last executing test programs: 6.219733332s ago: executing program 3 (id=150): creat(&(0x7f0000000080)='./file1\x00', 0x4) mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x8000, 0x0) 6.002553385s ago: executing program 3 (id=152): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x1, 0x66c, 0x0, 'queue1\x00'}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0) write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x24, r5, 0x2, 0x70bd29, 0x2, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x2}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40440c4}, 0x2000c000) sendmsg$NL80211_CMD_SET_COALESCE(r4, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r5, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r7}, @void}}}, 0x28}, 0x1, 0x6c00}, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) r9 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$RTC_UIE_ON(r9, 0x7003) ioctl$RTC_AIE_ON(r9, 0x7001) ioctl$RTC_ALM_SET(r9, 0x40247007, &(0x7f0000000100)={0x26, 0x19, 0xd, 0x6, 0x8, 0x4b4411f9, 0x5, 0x14}) r10 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r10, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) sendmmsg$sock(r10, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@txtime={{0x14, 0x1, 0x3d, 0x8}}], 0x14}}], 0x2, 0x20000000) setsockopt$EBT_SO_SET_ENTRIES(r8, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x00', 0x19, 0x0, 0xc0, [0x200000000500, 0x0, 0x0, 0x200000000530, 0x200000000563], 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRESOCT=r0]}, 0x8f) r11 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) ioctl$HIDIOCSREPORT(r11, 0x400c4808, &(0x7f0000000040)={0x100003, 0xffffffff, 0xf}) 5.133798032s ago: executing program 0 (id=156): r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca508854", @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35cf6c3d5", @ANYRESOCT]) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000000000000001200"}}) 4.360513229s ago: executing program 0 (id=157): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket(0x1e, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r2) pipe2$9p(&(0x7f00000001c0), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x7, 0x7fc00100}]}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4010}, 0xe) setsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f0000000180)={0x4, 0xa8}, 0x2) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa08001900e000000214001b0017"], 0x58}}, 0x0) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x8c, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x78, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xaf57}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x404d091}, 0x20000004) r6 = syz_open_dev$usbfs(&(0x7f0000000000), 0x76, 0x103381) timerfd_create(0x7, 0x0) ioctl$USBDEVFS_DROP_PRIVILEGES(r6, 0x4004551e, &(0x7f00000000c0)=0xffffffff) ioctl$USBDEVFS_CONNECTINFO(r6, 0x8108551b, &(0x7f0000002a40)) ioctl$USBDEVFS_RESET(r6, 0x5514) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="18000000111401002bbd7000fedbff2504004b00"], 0x18}, 0x1, 0x0, 0x0, 0x20000800}, 0xc4) r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000003c0)={{{@in=@multicast2, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@multicast2}}, &(0x7f00000004c0)=0xe8) quotactl_fd$Q_GETQUOTA(0xffffffffffffffff, 0xffffffff80000701, r8, &(0x7f0000000500)) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x50, r0, 0x3000) mmap(&(0x7f0000b14000/0xa000)=nil, 0xa000, 0x2000009, 0x4d032, r7, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) 4.088510684s ago: executing program 3 (id=159): r0 = add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0) ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000000)={0x16, 0x1d, 0x13, 0x1, 0x7, 0x5, 0x0, 0x114, 0xffffffffffffffff}) mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 3.926880775s ago: executing program 3 (id=161): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x7, @mcast1, 0x4}, 0x1c) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000080)=@attr_other={0x0, 0x1, 0xfffffffffffffffe, 0x0}) connect$pppl2tp(r0, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) (async) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r5, 0x45809000) r6 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e22, @private=0xa010102}, 0x10) 3.634452416s ago: executing program 3 (id=164): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000940), r0) sendmsg$IEEE802154_LIST_PHY(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x14, r1, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4048842}, 0x4008886) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000a00)='wsync', 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xb0, 0x3ff, 0x34325241, 0x0, [], [0x2b8, 0x200000], [0x0, 0x9, 0x0, 0x3]}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000300)={[0x7, 0x800, 0x100, 0x0, 0x5700000000000000, 0x401, 0x6, 0xfffffffffffffff7, 0x0, 0x13f, 0x100000001, 0xba25, 0xfff, 0x3, 0xfffffffffffffe00, 0x4], 0xeeef0000, 0x1c0080}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x0) r6 = syz_open_dev$sg(&(0x7f0000007700), 0x0, 0x0) ioctl$SG_IO(r6, 0x2285, &(0x7f0000000040)={0x53, 0xffffffffffffffff, 0xfe, 0x2, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000300)="a3972ccb0a7d7b0ee0f6c13f0e1a5aa28fb26cdb8d215334aa5183d5415d5b131ba736acdcef58642d43e1940c1d77c2fb76c849b94a2c73e1d2ee5a7fa7a9c2cb433da37bfaff0c72d186df5ad51cd007297750247d17cbd840797b687287abaa4bd1325d812258462ed4d9b154c735db4fb0522c895258a104c7573a5ef3d25ad27bd9fc028c9c276b89ae9955dadd6b6e78b27c6a3e9c73aa2145ca755cd5e844ff93a386daf2901c8f181e73417d20f496ab77f7adf86141c2b84b11015655328083e2f433ae6422726e2c25ade4615c240f76d7332406a6e4fe7a4f4660f9976119240baab84438cb60dc98334e352b7517daa2bafab864272f30ca", 0x0, 0x2, 0x0, 0x2, 0x0}) readv(r5, &(0x7f0000000180)=[{&(0x7f00000001c0)=""/262, 0x106}], 0x1) syz_clone(0x140011, 0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000300)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{r7, r8+10000000}, {0x0, 0x3938700}}, 0x0) r9 = gettid() rt_sigaction(0x16, &(0x7f0000000380)={0x0, 0x90000000, 0x0}, 0x0, 0x8, &(0x7f0000000180)) tkill(r9, 0x16) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hpfs\x00', 0x0, 0x0) 3.580135278s ago: executing program 1 (id=165): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r2, &(0x7f0000000180)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x4, @private0, 0x3}, 0x1c, &(0x7f00000003c0)=[{&(0x7f00000000c0)="14", 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e23, 0x6a144b89, @private2, 0x5}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000080)="1e", 0x1}], 0x1, 0x0, 0x56}}], 0x2, 0x931766f6319eed40) shutdown(r2, 0x1) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0x7d, &(0x7f00000001c0)={0xb, 0x1c, 0x5, 0x8, 0x6, 0x8, 0xff, 0x6, 0x9, 0x5, 0x38, 0x5, 0xff, 0x6}, 0xe) syz_usb_control_io$hid(r1, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r3 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) ioctl$HIDIOCSREPORT(r3, 0x400c4808, &(0x7f0000000000)={0x2, 0x300, 0xf}) 2.949363856s ago: executing program 3 (id=166): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000780)=ANY=[@ANYBLOB="120100000b529708410e42416ed401020301090224000100000000090400020221f7680009050100000401ff07090502"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x89) quotactl_fd$Q_SETINFO(r1, 0xffffffff80000600, 0x0, &(0x7f0000000040)={0x1, 0xfffffffffffffffc, 0x1, 0x4}) ioctl$sock_rose_SIOCDELRT(r1, 0x890c, &(0x7f0000000300)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x8, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) lsetxattr$security_capability(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000380), &(0x7f00000003c0)=@v3={0x3000000, [{0x6, 0x1}, {0x3, 0x3ff}], 0xee00}, 0x18, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(0xffffffffffffffff, 0x0, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x380, 0x0) read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) r4 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5}) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.current\x00', 0x275a, 0x0) write$cgroup_int(r6, &(0x7f0000000080)=0x9, 0x12) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4000003, 0x13, r6, 0x0) bind$netlink(r5, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfb, 0x4000000}, 0xc) getsockopt$netlink(r5, 0x10e, 0x9, &(0x7f0000001100)=""/4096, &(0x7f0000000040)=0x1000) syz_open_dev$sndctrl(&(0x7f0000000000), 0x3aa, 0x400202) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x1, 0x0, 0xe5}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r7, &(0x7f0000000740)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=[@mask_cswp={0x58, 0x114, 0x9, {{0x0, 0x7fff}, &(0x7f0000000000)=0x100000000, 0x0, 0x80000000, 0x3, 0x8001, 0x9, 0x4c, 0x100000001}}], 0x58}, 0x200000000000000) 1.680834883s ago: executing program 2 (id=169): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(0xffffffffffffffff, &(0x7f0000000080)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x1400, 0x0, 0x6e, 0x1, 0x0, @private=0xa010100, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x1, 0x3, 0x0, {0x5, 0x4, 0x1, 0x22, 0x1, 0x68, 0x8, 0x40, 0x2f, 0x8000, @initdev={0xac, 0x1e, 0xfe, 0x0}, @remote}, "000088bef1ffffff"}}}, 0x46) mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x200000, 0x0) 1.608505242s ago: executing program 1 (id=170): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000300)={0x0}) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r2, 0x2000) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) (async) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={0x0}) (async) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000300)={0x0}) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r2, 0x2000) (async) 1.49562139s ago: executing program 2 (id=171): r0 = syz_clone(0x44208991, 0x0, 0xc57e70572e6b946c, 0x0, 0x0, 0x0) ptrace(0x10, r0) rt_sigqueueinfo(r0, 0x43, &(0x7f0000000000)={0x17, 0x4006c, 0x2}) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='gfs2\x00', 0x200000, 0x0) syz_clone(0x44208991, 0x0, 0xc57e70572e6b946c, 0x0, 0x0, 0x0) (async) ptrace(0x10, r0) (async) rt_sigqueueinfo(r0, 0x43, &(0x7f0000000000)={0x17, 0x4006c, 0x2}) (async) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='gfs2\x00', 0x200000, 0x0) (async) 1.300783044s ago: executing program 1 (id=172): mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0) 1.220669957s ago: executing program 2 (id=173): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000051c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000005c0)="3f073b5a40a741e33bf3126412a0d032bbfdd47fe4975375bbce1175f4c9b2bbd53d5af4e8d0f985da6af32a258397f158455b2a2d7d", 0x36}], 0x1, 0x0, 0x0, 0x8000}}], 0x1, 0x8810) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c80100001000130726bd70000000000000000000000000000000ffffe0000002ac14141b0000000000000000000000004e23000100000003020000203a000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000000000000000bb0000000032000000ac1414330000000000000000000000000000000400000000000000000000000008000000000000000a00000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffbfffffffffffffcffffffffffffff0c000000040000000200000028bd7000000000000200040000ebff0000000000d60001"], 0x1c8}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f0000000040)=[@in={0x2, 0x4e21, @multicast2}, @in6={0xa, 0x4e24, 0xf24, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}], 0x12) r3 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$6lowpan_enable(r3, &(0x7f0000000100)='1', 0x1) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0) 1.141360415s ago: executing program 1 (id=174): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$vga_arbiter(r0, &(0x7f0000000040)=@other={'decodes', ' ', 'io+mem'}, 0xf) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x1, 0x0) landlock_restrict_self(r1, 0x0) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$sock(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000002c0)="21e412f6bc6903a47520685d2a5b5241b85b6c0461ca7ad50e191e33b086ef5227a382aaf6d63c8caefe0ec9c61c47fa66c0e3d6b8da835c1744f892c5298f8cc0f91b00448751595aba07a4728f63bc7d967bd151476cb416c2be1ec06c8082cd90e533f6bfa93ac874ae42f38a23", 0x6f}, {&(0x7f0000000600)="0b273b33adddf1e6f48a0ef456df2f5d65d593207cb9a973f382b4a8fdc05433a2db90fee88c0db118dc814688f0b28d471e5622393f3c98206b6e5b04676d146f03a56e97e77232d302771bd18e1b191d1762bc751786f24d27080e5358999809044e496a43d84ac93c3d44db2804f9cf0d849c8386b619c944c26e6615ff89b644aca932eada6161f616f8456b2687b7ffba03919a02f26d681599334ba8d9bf038e3cd721e552fec0daae6c59de24ab2f99c1bd429170e5b28e7eff8a199fa86523ca7084", 0xc6}, {&(0x7f0000000080)="a8640f98c5471c7b7e825b658e3b68e0a79a836a843dabe3623999fd4fcd5698355e9c442192285a6002de49c4cedca9ce9985d11c198084045a1b0f70ce", 0x3e}, {&(0x7f0000000700)="6ce21a47c4253824e75c971d7920c4f378d42964e5632e27d5df260e117a0fd5947eaf16de203e554675baa663c12d2d2fd5c081e8981e3928cae75803e5e8fdb28aa2fa7422807768546aacd01c87280a70dc2bce58b2cd43515f2d45dd34844bf4f4a33a482874487cc8be7aab6e9f76a3acc0edc16b078ab543f90c93a5ea959d6cf3fef5cb3d", 0x88}, {&(0x7f0000000340)="ba2f36294d", 0x5}], 0x5}, 0x24020040) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r2, 0x2000) 1.064715176s ago: executing program 0 (id=175): r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/oss_mixer\x00', 0x2, 0x0) close(r0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r1, 0x45809000) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) userfaultfd(0x800) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r3, 0x89f7, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000040)={@multicast2, 0x1, 0x0, 0x30, 0x0, [{@dev}, {@multicast2}, {@remote}]}}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000a4e000/0x4000)=nil, 0x3000, 0x2}) sendto$inet(r2, &(0x7f0000000080), 0x0, 0x24020804, &(0x7f0000000140)={0x2, 0x4e24, @multicast2}, 0x10) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/oss_mixer\x00', 0x2, 0x0) (async) close(r0) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r1, 0x45809000) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) dup(r2) (async) userfaultfd(0x800) (async) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r3, 0x89f7, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000040)={@multicast2, 0x1, 0x0, 0x30, 0x0, [{@dev}, {@multicast2}, {@remote}]}}) (async) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000a4e000/0x4000)=nil, 0x3000, 0x2}) (async) sendto$inet(r2, &(0x7f0000000080), 0x0, 0x24020804, &(0x7f0000000140)={0x2, 0x4e24, @multicast2}, 0x10) (async) 1.024287219s ago: executing program 2 (id=176): syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0x8, 0x7fffffff, 0x7ff, 0x10000}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x8c0}, 0x4004000) (async) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0x8, 0x7fffffff, 0x7ff, 0x10000}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x8c0}, 0x4004000) openat$nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x40400, 0x0) (async) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x40400, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(r2, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0xcff1509a584931cb}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x1bc, 0x2, 0x2, 0x3, 0x0, 0x0, {0xa, 0x0, 0x3}, [@CTA_EXPECT_FN={0x13, 0xb, 'callforwarding\x00'}, @CTA_EXPECT_TUPLE={0x4c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x18}}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x2}, @CTA_EXPECT_MASK={0x18, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010101}, {0x8, 0x2, @empty}}}]}, @CTA_EXPECT_TUPLE={0x50, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x85da8ac0a1df13f4}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @multicast2}}}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT={0xd0, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0xbc, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @rand_addr=0x64010102}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_EXPECT_NAT_DIR={0x8}]}]}, 0x1bc}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008890) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, 0x1, 0x2, 0x3, 0x0, 0x0, {0xa, 0x0, 0x6}, [@CTA_EXPECT_HELP_NAME={0x8, 0x6, 'RAS\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) (async) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, 0x1, 0x2, 0x3, 0x0, 0x0, {0xa, 0x0, 0x6}, [@CTA_EXPECT_HELP_NAME={0x8, 0x6, 'RAS\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000580), r2) sendmsg$TIPC_CMD_SET_LINK_PRI(r3, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x68, r4, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {}, {0x4c, 0x18, {0x4, @media='udp\x00'}}}, ["", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4c080}, 0x4000000) r5 = open_tree(r2, &(0x7f0000000700)='./file0\x00', 0x89800) syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), r5) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x10003, 0x0) getsockopt$SO_COOKIE(r3, 0x1, 0x39, &(0x7f0000000780), &(0x7f00000007c0)=0x8) r6 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000bc0)={0x0, &(0x7f0000000800)=[@code={0x1, 0x5a, {"48b820130000000000000f23d80f21f835c00000b00f23f8c461837c42000f01cbb8010000000f01d966653e420f0fe31d420f1c58c10f323e0fc301640fae79fb3e0fc79a8581acde"}}, @code={0x1, 0x45, {"450fc769c3420f01b8f5ffffff266443dc9900000000c48262f7be060000003e64410f01cf36f3abf30fc73664440f01c8f2aff4"}}, @uexit={0x0, 0x18, 0x79c}, @cpuid={0x2, 0x18, {0x9, 0x1}}, @uexit={0x0, 0x18, 0x1}, @uexit={0x0, 0x18, 0x10000}, @code={0x1, 0x64, {"660fc4ccf4c402610b97000000008fc8508eb2aa54000000c4214cc2ab7a000000db0f01d666baf80cb866654086ef66bafc0c66b8c40066ef673e0f0f2df856a6f2a6b9e20b00000f32c4c27d32c60fc76d00"}}, @code={0x1, 0x55, {"66b800008ee036f3400f09b805000000b9121e49e00f01d9360f01c8470f2045670f1c3a470f216e66baf80cb8ce049482ef66bafc0cec66660f3880510066b80b008ee8"}}, @uexit={0x0, 0x18, 0x100}, @cpuid={0x2, 0x18, {0x0, 0x1000}}, @cpuid={0x2, 0x18, {0x8, 0x8}}, @uexit={0x0, 0x18, 0x10}, @cpuid={0x2, 0x18, {0x5, 0x1}}, @code={0x1, 0x62, {"66baf80cb81ed7c682ef66bafc0c66b8a10066ef66baf80cb888bac48aef66bafc0cb800000000ef430f09440f01f8f226f2cf400f01c966baf80cb824018084ef66bafc0ced0f00d9470f2130640f001a"}}, @uexit={0x0, 0x18, 0x7}, @uexit={0x0, 0x18, 0x7fffffff}, @cpuid={0x2, 0x18, {0xa, 0x5}}, @cpuid={0x2, 0x18, {0x8001, 0x5}}, @code={0x1, 0x72, {"400f01b002000000640fc77a9fc461de5de1b90b030000b805940000ba000000000f30c744240042000000c7442402a312efcbff1c243664420f09b805000000b9009800000f01c1c4438542e900c42260f7a30800000066ba410066b8f03766ef"}}, @uexit={0x0, 0x18, 0x7fff}, @uexit={0x0, 0x18, 0x10001}, @uexit={0x0, 0x18, 0x1}], 0x3ac}) ioctl$KVM_KVMCLOCK_CTRL(r6, 0xaead) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000e40)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000e00)={&(0x7f0000000c40)={0x188, 0x0, 0x800, 0x70bd2d, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x8000}, {0xc, 0x90, 0xc95a}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x8000}, {0xc, 0x90, 0x10}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0xf}, {0xc, 0x90, 0xc}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x63}, {0xc, 0x90, 0x800}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xfffffffffffffff9}, {0xc, 0x90, 0x850}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x6}, {0xc, 0x90, 0xfffffffffffffffc}}]}, 0x188}, 0x1, 0x0, 0x0, 0x40000}, 0x4008081) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) fsetxattr$security_ima(r2, &(0x7f0000000e80), &(0x7f0000000ec0)=@v2={0x3, 0x2, 0x14, 0x0, 0x3c, "9ba101b582cd9adee0c5bac8ac601df0d082a0a18545a3c8a8908677acaf5097fdbd2fb60b09bc090a58bb028d36eb08f944d6e70f12259049dcaddd"}, 0x45, 0x3) (async) fsetxattr$security_ima(r2, &(0x7f0000000e80), &(0x7f0000000ec0)=@v2={0x3, 0x2, 0x14, 0x0, 0x3c, "9ba101b582cd9adee0c5bac8ac601df0d082a0a18545a3c8a8908677acaf5097fdbd2fb60b09bc090a58bb028d36eb08f944d6e70f12259049dcaddd"}, 0x45, 0x3) mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x300000c) (async) mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x300000c) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0x7, &(0x7f0000000f40)={0x16f4, 0x5, 0x3, 0x8}, 0x10) (async) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0x7, &(0x7f0000000f40)={0x16f4, 0x5, 0x3, 0x8}, 0x10) ioctl$VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000f80)=@mmap={0x8, 0x4, 0x4, 0x1, 0xffff, {0x77359400}, {0x1, 0x2, 0x7, 0x4, 0x18, 0x45, "fd24c4c8"}, 0x4, 0x1, {}, 0xfff, 0x0, r5}) ioctl$KVM_GET_VCPU_EVENTS(r6, 0x8040ae9f, &(0x7f0000001000)=@arm64) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000001040)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) (async) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000001040)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) syz_genetlink_get_family_id$l2tp(&(0x7f00000010c0), r5) (async) r8 = syz_genetlink_get_family_id$l2tp(&(0x7f00000010c0), r5) sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000001180)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x24, r8, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x6}, @L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x1}]}, 0x24}}, 0x2) ioctl$KVM_GET_XSAVE(r5, 0x9000aea4, &(0x7f00000011c0)) mount$bind(&(0x7f00000021c0)='./file0\x00', &(0x7f0000002200)='./file0\x00', &(0x7f0000002240), 0x841000, 0x0) 860.197625ms ago: executing program 0 (id=177): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @remote, 0x7}, 0x1c) sendto$inet6(r2, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) setsockopt$inet6_udp_int(r2, 0x11, 0x1, &(0x7f0000000080), 0x4) sendto$inet6(r2, 0x0, 0x0, 0x24048000, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0) 744.854318ms ago: executing program 2 (id=178): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, 0x0, 0x0) (async) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000000)) (async) setsockopt$sock_int(r1, 0x1, 0x24, &(0x7f0000000080)=0x80, 0x4) 620.845401ms ago: executing program 2 (id=179): r0 = syz_usb_connect(0x4, 0x24, &(0x7f00000007c0)=ANY=[@ANYRES64], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x9, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x2c, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r3, 0x45809000) 248.580419ms ago: executing program 0 (id=180): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x5c0a, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000180)=0x1, 0x4) (async) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0x800000000fe, 0x0) (async, rerun: 32) sendmsg$can_raw(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x1d, r1}, 0x10, &(0x7f0000000000)={&(0x7f00000001c0)=@canfd={{}, 0x2e, 0x0, 0x0, 0x0, "4e4e488e419039dda425818c34de45852abd1372621b404219373c9a72cdb611ef256a70bf66c39d7082f2809cbc3da9bb3c86e0c5e53cff15d561c53fe9ae3a"}, 0x48}}, 0x1) (async, rerun: 32) r4 = syz_open_procfs(0x0, &(0x7f0000000840)='sched\x00') r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xdf) (async, rerun: 32) lseek(r4, 0x1, 0x0) (async, rerun: 32) mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0) 104.579977ms ago: executing program 0 (id=181): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x1, 0x100000, 0x1000, &(0x7f000076d000/0x1000)=nil}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r3, &(0x7f0000001e80)={0x0, 0x0, &(0x7f0000001e40)={&(0x7f0000001d80)={0x20, 0x3, 0x8, 0x101, 0x0, 0x0, {0x1, 0x0, 0x6}, [@CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @fccp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x82}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x24000002) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00007c7000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x68942, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, r7, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f00000001c0)={0xc9, 0x0, 0xc}) mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000)={0x4, 0x6, 0xfa, 0x46}, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c45a0f60c605fc9f242d83118cb8e1c19e000000"], 0x14}}, 0x0) r9 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) preadv(r9, &(0x7f0000000880)=[{&(0x7f0000000380)=""/178, 0xb2}, {&(0x7f00000004c0)=""/146, 0x92}, {&(0x7f0000000580)=""/180, 0xb4}, {&(0x7f0000000640)=""/174, 0xae}, {&(0x7f0000000700)=""/238, 0xee}, {&(0x7f0000000800)=""/71, 0x47}, {&(0x7f0000001180)=""/4096, 0x1000}], 0x7, 0x7, 0x8000) readlinkat(0xffffffffffffffff, &(0x7f0000000900)='./file0\x00', &(0x7f0000000940)=""/227, 0xe3) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000440)={@local, 0x2}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x12, 0xffffffffffffffff, 0x99b33000) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r4) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x34, r10, 0x800, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x5a}, @void, @val={0xc, 0x99, {0x7edb4dd5, 0xb}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x101ff, 0x3, 0x10000000000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 95.132204ms ago: executing program 1 (id=182): sendmsg$unix(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2ac3c2d5fa4423c5ad1ddee978", 0xd}], 0x1}, 0x840) (async) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[], 0x57) (async) r1 = creat(&(0x7f0000001380)='./file0\x00', 0x4) setsockopt$pppl2tp_PPPOL2TP_SO_LNSMODE(r1, 0x111, 0x4, 0x0, 0x4) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)={0x34, r4, 0x205, 0x800000, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x7}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008040}, 0x48810) (async) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2f9aa6bcc788802ea3b7b8e736342e0000", @ANYRES16=r5, @ANYBLOB="01052dbd7000fcdbdf25010000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x2000c010) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) (async) lsetxattr$security_ima(&(0x7f0000000040)='./file1/file4\x00', &(0x7f0000000100), &(0x7f0000000180)=@md5={0x1, "598ef15e2de45204bfdb11ec9cbfc30b"}, 0x11, 0x0) (async) mount(&(0x7f0000000080)=@md0, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext3\x00', 0x400, 0x0) 0s ago: executing program 1 (id=183): r0 = syz_open_dev$vim2m(&(0x7f0000000280), 0x800000000020001, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {}, {}, 0x20000, 0x1, {0x0}}) creat(&(0x7f0000000080)='./file0\x00', 0x2) mount(&(0x7f0000000180)=@rnullb, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='jfs\x00', 0x8010, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.125' (ED25519) to the list of known hosts. [ 84.381951][ T5836] cgroup: Unknown subsys name 'net' [ 84.591420][ T5836] cgroup: Unknown subsys name 'cpuset' [ 84.601269][ T5836] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.269484][ T5836] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.716783][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.725605][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.733194][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.741221][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.749034][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.757558][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.765319][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.812116][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.820590][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.828496][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.835836][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.869032][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.879821][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.906231][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.917214][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.943635][ T5168] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.955390][ T5168] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.963042][ T5168] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.971466][ T5168] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.979460][ T5168] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.349288][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 89.508496][ T5855] chnl_net:caif_netlink_parms(): no params data found [ 89.550653][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.558587][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.565974][ T5846] bridge_slave_0: entered allmulticast mode [ 89.574047][ T5846] bridge_slave_0: entered promiscuous mode [ 89.583718][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 89.629891][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.637190][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.644435][ T5846] bridge_slave_1: entered allmulticast mode [ 89.651910][ T5846] bridge_slave_1: entered promiscuous mode [ 89.768245][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.803853][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.819554][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 89.874594][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.881913][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.889365][ T5855] bridge_slave_0: entered allmulticast mode [ 89.896697][ T5855] bridge_slave_0: entered promiscuous mode [ 89.954643][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.962506][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.969981][ T5855] bridge_slave_1: entered allmulticast mode [ 89.977213][ T5855] bridge_slave_1: entered promiscuous mode [ 89.985505][ T5846] team0: Port device team_slave_0 added [ 89.994725][ T5846] team0: Port device team_slave_1 added [ 90.000906][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.008222][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.015364][ T5850] bridge_slave_0: entered allmulticast mode [ 90.022825][ T5850] bridge_slave_0: entered promiscuous mode [ 90.081121][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.089498][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.097081][ T5850] bridge_slave_1: entered allmulticast mode [ 90.104074][ T5850] bridge_slave_1: entered promiscuous mode [ 90.127064][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.134021][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.162162][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.201154][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.211897][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.219179][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.245258][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.293037][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.332767][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.342095][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.349951][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.357191][ T5858] bridge_slave_0: entered allmulticast mode [ 90.364416][ T5858] bridge_slave_0: entered promiscuous mode [ 90.372697][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.379948][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.387493][ T5858] bridge_slave_1: entered allmulticast mode [ 90.394538][ T5858] bridge_slave_1: entered promiscuous mode [ 90.403108][ T5855] team0: Port device team_slave_0 added [ 90.412633][ T5855] team0: Port device team_slave_1 added [ 90.420960][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.525379][ T5846] hsr_slave_0: entered promiscuous mode [ 90.531877][ T5846] hsr_slave_1: entered promiscuous mode [ 90.568079][ T5850] team0: Port device team_slave_0 added [ 90.576561][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.605323][ T5850] team0: Port device team_slave_1 added [ 90.626862][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.636632][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.643591][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.670043][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.718719][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.725777][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.753037][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.779012][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.785963][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.811948][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.849373][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.856518][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.883194][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.895980][ T5858] team0: Port device team_slave_0 added [ 90.897308][ T5851] Bluetooth: hci0: command tx timeout [ 90.907110][ T5168] Bluetooth: hci1: command tx timeout [ 90.924112][ T5858] team0: Port device team_slave_1 added [ 90.976656][ T5851] Bluetooth: hci2: command tx timeout [ 91.002163][ T5855] hsr_slave_0: entered promiscuous mode [ 91.009159][ T5855] hsr_slave_1: entered promiscuous mode [ 91.015206][ T5855] debugfs: 'hsr0' already exists in 'hsr' [ 91.021846][ T5855] Cannot create hsr debugfs directory [ 91.041270][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.048579][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.056747][ T5851] Bluetooth: hci3: command tx timeout [ 91.074670][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.077065][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.097861][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.123788][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.220933][ T5850] hsr_slave_0: entered promiscuous mode [ 91.227682][ T5850] hsr_slave_1: entered promiscuous mode [ 91.233736][ T5850] debugfs: 'hsr0' already exists in 'hsr' [ 91.239589][ T5850] Cannot create hsr debugfs directory [ 91.280572][ T5858] hsr_slave_0: entered promiscuous mode [ 91.287185][ T5858] hsr_slave_1: entered promiscuous mode [ 91.293284][ T5858] debugfs: 'hsr0' already exists in 'hsr' [ 91.299417][ T5858] Cannot create hsr debugfs directory [ 91.556713][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.609291][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.645986][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.656234][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.740348][ T5855] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.755454][ T5855] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.770516][ T5855] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.793904][ T5855] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.854410][ T5858] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.877487][ T5858] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.917484][ T5858] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.929443][ T5858] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.005727][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.026981][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.037337][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.052859][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.099235][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.140056][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.162646][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.169922][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.203296][ T3455] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.210547][ T3455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.255938][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.304362][ T5855] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.340543][ T3455] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.347719][ T3455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.366055][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.382731][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.390084][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.433157][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.480773][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.487962][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.532411][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.541135][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.548388][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.631621][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.665247][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.672502][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.707849][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.715025][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.897878][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.977457][ T5851] Bluetooth: hci0: command tx timeout [ 92.979228][ T5168] Bluetooth: hci1: command tx timeout [ 93.042201][ T5846] veth0_vlan: entered promiscuous mode [ 93.057173][ T5168] Bluetooth: hci2: command tx timeout [ 93.118765][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.136824][ T5168] Bluetooth: hci3: command tx timeout [ 93.141853][ T5846] veth1_vlan: entered promiscuous mode [ 93.205596][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.292328][ T5858] veth0_vlan: entered promiscuous mode [ 93.311788][ T5846] veth0_macvtap: entered promiscuous mode [ 93.335707][ T5846] veth1_macvtap: entered promiscuous mode [ 93.362693][ T5858] veth1_vlan: entered promiscuous mode [ 93.394901][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.413807][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.424761][ T5855] veth0_vlan: entered promiscuous mode [ 93.440082][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.475942][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.485787][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.498502][ T5855] veth1_vlan: entered promiscuous mode [ 93.519180][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.529140][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.543485][ T5858] veth0_macvtap: entered promiscuous mode [ 93.580934][ T5858] veth1_macvtap: entered promiscuous mode [ 93.624581][ T5850] veth0_vlan: entered promiscuous mode [ 93.697758][ T5850] veth1_vlan: entered promiscuous mode [ 93.709976][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.721505][ T3013] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.725488][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.739353][ T3013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.776802][ T5855] veth0_macvtap: entered promiscuous mode [ 93.791482][ T1155] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.802704][ T1155] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.822824][ T3013] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.833209][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.833514][ T3013] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.852226][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.855672][ T5855] veth1_macvtap: entered promiscuous mode [ 93.944017][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.978724][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.981927][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.014106][ T5850] veth0_macvtap: entered promiscuous mode [ 94.031255][ T5850] veth1_macvtap: entered promiscuous mode [ 94.051352][ T3013] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.063355][ T3013] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.077038][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.084977][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.100145][ T3013] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.121029][ T3013] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.148616][ T5936] ======================================================= [ 94.148616][ T5936] WARNING: The mand mount option has been deprecated and [ 94.148616][ T5936] and is ignored by this kernel. Remove the mand [ 94.148616][ T5936] option from the mount to silence this warning. [ 94.148616][ T5936] ======================================================= [ 94.171988][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.239402][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.250915][ T5936] XFS (rnullb0): Invalid superblock magic number [ 94.277003][ T3013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.289824][ T3013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.317826][ T1155] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.332948][ T5936] syzkaller1: entered promiscuous mode [ 94.341996][ T5936] syzkaller1: entered allmulticast mode [ 94.382867][ T1155] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.422091][ T1155] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.448130][ T1155] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.473471][ T3455] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.505180][ T3455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.594047][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.594085][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.619483][ T5168] Bluetooth: unknown link type 9 [ 94.624700][ T5168] Bluetooth: hci0: connection err: -111 [ 94.625151][ T5947] tmpfs: Group quota block hardlimit too large. [ 94.686150][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.721772][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.805690][ T3455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.806550][ T5950] netlink: 1010 bytes leftover after parsing attributes in process `syz.3.6'. [ 94.830592][ T3455] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.847428][ T5950] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 94.916068][ T5953] sp0: Synchronizing with TNC [ 95.056649][ T5168] Bluetooth: hci1: command tx timeout [ 95.104813][ T5962] exFAT-fs (rnullb0): invalid boot record signature [ 95.113343][ T5962] exFAT-fs (rnullb0): failed to read boot sector [ 95.121793][ T5962] exFAT-fs (rnullb0): failed to recognize exfat type [ 95.136779][ T5168] Bluetooth: hci2: command tx timeout [ 95.159338][ T5962] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2'. [ 95.216503][ T5168] Bluetooth: hci3: command tx timeout [ 95.251256][ T5964] syz.2.8: attempt to access beyond end of device [ 95.251256][ T5964] loop2: rw=0, sector=2, nr_sectors = 2 limit=0 [ 95.264111][ T5964] vxfs: unable to read disk superblock at 1 [ 95.270841][ T5964] syz.2.8: attempt to access beyond end of device [ 95.270841][ T5964] loop2: rw=0, sector=16, nr_sectors = 2 limit=0 [ 95.283921][ T5964] vxfs: unable to read disk superblock at 8 [ 95.292313][ T5964] vxfs: can't find superblock. [ 95.361149][ T5966] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.627481][ T5978] /dev/rnullb0: Can't open blockdev [ 95.645187][ T5979] /dev/sg0: Can't lookup blockdev [ 95.926608][ T9] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 96.153385][ T5993] /dev/rnullb0: Can't open blockdev [ 96.721404][ T3526] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 96.765808][ T6000] 9pnet_virtio: no channels available for device 127.0.0.1 [ 96.942638][ T3526] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 96.970227][ T3526] usb 3-1: config 1 interface 0 has no altsetting 0 [ 96.988609][ T6001] /dev/rnullb0: Can't open blockdev [ 97.003795][ T3526] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 97.034338][ T3526] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.061402][ T3526] usb 3-1: Product: syz [ 97.065726][ T3526] usb 3-1: Manufacturer: syz [ 97.074955][ T3526] usb 3-1: SerialNumber: syz [ 97.081714][ T6004] /dev/rnullb0: Can't open blockdev [ 97.137510][ T5168] Bluetooth: hci1: command tx timeout [ 97.149578][ T24] cfg80211: failed to load regulatory.db [ 97.226912][ T5168] Bluetooth: hci2: command tx timeout [ 97.296709][ T5168] Bluetooth: hci3: command tx timeout [ 97.352815][ T5997] /dev/rnullb0: Can't open blockdev [ 97.438471][ T3526] pxrc 3-1:1.0: Could not find endpoint [ 97.465509][ T3526] usb 3-1: USB disconnect, device number 2 [ 97.587072][ T6004] netlink: 76 bytes leftover after parsing attributes in process `syz.3.21'. [ 97.861313][ T6009] tmpfs: Bad value for 'mpol' [ 98.518185][ T6026] overlayfs: missing 'lowerdir' [ 98.793389][ T6030] /dev/rnullb0: Can't open blockdev [ 98.846980][ T5957] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 99.018791][ T5957] usb 4-1: Using ep0 maxpacket: 8 [ 99.033850][ T5957] usb 4-1: config index 0 descriptor too short (expected 19730, got 18) [ 99.047534][ T5957] usb 4-1: config 0 has too many interfaces: 54, using maximum allowed: 32 [ 99.066957][ T5957] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 54 [ 99.084465][ T5957] usb 4-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d [ 99.102468][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.112794][ T5957] usb 4-1: Product: syz [ 99.118874][ T5957] usb 4-1: Manufacturer: syz [ 99.123712][ T5957] usb 4-1: SerialNumber: syz [ 99.152429][ T5957] usb 4-1: config 0 descriptor?? [ 99.169205][ T5957] gspca_main: sn9c2028-2.14.0 probing 0c45:8001 [ 99.240768][ T5892] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 99.371378][ T5957] gspca_sn9c2028: read1 error -71 [ 99.381811][ T5892] usb 3-1: device descriptor read/64, error -71 [ 99.388769][ T5957] gspca_sn9c2028: read1 error -71 [ 99.396600][ T5957] gspca_sn9c2028: read1 error -71 [ 99.401844][ T5957] sn9c2028 4-1:0.0: probe with driver sn9c2028 failed with error -71 [ 99.420495][ T5957] usb 4-1: USB disconnect, device number 2 [ 99.563149][ T6046] netlink: 16 bytes leftover after parsing attributes in process `syz.1.35'. [ 99.626402][ T5892] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 99.634037][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 99.705985][ T6049] syz.1.36 uses obsolete (PF_INET,SOCK_PACKET) [ 99.713792][ T6049] syzkaller1: entered promiscuous mode [ 99.719706][ T6049] syzkaller1: entered allmulticast mode [ 99.777354][ T5892] usb 3-1: device descriptor read/64, error -71 [ 99.799081][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 99.808361][ T9] usb 1-1: config 255 has an invalid interface number: 154 but max is 0 [ 99.817295][ T9] usb 1-1: config 255 has no interface number 0 [ 99.823723][ T9] usb 1-1: config 255 interface 154 has no altsetting 0 [ 99.833349][ T9] usb 1-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=9a.6f [ 99.842789][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.850985][ T9] usb 1-1: Product: syz [ 99.856274][ T9] usb 1-1: Manufacturer: syz [ 99.861873][ T9] usb 1-1: SerialNumber: syz [ 99.886917][ T5892] usb usb3-port1: attempt power cycle [ 100.124344][ T9] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 100.231341][ T5892] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 100.282001][ T5892] usb 3-1: device descriptor read/8, error -71 [ 100.303321][ T9] usb 1-1: USB disconnect, device number 3 [ 100.328964][ T6065] Zero length message leads to an empty skb [ 100.379849][ T6066] udevd[6066]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:255.154/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 100.526533][ T5892] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 100.559301][ T5892] usb 3-1: device descriptor read/8, error -71 [ 100.666853][ T5892] usb usb3-port1: unable to enumerate USB device [ 100.833900][ T6070] comedi comedi3: comedi_config --init_data is deprecated [ 100.962814][ T30] audit: type=1326 audit(1751823605.427:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6076 comm="syz.3.45" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc3b798e929 code=0x0 [ 101.206580][ T6096] NILFS (rnullb0): couldn't find nilfs on the device [ 101.926461][ T5892] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 101.972905][ T6110] netlink: 'syz.2.55': attribute type 291 has an invalid length. [ 102.119733][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.130818][ T5892] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 102.144480][ T5892] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 102.167415][ T3526] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 102.176089][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.220873][ T5892] usb 2-1: config 0 descriptor?? [ 102.342711][ T3526] usb 4-1: config index 0 descriptor too short (expected 1051, got 27) [ 102.351907][ T6123] XFS (rnullb0): Invalid superblock magic number [ 102.358346][ T3526] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10 [ 102.377470][ T3526] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 102.445020][ T3526] usb 4-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9 [ 102.454452][ T3526] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.463041][ T3526] usb 4-1: Product: syz [ 102.467412][ T3526] usb 4-1: Manufacturer: syz [ 102.472031][ T3526] usb 4-1: SerialNumber: syz [ 102.475619][ T5892] usbhid 2-1:0.0: can't add hid device: -71 [ 102.502768][ T3526] usb 4-1: config 0 descriptor?? [ 102.508191][ T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 102.515456][ T5892] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 102.537193][ T6129] syzkaller1: entered promiscuous mode [ 102.542702][ T6129] syzkaller1: entered allmulticast mode [ 102.560230][ T5892] usb 2-1: USB disconnect, device number 2 [ 102.656828][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 102.670012][ T24] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 102.680471][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.689061][ T24] usb 3-1: Product: syz [ 102.693409][ T24] usb 3-1: Manufacturer: syz [ 102.698491][ T24] usb 3-1: SerialNumber: syz [ 102.706209][ T24] usb 3-1: config 0 descriptor?? [ 102.787456][ T6131] netlink: 240 bytes leftover after parsing attributes in process `syz.3.54'. [ 102.823532][ T3526] usb 4-1: USB disconnect, device number 3 [ 102.915891][ T24] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 103.416405][ T5892] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 103.566432][ T5892] usb 1-1: device descriptor read/64, error -71 [ 103.683404][ T6156] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.693753][ T6156] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.737393][ T6154] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.772668][ T6154] bond0: (slave rose0): Enslaving as an active interface with an up link [ 103.816671][ T5892] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 103.865907][ T24] usb write operation failed. (-71) [ 103.893353][ T24] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 103.909028][ T5957] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 103.923141][ T24] dvbdev: DVB: registering new adapter (Terratec H7) [ 103.955778][ T24] usb 3-1: media controller created [ 103.965483][ T24] usb read operation failed. (-71) [ 103.966478][ T5892] usb 1-1: device descriptor read/64, error -71 [ 103.976474][ T24] usb write operation failed. (-71) [ 104.011773][ T24] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 104.045208][ T24] usb 3-1: USB disconnect, device number 7 [ 104.057242][ T5957] usb 2-1: device descriptor read/64, error -71 [ 104.097661][ T5892] usb usb1-port1: attempt power cycle [ 104.316746][ T5957] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 104.407439][ T6176] XFS (rnullb0): Invalid superblock magic number [ 104.457207][ T5892] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 104.472332][ T6185] hpfs: Bad magic ... probably not HPFS [ 104.474102][ T5957] usb 2-1: device descriptor read/64, error -71 [ 104.518788][ T5892] usb 1-1: device descriptor read/8, error -71 [ 104.617707][ T5957] usb usb2-port1: attempt power cycle [ 104.766472][ T5892] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 104.800699][ T5892] usb 1-1: device descriptor read/8, error -71 [ 104.912210][ T6196] netlink: 260 bytes leftover after parsing attributes in process `syz.2.69'. [ 104.921817][ T5892] usb usb1-port1: unable to enumerate USB device [ 104.966553][ T5957] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 104.999052][ T5957] usb 2-1: device descriptor read/8, error -71 [ 105.036507][ T5913] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 105.203262][ T5913] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 105.212518][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.228625][ T5913] usb 4-1: config 0 descriptor?? [ 105.238191][ T5957] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 105.246636][ T5913] cp210x 4-1:0.0: cp210x converter detected [ 105.277227][ T5957] usb 2-1: device descriptor read/8, error -71 [ 105.356691][ T5892] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 105.387447][ T5957] usb usb2-port1: unable to enumerate USB device [ 105.526419][ T5892] usb 3-1: Using ep0 maxpacket: 8 [ 105.542042][ T5892] usb 3-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 105.553537][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.561740][ T5892] usb 3-1: Product: syz [ 105.566087][ T5892] usb 3-1: Manufacturer: syz [ 105.570874][ T5892] usb 3-1: SerialNumber: syz [ 105.579912][ T5892] usb 3-1: config 0 descriptor?? [ 105.595003][ T5892] gspca_main: sq905-2.14.0 probing 2770:9120 [ 106.196639][ T5892] gspca_sq905: sq905_command: usb_control_msg failed 2 (-32) [ 106.222937][ T5892] sq905 3-1:0.0: probe with driver sq905 failed with error -32 [ 106.329704][ T6219] loop6: detected capacity change from 0 to 1 [ 106.352221][ T5857] Dev loop6: unable to read RDB block 1 [ 106.359613][ T5857] loop6: unable to read partition table [ 106.365679][ T5857] loop6: partition table beyond EOD, truncated [ 106.384248][ T6219] Dev loop6: unable to read RDB block 1 [ 106.398356][ T6219] loop6: unable to read partition table [ 106.404222][ T6219] loop6: partition table beyond EOD, truncated [ 106.482100][ T6219] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 106.946983][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 107.111007][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.129661][ T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 107.151542][ T9] usb 1-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 107.167012][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.185707][ T9] usb 1-1: Product: syz [ 107.191585][ T9] usb 1-1: Manufacturer: syz [ 107.207067][ T9] usb 1-1: SerialNumber: syz [ 107.215021][ T9] usb 1-1: config 0 descriptor?? [ 107.285645][ T9] usb 3-1: USB disconnect, device number 8 [ 107.427457][ T30] audit: type=1800 audit(1751823611.897:3): pid=6222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.73" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 107.517735][ T6234] sit0: entered promiscuous mode [ 107.562593][ T6234] netlink: 'syz.1.77': attribute type 1 has an invalid length. [ 107.579700][ T6234] netlink: 1 bytes leftover after parsing attributes in process `syz.1.77'. [ 107.590844][ T6236] /dev/rnullb0: Can't open blockdev [ 107.805725][ T6245] kAFS: unparsable volume name [ 107.817526][ T5913] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -71 [ 107.865653][ T5913] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 107.897040][ T5913] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 107.921433][ T5913] usb 4-1: cp210x converter now attached to ttyUSB0 [ 107.959041][ T5913] usb 4-1: USB disconnect, device number 4 [ 107.979263][ T6248] loop6: detected capacity change from 0 to 1 [ 107.984573][ T5913] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 108.004897][ T6248] Dev loop6: unable to read RDB block 1 [ 108.016284][ T5913] cp210x 4-1:0.0: device disconnected [ 108.027842][ T6248] loop6: unable to read partition table [ 108.041306][ T6248] loop6: partition table beyond EOD, truncated [ 108.066725][ T6248] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 108.181372][ T6254] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 108.193434][ T6254] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 108.201378][ T6256] netlink: 16 bytes leftover after parsing attributes in process `syz.3.85'. [ 108.477884][ T6268] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 108.648916][ T6274] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 108.663046][ T6274] /dev/rnullb0: Can't open blockdev [ 108.676411][ T5913] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 108.807526][ T5913] usb 2-1: device descriptor read/64, error -71 [ 108.835523][ T6278] loop6: detected capacity change from 0 to 1 [ 108.845285][ T5857] Dev loop6: unable to read RDB block 1 [ 108.852200][ T5857] loop6: unable to read partition table [ 108.858246][ T5857] loop6: partition table beyond EOD, truncated [ 108.870237][ T6278] Dev loop6: unable to read RDB block 1 [ 108.876226][ T6278] loop6: unable to read partition table [ 108.882613][ T6278] loop6: partition table beyond EOD, truncated [ 108.891785][ T6278] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 109.036729][ T6283] netlink: 24 bytes leftover after parsing attributes in process `syz.2.95'. [ 109.067960][ T5913] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 109.166945][ T6285] /dev/rnullb0: Can't open blockdev [ 109.183022][ T6286] /dev/rnullb0: Can't open blockdev [ 109.216476][ T5913] usb 2-1: device descriptor read/64, error -71 [ 109.340594][ T5913] usb usb2-port1: attempt power cycle [ 109.355026][ T6291] usb usb8: usbfs: process 6291 (syz.3.98) did not claim interface 0 before use [ 109.368784][ T6292] /dev/rnullb0: Can't open blockdev [ 109.651994][ T6299] syzkaller1: entered promiscuous mode [ 109.657672][ T6299] syzkaller1: entered allmulticast mode [ 109.696748][ T5913] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 109.717142][ T5913] usb 2-1: device descriptor read/8, error -71 [ 109.722598][ T5892] usb 1-1: USB disconnect, device number 8 [ 109.862034][ T6304] loop6: detected capacity change from 0 to 1 [ 109.885444][ T6304] Dev loop6: unable to read RDB block 1 [ 109.910067][ T6304] loop6: unable to read partition table [ 109.930777][ T6304] loop6: partition table beyond EOD, truncated [ 109.948369][ T6304] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 109.958872][ T5913] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 110.004330][ T5913] usb 2-1: device descriptor read/8, error -71 [ 110.128044][ T5913] usb usb2-port1: unable to enumerate USB device [ 110.147957][ T6311] Invalid ELF header magic: != ELF [ 110.222747][ T6309] /dev/rnullb0: Can't open blockdev [ 110.465688][ T6323] /dev/rnullb0: Can't open blockdev [ 110.750803][ T6330] tipc: Started in network mode [ 110.755750][ T6330] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 110.765854][ T6330] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:00fe:00bb [ 110.780341][ T6330] tipc: Enabled bearer , priority 10 [ 110.790045][ T6330] warning: `syz.0.109' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 110.918110][ T6334] loop6: detected capacity change from 0 to 1 [ 110.926148][ T5857] Dev loop6: unable to read RDB block 1 [ 110.932218][ T5857] loop6: unable to read partition table [ 110.938758][ T5857] loop6: partition table beyond EOD, truncated [ 110.951060][ T6334] Dev loop6: unable to read RDB block 1 [ 110.956810][ T6334] loop6: unable to read partition table [ 110.962663][ T6334] loop6: partition table beyond EOD, truncated [ 110.969164][ T6334] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 111.234359][ T6341] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 111.286596][ T5892] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 111.475219][ T5892] usb 4-1: Using ep0 maxpacket: 8 [ 111.486818][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 111.498821][ T5892] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 111.508895][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.517492][ T5892] usb 4-1: Product: syz [ 111.521681][ T5892] usb 4-1: Manufacturer: syz [ 111.526290][ T5892] usb 4-1: SerialNumber: syz [ 111.537600][ T5892] usb 4-1: config 0 descriptor?? [ 111.670986][ T9] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 111.693385][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 111.705223][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 111.717208][ T9] usb 1-1: Product: syz [ 111.721468][ T9] usb 1-1: Manufacturer: syz [ 111.726121][ T9] usb 1-1: SerialNumber: syz [ 111.755536][ T5892] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 111.897640][ T5912] tipc: Node number set to 1 [ 111.948280][ T9] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 112.106639][ T5913] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 112.267308][ T5913] usb 2-1: Using ep0 maxpacket: 8 [ 112.278693][ T5913] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 112.290704][ T5913] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0 [ 112.300455][ T5913] usb 2-1: config 0 interface 0 has no altsetting 0 [ 112.310297][ T5913] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 112.319658][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.327757][ T5913] usb 2-1: Product: syz [ 112.334048][ T5913] usb 2-1: Manufacturer: syz [ 112.339109][ T5913] usb 2-1: SerialNumber: syz [ 112.350181][ T5913] usb 2-1: config 0 descriptor?? [ 112.368479][ T5913] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found [ 112.442202][ T5899] usb 1-1: USB disconnect, device number 9 [ 112.454833][ T5899] usblp0: removed [ 112.579291][ T5913] snd_usb_toneport 2-1:0.0: cannot get proper max packet size [ 112.590859][ T5913] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected [ 112.602126][ T5913] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 112.849376][ T6361] /dev/rnullb0: Can't open blockdev [ 113.082602][ T6367] loop6: detected capacity change from 0 to 1 [ 113.110798][ T6367] Dev loop6: unable to read RDB block 1 [ 113.156462][ T6367] loop6: unable to read partition table [ 113.162476][ T6367] loop6: partition table beyond EOD, truncated [ 113.177630][ T6336] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 113.180439][ T6367] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 113.218960][ T6336] Malformed UNC in devname [ 113.218960][ T6336] [ 113.240410][ T6336] CIFS: VFS: Malformed UNC in devname [ 113.262449][ T5892] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 113.297266][ T5892] usb 4-1: USB disconnect, device number 5 [ 113.435096][ T6379] process 'syz.0.123' launched './file1' with NULL argv: empty string added [ 113.512028][ T5899] usb 2-1: USB disconnect, device number 11 [ 113.639030][ T6389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.649189][ T6389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.754562][ T6379] /dev/rnullb0: Can't open blockdev [ 113.866430][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 113.903149][ T6394] loop6: detected capacity change from 0 to 7 [ 113.912082][ T5857] Dev loop6: unable to read RDB block 7 [ 113.918421][ T5857] loop6: AHDI p1 p2 [ 113.922385][ T5857] loop6: partition table partially beyond EOD, truncated [ 113.930000][ T5857] loop6: p1 start 926365495 is beyond EOD, truncated [ 113.942146][ T6394] Dev loop6: unable to read RDB block 7 [ 113.948315][ T6394] loop6: AHDI p1 p2 [ 113.952252][ T6394] loop6: partition table partially beyond EOD, truncated [ 113.959896][ T6394] loop6: p1 start 926365495 is