] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 175.495776][ T28] audit: type=1800 audit(1757638804.464:251): pid=6851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.264" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 176.756511][ T6583] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 178.090328][ T6583] usb 2-1: unable to get BOS descriptor or descriptor too short [ 178.127204][ T6583] usb 2-1: no configurations [ 178.136699][ T6583] usb 2-1: can't read configurations, error -22 [ 178.237688][ T6893] netlink: 34 bytes leftover after parsing attributes in process `syz.2.277'. [ 178.293979][ T5785] ocfs2: Unmounting device (7,1) on (node local) [ 178.616042][ T6898] netlink: 'syz.3.279': attribute type 10 has an invalid length. [ 178.679199][ T6898] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.904995][ T6909] loop2: detected capacity change from 0 to 128 [ 178.933280][ T28] audit: type=1800 audit(1757638807.904:252): pid=6909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.282" name="file2" dev="loop2" ino=1048601 res=0 errno=0 [ 178.991549][ T6909] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 179.003082][ T6909] FAT-fs (loop2): Filesystem has been set read-only [ 179.029833][ T6909] bio_check_eod: 198 callbacks suppressed [ 179.029853][ T6909] syz.2.282: attempt to access beyond end of device [ 179.029853][ T6909] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 179.066731][ T6909] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 179.077514][ T6909] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 181.532840][ T6934] loop2: detected capacity change from 0 to 32768 [ 181.546544][ T6934] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.288 (6934) [ 181.570560][ T6934] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 181.585627][ T6934] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 181.594547][ T6934] BTRFS info (device loop2): force clearing of disk cache [ 181.604213][ T6934] BTRFS info (device loop2): enabling auto defrag [ 181.612197][ T6934] BTRFS info (device loop2): max_inline at 0 [ 181.638558][ T6934] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 181.659131][ T6934] BTRFS info (device loop2): force zstd compression, level 3 [ 181.676063][ T6934] BTRFS info (device loop2): using free space tree [ 181.729497][ T6934] BTRFS info (device loop2): enabling ssd optimizations [ 181.747947][ T6934] BTRFS info (device loop2): rebuilding free space tree [ 182.076816][ T28] audit: type=1326 audit(1757638811.044:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd5a18eba9 code=0x7ffc0000 [ 182.169750][ T28] audit: type=1326 audit(1757638811.074:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd5a18eba9 code=0x7ffc0000 [ 182.176633][ T6966] netlink: 'syz.0.293': attribute type 10 has an invalid length. [ 182.205459][ T28] audit: type=1326 audit(1757638811.074:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdd5a18eba9 code=0x7ffc0000 [ 182.299028][ T28] audit: type=1326 audit(1757638811.074:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd5a18eba9 code=0x7ffc0000 [ 182.308088][ T49] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 182.342875][ T6967] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.353715][ T6967] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 182.380006][ T6967] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.383897][ T28] audit: type=1326 audit(1757638811.094:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdd5a18eba9 code=0x7ffc0000 [ 182.392352][ T6967] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 182.429504][ T28] audit: type=1326 audit(1757638811.094:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd5a18eba9 code=0x7ffc0000 [ 182.486871][ T28] audit: type=1326 audit(1757638811.094:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd5a18eba9 code=0x7ffc0000 [ 182.509421][ T28] audit: type=1326 audit(1757638811.094:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fdd5a18eba9 code=0x7ffc0000 [ 182.572714][ T28] audit: type=1326 audit(1757638811.094:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd5a18eba9 code=0x7ffc0000 [ 182.598006][ T28] audit: type=1326 audit(1757638811.094:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6963 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd5a18eba9 code=0x7ffc0000 [ 182.628037][ T5791] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 183.148235][ T6978] binder_alloc: 6977: pid 6977 spamming oneway? 2 buffers allocated for a total size of 5120 [ 183.466647][ T6985] xt_nat: multiple ranges no longer supported [ 185.674859][ T5854] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 186.196522][ T5854] usb 4-1: Using ep0 maxpacket: 32 [ 186.327179][ T5854] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 186.335708][ T5854] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 186.398194][ T5854] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 186.434467][ T5854] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 186.465395][ T5854] usb 4-1: config 1 has no interface number 0 [ 186.495951][ T5854] usb 4-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17 [ 186.513669][ T5854] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 186.537910][ T5854] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.602196][ T5854] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 186.848068][ T5854] snd_usb_pod 4-1:1.1: set_interface failed [ 186.855265][ T5854] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 186.867129][ T5854] snd_usb_pod: probe of 4-1:1.1 failed with error -71 [ 186.885685][ T5854] usb 4-1: USB disconnect, device number 3 [ 187.550329][ T7025] netlink: 4 bytes leftover after parsing attributes in process `syz.0.312'. [ 188.244660][ T7036] rtc_cmos 00:00: Alarms can be up to one day in the future [ 189.184168][ T7041] loop3: detected capacity change from 0 to 512 [ 189.198526][ T7042] hugetlbfs: syz.2.324 (7042): Using mlock ulimits for SHM_HUGETLB is obsolete [ 189.441986][ T7041] EXT4-fs (loop3): Test dummy encryption mode enabled [ 189.511030][ T7041] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 190.071786][ T7041] EXT4-fs (loop3): 1 truncate cleaned up [ 190.095173][ T7041] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.265746][ T7052] ipt_ECN: cannot use operation on non-tcp rule [ 192.111295][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.328674][ T7069] dccp_close: ABORT with 32 bytes unread [ 192.691507][ T7075] syz.2.327[7075] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 192.691660][ T7075] syz.2.327[7075] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 193.339670][ T7082] loop2: detected capacity change from 0 to 32768 [ 193.384069][ T7082] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 193.493198][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 193.493218][ T28] audit: type=1800 audit(1757638822.414:273): pid=7082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.330" name="file1" dev="loop2" ino=17058 res=0 errno=0 [ 193.751313][ T7097] xt_nat: multiple ranges no longer supported [ 194.546556][ T56] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 194.564002][ T7103] binder_alloc: 7101: pid 7101 spamming oneway? 2 buffers allocated for a total size of 5120 [ 194.780628][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.796331][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.308000][ T7093] syz.2.330 (7093) used greatest stack depth: 19720 bytes left [ 196.498980][ T7082] syz.2.330 (7082) used greatest stack depth: 18344 bytes left [ 196.659774][ T56] usb 3-1: unable to get BOS descriptor or descriptor too short [ 196.668796][ T56] usb 3-1: no configurations [ 196.673521][ T56] usb 3-1: can't read configurations, error -22 [ 197.634074][ T5791] ocfs2: Unmounting device (7,2) on (node local) [ 197.862491][ T7125] loop1: detected capacity change from 0 to 8192 [ 197.884895][ T7125] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 197.956649][ T7125] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 197.967583][ T7125] REISERFS (device loop1): using journaled data mode [ 197.975663][ T7125] reiserfs: using flush barriers [ 197.995534][ T7125] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 198.134192][ T7125] REISERFS (device loop1): checking transaction log (loop1) [ 198.210044][ T7125] REISERFS (device loop1): Using r5 hash to sort names [ 198.248144][ T7125] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 198.266456][ T7125] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 198.593068][ T7134] loop2: detected capacity change from 0 to 64 [ 198.962326][ T7136] syz.2.339: attempt to access beyond end of device [ 198.962326][ T7136] loop2: rw=0, sector=65534, nr_sectors = 2 limit=64 [ 198.976180][ T7136] Buffer I/O error on dev loop2, logical block 32767, async page read [ 200.603871][ T7140] team0: Port device vxcan1 removed [ 200.897221][ T7143] A link change request failed with some changes committed already. Interface veth1_to_bridge may have been left with an inconsistent configuration, please check. [ 201.719427][ T7156] loop0: detected capacity change from 0 to 128 [ 201.733804][ T7156] EXT4-fs: Ignoring removed nobh option [ 201.886566][ T7156] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 201.901410][ T7156] ext4 filesystem being mounted at /83/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 202.111431][ T5788] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 202.226421][ T56] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 202.352083][ T7162] loop2: detected capacity change from 0 to 8192 [ 202.363644][ T7162] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 202.377711][ T7162] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 202.388314][ T7162] REISERFS (device loop2): using journaled data mode [ 202.397078][ T7162] reiserfs: using flush barriers [ 202.411906][ T7162] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 202.429122][ T7162] REISERFS (device loop2): checking transaction log (loop2) [ 202.439907][ T7162] REISERFS (device loop2): Using r5 hash to sort names [ 202.449331][ T7162] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 202.467739][ T7162] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 202.479142][ T56] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 202.490204][ T56] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 202.504658][ T56] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 202.517813][ T56] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 202.527436][ T56] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.539663][ T56] usb 2-1: config 0 descriptor?? [ 203.556442][ T7160] loop1: detected capacity change from 0 to 256 [ 204.002409][ T7160] FAT-fs (loop1): bogus sectors per cluster 255 [ 204.040126][ T7160] FAT-fs (loop1): Can't find a valid FAT filesystem [ 204.282447][ T56] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 204.879477][ T56] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 205.182865][ T7186] autofs4:pid:7186:autofs_fill_super: called with bogus options [ 206.306909][ T5777] usb 2-1: USB disconnect, device number 5 [ 206.504018][ T7194] loop0: detected capacity change from 0 to 64 [ 206.836479][ T7200] loop3: detected capacity change from 0 to 128 [ 206.847402][ T7200] EXT4-fs: Ignoring removed nobh option [ 207.139854][ T7203] syz.0.359: attempt to access beyond end of device [ 207.139854][ T7203] loop0: rw=0, sector=65534, nr_sectors = 2 limit=64 [ 207.153897][ T7203] Buffer I/O error on dev loop0, logical block 32767, async page read [ 207.265169][ T7200] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 207.279240][ T7200] ext4 filesystem being mounted at /84/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 207.523715][ T5790] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 207.630336][ T7210] netlink: 4 bytes leftover after parsing attributes in process `syz.3.363'. [ 209.095526][ T7221] syz.2.366: attempt to access beyond end of device [ 209.095526][ T7221] loop5: rw=0, sector=0, nr_sectors = 8 limit=0 [ 209.108707][ T7221] F2FS-fs (loop5): Unable to read 1th superblock [ 209.115688][ T7221] syz.2.366: attempt to access beyond end of device [ 209.115688][ T7221] loop5: rw=0, sector=8, nr_sectors = 8 limit=0 [ 209.128670][ T7221] F2FS-fs (loop5): Unable to read 2th superblock [ 209.802526][ T7224] loop0: detected capacity change from 0 to 8192 [ 209.814411][ T7224] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 209.828020][ T7224] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 209.841461][ T7224] REISERFS (device loop0): using journaled data mode [ 209.848421][ T7224] reiserfs: using flush barriers [ 209.867680][ T7224] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 209.936843][ T7224] REISERFS (device loop0): checking transaction log (loop0) [ 209.965933][ T7224] REISERFS (device loop0): Using r5 hash to sort names [ 209.985973][ T7224] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 210.018893][ T7224] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 211.298845][ T7245] netlink: 28 bytes leftover after parsing attributes in process `syz.2.374'. [ 211.332925][ T7245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.374'. [ 211.396405][ T7245] bridge0: port 3(syz_tun) entered blocking state [ 211.421924][ T7245] bridge0: port 3(syz_tun) entered disabled state [ 211.462625][ T7245] syz_tun: entered allmulticast mode [ 211.490918][ T7245] syz_tun: entered promiscuous mode [ 211.834334][ T7253] loop2: detected capacity change from 0 to 1024 [ 211.866077][ T7253] EXT4-fs: Ignoring removed nobh option [ 211.905865][ T7253] EXT4-fs: inline encryption not supported [ 212.314674][ T5794] Bluetooth: hci1: command 0x0406 tx timeout [ 212.321020][ T5794] Bluetooth: hci0: command 0x0406 tx timeout [ 212.327759][ T5801] Bluetooth: hci2: command 0x0406 tx timeout [ 212.574146][ T7253] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 212.815352][ T7253] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 212.902328][ T7262] netlink: 4 bytes leftover after parsing attributes in process `syz.3.378'. [ 212.950629][ T7253] EXT4-fs warning (device loop2): ext4_dirblock_csum_set:427: inode #2: comm syz.2.377: No space for directory leaf checksum. Please run e2fsck -D. [ 212.967609][ T7262] netlink: 12 bytes leftover after parsing attributes in process `syz.3.378'. [ 212.999625][ T7253] EXT4-fs error (device loop2): ext4_ind_map_blocks:604: inode #15: comm syz.2.377: Can't allocate blocks for non-extent mapped inodes with bigalloc [ 213.040471][ T7252] EXT4-fs error (device loop2): ext4_validate_inode_bitmap:106: comm syz.2.377: Corrupt inode bitmap - block_group = 0, inode_bitmap = 4 [ 213.063381][ T7252] EXT4-fs error (device loop2) in ext4_free_inode:363: Filesystem failed CRC [ 213.085179][ T7247] loop0: detected capacity change from 0 to 32768 [ 213.133177][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.147209][ T7247] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 213.176804][ T7247] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 213.253083][ T7247] XFS (loop0): Ending clean mount [ 213.268349][ T7247] XFS (loop0): Quotacheck needed: Please wait. [ 213.357457][ T7247] XFS (loop0): Quotacheck: Done. [ 213.439296][ T28] audit: type=1804 audit(1757638842.414:274): pid=7247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.373" name="/newroot/91/file0/file1" dev="loop0" ino=6150 res=1 errno=0 [ 213.573868][ T5788] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 213.783920][ T7289] xt_CT: You must specify a L4 protocol and not use inversions on it [ 214.302946][ T7291] netlink: 'syz.2.385': attribute type 10 has an invalid length. [ 214.410585][ T7291] macvlan0: entered promiscuous mode [ 214.442745][ T7291] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 214.817508][ T7292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 214.851731][ T7292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 214.883216][ T7292] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 214.928476][ T7292] bond0 (unregistering): Released all slaves [ 214.960234][ T7300] netlink: 12 bytes leftover after parsing attributes in process `syz.1.387'. [ 215.161021][ T7303] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 215.221506][ T7307] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 215.301340][ T7307] bond1 (unregistering): Released all slaves [ 217.902943][ T7332] netlink: 'syz.3.399': attribute type 4 has an invalid length. [ 218.186657][ T7344] netlink: 'syz.3.403': attribute type 1 has an invalid length. [ 218.249165][ T7344] 8021q: adding VLAN 0 to HW filter on device bond1 [ 218.267748][ T7347] vlan2: entered allmulticast mode [ 218.307962][ T7347] veth1: entered allmulticast mode [ 218.381496][ T7347] bond1: (slave vlan2): making interface the new active one [ 218.411192][ T7347] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 219.541194][ T7357] loop1: detected capacity change from 0 to 128 [ 219.553362][ T7357] EXT4-fs: Ignoring removed nobh option [ 220.431829][ T7357] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 220.445736][ T7357] ext4 filesystem being mounted at /104/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 220.585807][ T7362] netlink: 32 bytes leftover after parsing attributes in process `syz.3.408'. [ 220.683991][ T7364] loop2: detected capacity change from 0 to 1024 [ 220.713833][ T7364] EXT4-fs: Ignoring removed nobh option [ 220.718199][ T5785] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 220.726185][ T7364] EXT4-fs: Ignoring removed bh option [ 220.752221][ T7364] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 220.821200][ T7364] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.871662][ T7364] netlink: 'syz.2.409': attribute type 4 has an invalid length. [ 220.879819][ T7364] netlink: 17 bytes leftover after parsing attributes in process `syz.2.409'. [ 220.924858][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.241275][ T7377] loop0: detected capacity change from 0 to 32768 [ 221.263751][ T7377] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 221.292533][ T28] audit: type=1800 audit(1757638850.264:275): pid=7377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.413" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 221.696245][ T9] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 222.126500][ T7387] loop2: detected capacity change from 0 to 40427 [ 222.166360][ T7387] F2FS-fs (loop2): invalid crc value [ 222.181960][ T7387] F2FS-fs (loop2): Found nat_bits in checkpoint [ 222.230990][ T7387] F2FS-fs (loop2): Start checkpoint disabled! [ 222.245014][ T7387] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 223.272685][ T5777] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 224.338758][ T5777] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 224.360764][ T5777] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.382338][ T5777] usb 2-1: config 0 descriptor?? [ 224.433892][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 224.457278][ T9] usb 1-1: no configurations [ 224.462055][ T9] usb 1-1: can't read configurations, error -22 [ 224.522892][ T1144] kworker/u4:8: attempt to access beyond end of device [ 224.522892][ T1144] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 224.559890][ T1144] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 224.592344][ T5788] ocfs2: Unmounting device (7,0) on (node local) [ 225.605659][ T5777] usb 2-1: Cannot set autoneg [ 225.723298][ T28] audit: type=1326 audit(1757638854.634:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7414 comm="syz.3.422" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdd5a18eba9 code=0x0 [ 225.873091][ T7418] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 225.897465][ T7419] loop3: detected capacity change from 0 to 512 [ 225.977454][ T7418] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 226.000283][ T7419] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 226.294543][ T5777] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71 [ 226.307244][ T5777] usb 2-1: USB disconnect, device number 6 [ 226.349719][ T7419] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002] [ 226.358555][ T7419] EXT4-fs (loop3): orphan cleanup on readonly fs [ 226.376170][ T7419] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.422: attempt to clear invalid blocks 1024 len 1 [ 226.396432][ T7419] EXT4-fs (loop3): Remounting filesystem read-only [ 226.422218][ T7419] EXT4-fs (loop3): 1 truncate cleaned up [ 226.429706][ T28] audit: type=1326 audit(1757638855.404:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7421 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe4c58eba9 code=0x7ffc0000 [ 226.455536][ T7419] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 226.482795][ T28] audit: type=1326 audit(1757638855.404:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7421 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe4c58eba9 code=0x7ffc0000 [ 226.506377][ T28] audit: type=1326 audit(1757638855.444:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7421 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe4c58eba9 code=0x7ffc0000 [ 226.529743][ T28] audit: type=1326 audit(1757638855.444:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7421 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe4c58eba9 code=0x7ffc0000 [ 226.552757][ T28] audit: type=1326 audit(1757638855.444:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7421 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe4c58eba9 code=0x7ffc0000 [ 226.598622][ T28] audit: type=1326 audit(1757638855.444:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7421 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe4c58eba9 code=0x7ffc0000 [ 226.622445][ T28] audit: type=1326 audit(1757638855.444:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7421 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe4c58eba9 code=0x7ffc0000 [ 226.675747][ T28] audit: type=1326 audit(1757638855.444:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7421 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe4c58eba9 code=0x7ffc0000 [ 226.701593][ T28] audit: type=1326 audit(1757638855.444:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7421 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe4c58eba9 code=0x7ffc0000 [ 226.725538][ T28] audit: type=1326 audit(1757638855.444:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7421 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe4c58eba9 code=0x7ffc0000 [ 226.813435][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 228.134748][ T7436] syz.3.429 uses obsolete (PF_INET,SOCK_PACKET) [ 228.161291][ T7436] vxcan1: entered allmulticast mode [ 229.502976][ T7454] netlink: 'syz.2.433': attribute type 33 has an invalid length. [ 229.511557][ T7454] netlink: 152 bytes leftover after parsing attributes in process `syz.2.433'. [ 230.551934][ T7462] vlan3: entered allmulticast mode [ 230.551956][ T7462] macvtap0: entered allmulticast mode [ 230.551969][ T7462] veth0_macvtap: entered allmulticast mode [ 231.589457][ T7474] loop3: detected capacity change from 0 to 1024 [ 231.611214][ T7474] EXT4-fs: Ignoring removed nobh option [ 231.622196][ T7474] EXT4-fs: Ignoring removed bh option [ 231.634389][ T7474] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 231.724013][ T7474] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.002444][ T7474] netlink: 'syz.3.440': attribute type 4 has an invalid length. [ 232.019234][ T7474] netlink: 17 bytes leftover after parsing attributes in process `syz.3.440'. [ 232.047905][ T7483] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 232.057573][ T7483] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 232.067051][ T7483] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 232.517197][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.899366][ T7500] netlink: 'syz.1.446': attribute type 33 has an invalid length. [ 233.907674][ T7500] netlink: 152 bytes leftover after parsing attributes in process `syz.1.446'. [ 235.144943][ T7524] loop1: detected capacity change from 0 to 1024 [ 235.153334][ T7524] EXT4-fs: Ignoring removed nobh option [ 235.159235][ T7524] EXT4-fs: Ignoring removed bh option [ 235.165945][ T7524] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 235.193343][ T7524] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.219936][ T7524] netlink: 'syz.1.454': attribute type 4 has an invalid length. [ 235.228288][ T7524] netlink: 17 bytes leftover after parsing attributes in process `syz.1.454'. [ 235.263515][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.138927][ T7560] netlink: 'syz.0.460': attribute type 33 has an invalid length. [ 240.146859][ T7560] netlink: 152 bytes leftover after parsing attributes in process `syz.0.460'. [ 240.357874][ T7562] netlink: 16 bytes leftover after parsing attributes in process `syz.2.465'. [ 240.442007][ T7566] tipc: Enabled bearer , priority 10 [ 240.480779][ T7566] tipc: Enabled bearer , priority 0 [ 240.859528][ T7582] loop0: detected capacity change from 0 to 1024 [ 240.877307][ T7582] EXT4-fs: Ignoring removed nobh option [ 240.888211][ T7582] EXT4-fs: Ignoring removed bh option [ 240.903609][ T7582] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 240.953158][ T7582] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 241.013142][ T7582] netlink: 'syz.0.471': attribute type 4 has an invalid length. [ 241.030774][ T7582] netlink: 17 bytes leftover after parsing attributes in process `syz.0.471'. [ 241.129850][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.323590][ T7583] loop1: detected capacity change from 0 to 40427 [ 241.334229][ T7583] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 241.350264][ T7583] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 241.377373][ T7583] F2FS-fs (loop1): Found nat_bits in checkpoint [ 241.450588][ T7583] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 241.460057][ T7583] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 241.503591][ T7593] loop0: detected capacity change from 0 to 512 [ 241.533374][ T7593] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 241.551488][ T7593] ext4 filesystem being mounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 241.595668][ T7593] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #2: comm syz.0.474: corrupted inode contents [ 241.615697][ T7593] EXT4-fs error (device loop0): ext4_dirty_inode:6106: inode #2: comm syz.0.474: mark_inode_dirty error [ 241.634992][ T7593] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #2: comm syz.0.474: corrupted inode contents [ 241.651327][ T7593] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.474: mark_inode_dirty error [ 241.724423][ T7593] EXT4-fs error (device loop0): ext4_get_first_dir_block:3595: inode #18: comm syz.0.474: directory missing '.' [ 241.781883][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.821641][ T5785] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 241.832239][ T5785] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 241.840451][ T5785] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 241.848361][ T5785] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 241.856933][ T5785] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 241.864642][ T5785] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 241.872615][ T5785] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 243.807476][ T7611] netlink: 'syz.1.476': attribute type 10 has an invalid length. [ 243.991632][ T7617] netlink: 'syz.3.475': attribute type 33 has an invalid length. [ 243.999850][ T7617] netlink: 152 bytes leftover after parsing attributes in process `syz.3.475'. [ 245.083092][ T7622] vlan3: entered allmulticast mode [ 245.094002][ T7622] macvtap0: entered allmulticast mode [ 245.101182][ T7622] veth0_macvtap: entered allmulticast mode [ 245.197374][ T7620] tipc: Started in network mode [ 245.209876][ T7620] tipc: Node identity ac1414aa, cluster identity 4711 [ 245.236252][ T7620] tipc: Enabled bearer , priority 10 [ 245.247007][ T7630] tipc: Enabled bearer , priority 0 [ 245.421196][ T7632] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3343437945 (53495007120 ns) > initial count (1024 ns). Using initial count to start timer. [ 245.478707][ T7632] kvm: vcpu 0: requested 1024 ns lapic timer period limited to 200000 ns [ 245.500017][ T7632] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3089888063 (3089888063 ns) > initial count (2126324423 ns). Using initial count to start timer. [ 245.547605][ T7643] loop3: detected capacity change from 0 to 1024 [ 245.600975][ T7643] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 245.633112][ T7650] loop1: detected capacity change from 0 to 512 [ 245.640645][ T7650] EXT4-fs: Ignoring removed nobh option [ 245.652253][ T7650] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 245.713016][ T7650] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.490: iget: bad i_size value: 38620345925642 [ 245.728421][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 245.728670][ T7650] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.490: couldn't read orphan inode 15 (err -117) [ 245.768208][ T7650] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 245.908739][ T7650] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.490: iget: bad i_size value: 38620345925642 [ 246.250428][ T5853] tipc: Node number set to 2886997162 [ 247.010251][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.517987][ T7676] loop0: detected capacity change from 0 to 128 [ 247.560208][ T7676] hpfs: bad mount options. [ 247.760074][ T7676] loop0: detected capacity change from 0 to 4096 [ 247.818607][ T7680] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 247.936558][ T7121] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 248.131316][ T7677] loop1: detected capacity change from 0 to 32768 [ 248.140687][ T7677] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.499 (7677) [ 248.154972][ T7121] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.171785][ T7121] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 248.172241][ T7677] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 248.196433][ T7121] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.212208][ T7677] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 248.222710][ T7677] BTRFS info (device loop1): using free space tree [ 248.233508][ T7121] usb 4-1: config 0 descriptor?? [ 248.293527][ T7677] BTRFS info (device loop1): enabling ssd optimizations [ 248.313993][ T7677] BTRFS info (device loop1): auto enabling async discard [ 248.678571][ T7121] keytouch 0003:0926:3333.0004: fixing up Keytouch IEC report descriptor [ 248.713911][ T7121] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0004/input/input8 [ 248.859697][ T7121] keytouch 0003:0926:3333.0004: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 248.881420][ T5785] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 249.636539][ T7121] usb 4-1: USB disconnect, device number 4 [ 250.120520][ T7715] loop1: detected capacity change from 0 to 512 [ 250.213091][ T7715] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.504: invalid indirect mapped block 1024 (level 0) [ 250.267667][ T7715] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.504: bg 0: block 35: padding at end of block bitmap is not set [ 250.328035][ T7715] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 250.362919][ T7715] EXT4-fs (loop1): 1 truncate cleaned up [ 250.393721][ T7715] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 250.501828][ T7715] netlink: 124 bytes leftover after parsing attributes in process `syz.1.504'. [ 250.671153][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.245321][ T7757] loop1: detected capacity change from 0 to 256 [ 252.387938][ T7757] loop1: detected capacity change from 0 to 512 Stopping sshd: [ 252.410267][ T7757] ext4: Unknown parameter 'smackfsroot' stopped /usr/sbin/sshd (pid 5548) OK Stopping crond: stopped /usr/sbin/crond (pid 5531) OK Stopping dhcpcd... stopped /sbin/dhcpcd (pid 5452) Stopping network: [ 254.330721][ T7781] loop0: detected capacity change from 0 to 1024 [ 254.379651][ T7781] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 254.436652][ T7781] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 254.445154][ T7781] EXT4-fs (loop0): orphan cleanup on readonly fs [ 254.543208][ T7781] EXT4-fs error (device loop0): ext4_free_blocks:6676: comm syz.0.518: Freeing blocks not in datazone - block = 0, count = 4096 [ 254.718941][ T7781] EXT4-fs (loop0): 1 orphan inode deleted [ 254.743694][ T7781] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 254.949731][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. OK [ 255.988822][ T7806] loop2: detected capacity change from 0 to 1024 [ 256.030162][ T7806] ext4: Unknown parameter 'smackfsroot' Stopping iptables: [ 256.210201][ T7813] netlink: 'syz.2.522': attribute type 9 has an invalid length. [ 256.223386][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.223538][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.271186][ T7813] netlink: 'syz.2.522': attribute type 6 has an invalid length. [ 256.290431][ T7813] netlink: 'syz.2.522': attribute type 7 has an invalid length. [ 256.299763][ T7813] netlink: 'syz.2.522': attribute type 8 has an invalid length. OK Stopping system message bus: [ 257.241097][ T7820] program syz.0.525 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 257.765401][ T7837] loop3: detected capacity change from 0 to 16 [ 257.812816][ T7837] erofs: (device loop3): mounted with root inode @ nid 36. done [ 259.631591][ T7852] loop3: detected capacity change from 0 to 512 [ 259.649436][ T7852] EXT4-fs: Ignoring removed nobh option [ 259.663707][ T7852] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 259.723890][ T7852] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.532: iget: bad i_size value: 38620345925642 [ 259.779273][ T7852] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.532: couldn't read orphan inode 15 (err -117) [ 259.831801][ T7852] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 259.933669][ T7852] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.532: iget: bad i_size value: 38620345925642 [ 259.973613][ T7862] gtp0: entered promiscuous mode [ 260.096449][ T7857] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 260.211368][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. killall: udevd: no process killed [ 260.786595][ T7121] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 261.007685][ T7121] usb 3-1: Using ep0 maxpacket: 16 [ 261.022689][ T7121] usb 3-1: unable to get BOS descriptor or descriptor too short [ 261.050551][ T7121] usb 3-1: config 0 has an invalid interface number: 48 but max is 0 [ 261.066155][ T7121] usb 3-1: config 0 has no interface number 0 [ 261.073638][ T7121] usb 3-1: config 0 interface 48 has no altsetting 0 [ 261.084215][ T7121] usb 3-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 261.104873][ T7121] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Stopping klogd: [ 261.140546][ T7121] usb 3-1: Product: syz [ 261.148260][ T7121] usb 3-1: Manufacturer: syz [ 261.158893][ T7121] usb 3-1: SerialNumber: syz [ 261.190334][ T7121] usb 3-1: config 0 descriptor?? start-stop-daemon: warning: killing process 5147: No such process FAIL [ 261.444720][ T7121] usb-storage 3-1:0.48: USB Mass Storage device detected [ 261.642215][ T7121] usb 3-1: USB disconnect, device number 4 [ 261.727796][ T7879] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. Stopping acpid: [ 262.533595][ C1] Unknown status report in ack skb [ 262.634522][ T7895] loop0: detected capacity change from 0 to 16 [ 262.646023][ T7895] erofs: (device loop0): mounted with root inode @ nid 36. [ 262.875647][ T5789] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 262.887928][ T5789] CPU: 1 PID: 5789 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 262.895665][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 262.905869][ T5789] Workqueue: hci1 hci_rx_work [ 262.910687][ T5789] Call Trace: [ 262.914021][ T5789] [ 262.917094][ T5789] dump_stack_lvl+0x16c/0x230 [ 262.921843][ T5789] ? show_regs_print_info+0x20/0x20 [ 262.927280][ T5789] ? load_image+0x3b0/0x3b0 [ 262.931858][ T5789] sysfs_create_dir_ns+0x256/0x280 [ 262.937046][ T5789] ? hci_rx_work+0x43a/0xd80 [ 262.941771][ T5789] ? sysfs_warn_dup+0xa0/0xa0 [ 262.946767][ T5789] ? do_raw_spin_unlock+0x121/0x230 [ 262.952067][ T5789] kobject_add_internal+0x6b8/0xc70 [ 262.957355][ T5789] kobject_add+0x156/0x220 [ 262.961826][ T5789] ? __rwlock_init+0x150/0x150 [ 262.966736][ T5789] ? kobject_init+0x1e0/0x1e0 [ 262.971461][ T5789] ? _raw_spin_unlock+0x28/0x40 [ 262.976349][ T5789] ? get_device_parent+0x366/0x390 [ 262.981508][ T5789] device_add+0x408/0xc20 [ 262.985969][ T5789] hci_conn_add_sysfs+0xd5/0x1e0 [ 262.990951][ T5789] le_conn_complete_evt+0xc37/0x1220 [ 262.996273][ T5789] ? hci_event_packet+0x4a7/0x1210 [ 263.001532][ T5789] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 263.007902][ T5789] ? __copy_skb_header+0xa7/0x550 [ 263.012969][ T5789] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 263.018636][ T5789] ? skb_pull_data+0xfb/0x200 [ 263.023435][ T5789] hci_le_conn_complete_evt+0x187/0x440 [ 263.029029][ T5789] ? hci_remote_host_features_evt+0x160/0x160 [ 263.035124][ T5789] hci_event_packet+0x795/0x1210 [ 263.040162][ T5789] ? bis_list+0x290/0x290 [ 263.044565][ T5789] ? lockdep_hardirqs_on+0x98/0x150 [ 263.049804][ T5789] ? hci_send_to_monitor+0xd7/0x4f0 [ 263.055050][ T5789] hci_rx_work+0x43a/0xd80 [ 263.059516][ T5789] ? process_scheduled_works+0x957/0x15b0 [ 263.065390][ T5789] process_scheduled_works+0xa45/0x15b0 [ 263.071267][ T5789] ? assign_work+0x400/0x400 [ 263.075983][ T5789] ? assign_work+0x39e/0x400 [ 263.080776][ T5789] worker_thread+0xa55/0xfc0 [ 263.085496][ T5789] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 263.091624][ T5789] ? _raw_spin_unlock+0x40/0x40 [ 263.096723][ T5789] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 263.102837][ T5789] kthread+0x2fa/0x390 [ 263.107054][ T5789] ? pr_cont_work+0x560/0x560 [ 263.111759][ T5789] ? kthread_blkcg+0xd0/0xd0 [ 263.116378][ T5789] ret_from_fork+0x48/0x80 [ 263.120824][ T5789] ? kthread_blkcg+0xd0/0xd0 [ 263.125439][ T5789] ret_from_fork_asm+0x11/0x20 [ 263.130278][ T5789] [ 263.134956][ T5789] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 263.149763][ T5789] Bluetooth: hci1: failed to register connection device [ 263.398919][ T7912] loop0: detected capacity change from 0 to 1024 [ 263.407993][ T7912] EXT4-fs: Ignoring removed i_version option [ 263.414373][ T7912] EXT4-fs: inline encryption not supported [ 263.426889][ T7912] EXT4-fs (loop0): Test dummy encryption mode enabled [ 263.442672][ T7912] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. OK Stopping syslogd: [ 263.933571][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. stopped /sbin/syslogd (pid 5140) OK [ 266.902640][ T7938] loop2: detected capacity change from 0 to 1024 [ 266.922765][ T7938] EXT4-fs: Ignoring removed bh option [ 266.948009][ T7938] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 266.987357][ T7938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 267.094491][ T7944] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 267.111231][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount: can't remount debugfs read-only [ 267.754690][ T7967] netlink: 24 bytes leftover after parsing attributes in process `syz.3.562'. [ 268.171833][ T7976] xt_cgroup: path and classid specified [ 268.701096][ T5797] Bluetooth: hci3: command 0x0406 tx timeout [ 268.952406][ T7980] gtp0: entered promiscuous mode [ 269.170335][ T7987] loop0: detected capacity change from 0 to 128 [ 269.179800][ T7987] FAT-fs (loop0): Unrecognized mount option "ÿÿ" or missing value [ 269.247797][ T7986] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 269.286246][ T5789] Bluetooth: hci1: command 0x0406 tx timeout [ 269.881737][ T7987] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 271.354538][ T8010] loop3: detected capacity change from 0 to 1024 [ 271.363607][ T8010] EXT4-fs: Ignoring removed i_version option [ 271.378017][ T8010] EXT4-fs: inline encryption not supported [ 271.385383][ T8010] EXT4-fs (loop3): Test dummy encryption mode enabled [ 271.423112][ T8010] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 271.686323][ T5853] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 271.853394][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.896496][ T5853] usb 1-1: Using ep0 maxpacket: 16 [ 271.914586][ T5853] usb 1-1: unable to get BOS descriptor or descriptor too short [ 271.955308][ T5853] usb 1-1: config 0 has an invalid interface number: 48 but max is 0 [ 271.975662][ T5853] usb 1-1: config 0 has no interface number 0 [ 272.004092][ T5853] usb 1-1: config 0 interface 48 has no altsetting 0 [ 272.044397][ T5853] usb 1-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 272.087492][ T5853] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.132603][ T5777] libceph: connect (1)[c::]:6789 error -101 [ 272.156159][ T5853] usb 1-1: Product: syz [ 272.160442][ T5853] usb 1-1: Manufacturer: syz [ 272.165526][ T5853] usb 1-1: SerialNumber: syz [ 272.198725][ T5777] libceph: mon0 (1)[c::]:6789 connect error [ 272.245372][ T8015] ceph: No mds server is up or the cluster is laggy [ 272.264430][ T5853] usb 1-1: config 0 descriptor?? [ 272.303008][ T9] libceph: connect (1)[c::]:6789 error -101 [ 272.338208][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 272.568249][ T5853] usb-storage 1-1:0.48: USB Mass Storage device detected [ 272.746433][ T5853] usb 1-1: USB disconnect, device number 5 umount: sysfs busy - remounted read-only umount: devtmpfs busy - remounted read-only umount: can't remount /dev/root read-only The system is going down NOW! Sent SIGTERM to all processes Connection to 10.128.0.40 closed by remote host. [ 273.883943][ T42] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.965780][ T7868] syz_tun (unregistering): left allmulticast mode [ 273.974800][ T7868] syz_tun (unregistering): left promiscuous mode [ 273.983047][ T7868] bridge0: port 3(syz_tun) entered disabled state [ 274.032834][ T42] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.189442][ T42] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.329293][ T42] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 Sent SIGKILL to all processes Requesting system poweroff [ 275.515289][ T8029] sd 0:0:1:0: [sda] Synchronizing SCSI cache [ 275.532111][ T8029] ACPI: PM: Preparing to enter system sleep state S5 [ 275.551504][ T8029] kvm: exiting hardware virtualization [ 275.558969][ T8029] reboot: Power down serialport: VM disconnected.