beyond EOD, truncated [ 114.026396][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 114.047980][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.060173][ T6396] /dev/rnullb0: Can't open blockdev [ 114.096429][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.116953][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 114.146510][ T9] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 114.165843][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.193690][ T9] usb 3-1: config 0 descriptor?? [ 114.447624][ T6403] loop6: detected capacity change from 0 to 1 [ 114.455455][ T5857] Dev loop6: unable to read RDB block 1 [ 114.461731][ T5857] loop6: unable to read partition table [ 114.468171][ T5857] loop6: partition table beyond EOD, truncated [ 114.477786][ T6403] Dev loop6: unable to read RDB block 1 [ 114.491947][ T6403] loop6: unable to read partition table [ 114.505015][ T6403] loop6: partition table beyond EOD, truncated [ 114.532801][ T6403] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 114.604715][ T6389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.624091][ T6389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.649122][ T9] microsoft 0003:045E:07DA.0001: ignoring exceeding usage max [ 114.679279][ T9] microsoft 0003:045E:07DA.0001: unbalanced collection at end of report description [ 114.690676][ T9] microsoft 0003:045E:07DA.0001: parse failed [ 114.697759][ T9] microsoft 0003:045E:07DA.0001: probe with driver microsoft failed with error -22 [ 114.736500][ T5892] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 114.871033][ T6390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.891071][ T6390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.910132][ T5892] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 114.916476][ T6389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.923451][ T5892] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 114.935822][ T6390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.964152][ T6415] tmpfs: Unknown parameter 'usrqu' [ 114.970593][ T6415] /dev/rnullb0: Can't open blockdev [ 114.984074][ T5892] usb 4-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 114.990126][ T6390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.001096][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.013666][ T5892] usb 4-1: Product: syz [ 115.018116][ T5892] usb 4-1: Manufacturer: syz [ 115.022854][ T5892] usb 4-1: SerialNumber: syz [ 115.033613][ T5892] usb 4-1: config 0 descriptor?? [ 115.055011][ T6389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.248134][ T5913] usb 3-1: USB disconnect, device number 9 [ 115.259335][ T30] audit: type=1800 audit(1751823619.717:4): pid=6404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.130" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 115.742057][ T6432] loop6: detected capacity change from 0 to 7 [ 115.750774][ T6432] Dev loop6: unable to read RDB block 7 [ 115.756766][ T6432] loop6: AHDI p1 p2 [ 115.773227][ T6432] loop6: partition table partially beyond EOD, truncated [ 115.789134][ T6432] loop6: p1 start 926365495 is beyond EOD, truncated [ 115.898911][ T6434] trusted_key: encrypted_key: key user:syz not found [ 115.902271][ T6434] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 116.020516][ T6438] loop6: detected capacity change from 0 to 1 [ 116.031592][ T6438] Dev loop6: unable to read RDB block 1 [ 116.039682][ T6438] loop6: unable to read partition table [ 116.045723][ T6438] loop6: partition table beyond EOD, truncated [ 116.065699][ T6438] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 116.486389][ T5913] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 116.496129][ T6449] netlink: 60 bytes leftover after parsing attributes in process `syz.0.144'. [ 116.540885][ T6448] netlink: 60 bytes leftover after parsing attributes in process `syz.0.144'. [ 116.666432][ T5913] usb 2-1: Using ep0 maxpacket: 8 [ 116.679745][ T5913] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 116.695968][ T5913] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0 [ 116.713155][ T5913] usb 2-1: config 0 interface 0 has no altsetting 0 [ 116.719307][ T6453] FAT-fs (rnullb0): bogus number of reserved sectors [ 116.723973][ T5913] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 116.730760][ T6453] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 116.738395][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.753297][ T5913] usb 2-1: Product: syz [ 116.760657][ T5913] usb 2-1: Manufacturer: syz [ 116.765456][ T5913] usb 2-1: SerialNumber: syz [ 116.791126][ T5913] usb 2-1: config 0 descriptor?? [ 116.806132][ T5913] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found [ 116.879108][ T6455] loop6: detected capacity change from 0 to 7 [ 116.896412][ T6455] loop6: [POWERTEC] p1 p2 p3 p4 p5 p6 [ 116.902104][ T6455] loop6: p1 size 1680801792 extends beyond EOD, truncated [ 116.915864][ T6455] loop6: p2 start 2602905181 is beyond EOD, truncated [ 116.922955][ T6455] loop6: p3 start 1745589262 is beyond EOD, truncated [ 116.932974][ T6455] loop6: p4 start 325178268 is beyond EOD, truncated [ 116.939967][ T6455] loop6: p5 start 2326339850 is beyond EOD, truncated [ 116.950061][ T6455] loop6: p6 start 2562259694 is beyond EOD, truncated [ 117.017651][ T5913] snd_usb_toneport 2-1:0.0: cannot get proper max packet size [ 117.046630][ T5913] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected [ 117.068642][ T5913] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 117.092863][ T5857] udevd[5857]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 117.143703][ T6457] Bluetooth: MGMT ver 1.23 [ 117.456509][ T5899] usb 4-1: USB disconnect, device number 6 [ 117.490548][ T6465] /dev/rnullb0: Can't open blockdev [ 117.706885][ T5892] usb 2-1: USB disconnect, device number 12 [ 118.126615][ T5892] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 118.292671][ T5892] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 118.336783][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 118.396792][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 118.417981][ T6492] dvmrp0: entered allmulticast mode [ 118.423455][ T5892] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 118.462773][ T6492] 9pnet_fd: Insufficient options for proto=fd [ 118.466478][ T5892] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 118.516431][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.537509][ T5892] usb 4-1: config 0 descriptor?? [ 118.716385][ T24] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 118.863308][ T6498] loop6: detected capacity change from 0 to 7 [ 118.866432][ T24] usb 3-1: device descriptor read/64, error -71 [ 118.887345][ T5857] loop6: [POWERTEC] p1 p2 p3 p4 p5 p6 [ 118.898914][ T5857] loop6: p1 size 1680801792 extends beyond EOD, truncated [ 118.921700][ T5857] loop6: p2 start 2602905181 is beyond EOD, truncated [ 118.940547][ T5857] loop6: p3 start 1745589262 is beyond EOD, truncated [ 118.954460][ T6476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.152'. [ 118.970687][ T5892] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 118.986366][ T5857] loop6: p4 start 325178268 is beyond EOD, truncated [ 118.993349][ T5892] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 119.007158][ T5857] loop6: p5 start 2326339850 is beyond EOD, truncated [ 119.014057][ T5892] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 119.024130][ T5857] loop6: p6 start 2562259694 is beyond EOD, truncated [ 119.031098][ T5892] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 119.060436][ T5892] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 119.075261][ T6498] loop6: [POWERTEC] p1 p2 p3 p4 p5 p6 [ 119.082784][ T5892] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 119.092338][ T6498] loop6: p1 size 1680801792 extends beyond EOD, truncated [ 119.101456][ T5892] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 119.117903][ T5892] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 119.126030][ T6498] loop6: p2 start 2602905181 is beyond EOD, truncated [ 119.135693][ T5892] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 119.145942][ T5892] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 119.203219][ T5892] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 119.218900][ T6498] loop6: p3 start 1745589262 is beyond EOD, truncated [ 119.225756][ T6498] loop6: p4 start 325178268 is beyond EOD, truncated [ 119.271246][ T5892] usb 4-1: USB disconnect, device number 7 [ 119.307402][ T6498] loop6: p5 start 2326339850 is beyond EOD, truncated [ 119.325864][ T6498] loop6: p6 start 2562259694 is beyond EOD, truncated [ 119.376649][ T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 119.431261][ T5857] udevd[5857]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 119.520946][ T5857] udevd[5857]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 119.535136][ T6499] fido_id[6499]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 119.561414][ T24] usb 3-1: device descriptor read/64, error -71 [ 119.687365][ T24] usb usb3-port1: attempt power cycle [ 120.056456][ T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 120.088479][ T24] usb 3-1: device descriptor read/8, error -71 [ 120.356484][ T24] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 120.377483][ T24] usb 3-1: device descriptor read/8, error -71 [ 120.492290][ T24] usb usb3-port1: unable to enumerate USB device [ 120.521862][ T6522] hpfs: Bad magic ... probably not HPFS [ 120.566521][ T5899] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 120.731616][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 120.746575][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 120.766354][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 120.776279][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 120.789779][ T5899] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 120.826520][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.862079][ T5899] usb 2-1: config 0 descriptor?? [ 121.106436][ T5912] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 121.260816][ T5912] usb 4-1: Using ep0 maxpacket: 8 [ 121.268045][ T5912] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 121.287396][ T5912] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0 [ 121.306361][ T5912] usb 4-1: config 0 interface 0 has no altsetting 0 [ 121.315215][ T5912] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 121.324468][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.346350][ T5912] usb 4-1: Product: syz [ 121.350584][ T5912] usb 4-1: Manufacturer: syz [ 121.355197][ T5912] usb 4-1: SerialNumber: syz [ 121.369163][ T5912] usb 4-1: config 0 descriptor?? [ 121.380522][ T5912] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found [ 121.507385][ T5899] usbhid 2-1:0.0: can't add hid device: -71 [ 121.513420][ T5899] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 121.548034][ T5899] usb 2-1: USB disconnect, device number 13 [ 121.586250][ T5912] snd_usb_toneport 4-1:0.0: cannot get proper max packet size [ 121.621830][ T5912] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected [ 121.638692][ T5912] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 121.990263][ T24] usb 4-1: USB disconnect, device number 8 [ 122.204579][ T6538] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 122.214330][ T6538] UDF-fs: Scanning with blocksize 4096 failed [ 122.415231][ T6545] gfs2: not a GFS2 filesystem [ 122.444289][ T6545] gfs2: not a GFS2 filesystem [ 122.657822][ T6551] exFAT-fs (rnullb0): invalid boot record signature [ 122.666502][ T6551] exFAT-fs (rnullb0): failed to read boot sector [ 122.672879][ T6551] exFAT-fs (rnullb0): failed to recognize exfat type [ 122.730219][ T6553] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 123.850073][ T6525] BUG: Bad page state in process syz.3.166 pfn:54201 [ 123.860842][ T6525] page does not match folio [ 123.865382][ T6525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x54201 [ 123.912556][ T6525] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 123.924776][ T6525] raw: 00fff00000000000 ffffea0001508000 00000000ffffffff ffffffffffffffff [ 123.937167][ T6525] raw: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000000 [ 123.945875][ T6525] page dumped because: nonzero pincount [ 123.967996][ T6592] Mount JFS Failure: -22 [ 123.979387][ T6525] page_owner tracks the page as allocated [ 123.985306][ T6525] page last allocated via order 9, migratetype Unmovable, gfp_mask 0x153c40(GFP_NOFS|__GFP_WRITE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6530, tgid 6529 (syz.2.168), ts 121780217832, free_ts 29892452678 [ 124.012932][ T6525] post_alloc_hook+0x240/0x2a0 [ 124.046630][ T6525] get_page_from_freelist+0x21e4/0x22c0 [ 124.052253][ T6525] __alloc_frozen_pages_noprof+0x181/0x370 [ 124.066393][ T6525] alloc_pages_mpol+0x232/0x4a0 [ 124.076777][ T6525] alloc_pages_noprof+0xa9/0x190 [ 124.083924][ T6525] folio_alloc_noprof+0x1e/0x30 [ 124.089517][ T6525] filemap_alloc_folio_noprof+0xdf/0x470 [ 124.095257][ T6525] __filemap_get_folio+0x3f2/0xaf0 [ 124.105282][ T6525] iomap_write_begin+0x660/0x1bc0 [ 124.110721][ T6525] iomap_file_buffered_write+0x438/0x980 [ 124.124384][ T6525] blkdev_write_iter+0x521/0x710 [ 124.129731][ T6525] vfs_write+0x548/0xa90 [ 124.134045][ T6525] ksys_write+0x145/0x250 [ 124.138840][ T6525] do_syscall_64+0xfa/0x3b0 [ 124.143470][ T6525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.149802][ T6525] page last free pid 1 tgid 1 stack trace: [ 124.155714][ T6525] __free_frozen_pages+0xb80/0xd80 [ 124.160943][ T6525] free_contig_range+0x1bd/0x4a0 [ 124.165926][ T6525] destroy_args+0x7e/0x5d0 [ 124.170463][ T6525] debug_vm_pgtable+0x3fa/0x430 [ 124.175341][ T6525] do_one_initcall+0x233/0x820 [ 124.180399][ T6525] do_initcall_level+0x137/0x1f0 [ 124.185398][ T6525] do_initcalls+0x69/0xd0 [ 124.189812][ T6525] kernel_init_freeable+0x3d9/0x570 [ 124.195038][ T6525] kernel_init+0x1d/0x1d0 [ 124.199495][ T6525] ret_from_fork+0x3fc/0x770 [ 124.204137][ T6525] ret_from_fork_asm+0x1a/0x30 [ 124.209085][ T6525] Modules linked in: [ 124.213023][ T6525] CPU: 1 UID: 0 PID: 6525 Comm: syz.3.166 Not tainted 6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) [ 124.213047][ T6525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.213066][ T6525] Call Trace: [ 124.213074][ T6525] [ 124.213082][ T6525] dump_stack_lvl+0x189/0x250 [ 124.213111][ T6525] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.213133][ T6525] ? __pfx_print_modules+0x10/0x10 [ 124.213160][ T6525] ? percpu_ref_put+0x19/0x180 [ 124.213177][ T6525] ? percpu_ref_put+0xf9/0x180 [ 124.213194][ T6525] bad_page+0x180/0x1c0 [ 124.213215][ T6525] free_tail_page_prepare+0x2c3/0x4f0 [ 124.213242][ T6525] __free_frozen_pages+0x7b9/0xd80 [ 124.213263][ T6525] __folio_put+0x21b/0x2c0 [ 124.213282][ T6525] ? __pfx___folio_put+0x10/0x10 [ 124.213311][ T6525] delete_from_page_cache_batch+0x84c/0x9b0 [ 124.213335][ T6525] ? shmem_mapping+0xd/0x50 [ 124.213359][ T6525] ? __pfx_delete_from_page_cache_batch+0x10/0x10 [ 124.213381][ T6525] ? __filemap_fdatawait_range+0x1d2/0x230 [ 124.213406][ T6525] ? __pfx_workingset_update_node+0x10/0x10 [ 124.213425][ T6525] ? folio_mapping+0x16f/0x240 [ 124.213447][ T6525] ? truncate_cleanup_folio+0x34a/0x430 [ 124.213470][ T6525] truncate_inode_pages_range+0x28a/0xda0 [ 124.213502][ T6525] ? __pfx_truncate_inode_pages_range+0x10/0x10 [ 124.213544][ T6525] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.213561][ T6525] ? __pfx_invalidate_bh_lru+0x10/0x10 [ 124.213581][ T6525] ? smp_call_function_many_cond+0xf65/0x12c0 [ 124.213621][ T6525] ? __pfx___mutex_lock+0x10/0x10 [ 124.213642][ T6525] ? __pfx_has_bh_in_lru+0x10/0x10 [ 124.213666][ T6525] blkdev_flush_mapping+0x108/0x270 [ 124.213688][ T6525] ? bdev_release+0x40f/0x650 [ 124.213709][ T6525] bdev_release+0x417/0x650 [ 124.213735][ T6525] ? __pfx_blkdev_release+0x10/0x10 [ 124.213757][ T6525] blkdev_release+0x15/0x20 [ 124.213777][ T6525] __fput+0x44c/0xa70 [ 124.213806][ T6525] task_work_run+0x1d1/0x260 [ 124.213824][ T6525] ? __pfx_task_work_run+0x10/0x10 [ 124.213847][ T6525] do_exit+0x6b5/0x2300 [ 124.213866][ T6525] ? preempt_schedule_common+0x83/0xd0 [ 124.213882][ T6525] ? preempt_schedule+0xae/0xc0 [ 124.213896][ T6525] ? __pfx_do_exit+0x10/0x10 [ 124.213925][ T6525] ? preempt_schedule_thunk+0x16/0x30 [ 124.213949][ T6525] do_group_exit+0x21c/0x2d0 [ 124.213967][ T6525] __x64_sys_exit_group+0x3f/0x40 [ 124.213981][ T6525] x64_sys_call+0x21f7/0x2200 [ 124.213995][ T6525] do_syscall_64+0xfa/0x3b0 [ 124.214013][ T6525] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.214028][ T6525] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 124.214044][ T6525] ? clear_bhb_loop+0x60/0xb0 [ 124.214062][ T6525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.214077][ T6525] RIP: 0033:0x7fc3b798e929 [ 124.214102][ T6525] Code: Unable to access opcode bytes at 0x7fc3b798e8ff. [ 124.214110][ T6525] RSP: 002b:00007ffd45051f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 124.214126][ T6525] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc3b798e929 [ 124.214136][ T6525] RDX: 00007fc3b67f9000 RSI: 0000000000000000 RDI: 0000000000000000 [ 124.214145][ T6525] RBP: 00007ffd45051ffc R08: 0000000000001110 R09: 00000000000927c0 [ 124.214155][ T6525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000029 [ 124.214164][ T6525] R13: 00000000000927c0 R14: 000000000001d720 R15: 00007ffd45052050 [ 124.214187][ T6525] [ 124.214195][ T6525] Disabling lock debugging due to kernel taint [ 124.550694][ T6525] BUG: Bad page state in process syz.3.166 pfn:54200 [ 124.562237][ T6525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54200 [ 124.571568][ T6525] head: order:0 mapcount:0 entire_mapcount:1 nr_pages_mapped:0 pincount:0 [ 124.582665][ T6525] flags: 0xfff0000000004d(locked|referenced|uptodate|head|node=0|zone=1|lastcpupid=0x7ff) [ 124.592972][ T6525] raw: 00fff0000000004d dead000000000100 dead000000000122 0000000000000000 [ 124.601817][ T6525] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 124.611471][ T6525] head: 00fff0000000004d dead000000000100 dead000000000122 0000000000000000 [ 124.620394][ T6525] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 124.629333][ T6525] head: 00fff00000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 124.639171][ T6525] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000000 [ 124.648037][ T6525] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 124.659897][ T6525] page_owner tracks the page as allocated [ 124.665807][ T6525] page last allocated via order 9, migratetype Unmovable, gfp_mask 0x153c40(GFP_NOFS|__GFP_WRITE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6530, tgid 6529 (syz.2.168), ts 121780217832, free_ts 29892442944 [ 124.687339][ T6525] post_alloc_hook+0x240/0x2a0 [ 124.692270][ T6525] get_page_from_freelist+0x21e4/0x22c0 [ 124.697894][ T6525] __alloc_frozen_pages_noprof+0x181/0x370 [ 124.703749][ T6525] alloc_pages_mpol+0x232/0x4a0 [ 124.708681][ T6525] alloc_pages_noprof+0xa9/0x190 [ 124.713649][ T6525] folio_alloc_noprof+0x1e/0x30 [ 124.719689][ T6525] filemap_alloc_folio_noprof+0xdf/0x470 [ 124.725376][ T6525] __filemap_get_folio+0x3f2/0xaf0 [ 124.730607][ T6525] iomap_write_begin+0x660/0x1bc0 [ 124.735654][ T6525] iomap_file_buffered_write+0x438/0x980 [ 124.743212][ T6525] blkdev_write_iter+0x521/0x710 [ 124.748483][ T6525] vfs_write+0x548/0xa90 [ 124.752805][ T6525] ksys_write+0x145/0x250 [ 124.757296][ T6525] do_syscall_64+0xfa/0x3b0 [ 124.761834][ T6525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.767782][ T6525] page last free pid 1 tgid 1 stack trace: [ 124.773592][ T6525] __free_frozen_pages+0xb80/0xd80 [ 124.778775][ T6525] free_contig_range+0x1bd/0x4a0 [ 124.783738][ T6525] destroy_args+0x7e/0x5d0 [ 124.788202][ T6525] debug_vm_pgtable+0x3fa/0x430 [ 124.793081][ T6525] do_one_initcall+0x233/0x820 [ 124.797930][ T6525] do_initcall_level+0x137/0x1f0 [ 124.802885][ T6525] do_initcalls+0x69/0xd0 [ 124.807242][ T6525] kernel_init_freeable+0x3d9/0x570 [ 124.812449][ T6525] kernel_init+0x1d/0x1d0 [ 124.816902][ T6525] ret_from_fork+0x3fc/0x770 [ 124.821508][ T6525] ret_from_fork_asm+0x1a/0x30 [ 124.826409][ T6525] Modules linked in: [ 124.830351][ T6525] CPU: 0 UID: 0 PID: 6525 Comm: syz.3.166 Tainted: G B 6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) [ 124.830374][ T6525] Tainted: [B]=BAD_PAGE [ 124.830380][ T6525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.830389][ T6525] Call Trace: [ 124.830395][ T6525] [ 124.830401][ T6525] dump_stack_lvl+0x189/0x250 [ 124.830425][ T6525] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.830447][ T6525] ? __pfx_print_modules+0x10/0x10 [ 124.830481][ T6525] bad_page+0x180/0x1c0 [ 124.830501][ T6525] __free_frozen_pages+0xd26/0xd80 [ 124.830518][ T6525] __folio_put+0x21b/0x2c0 [ 124.830534][ T6525] ? __pfx___folio_put+0x10/0x10 [ 124.830559][ T6525] delete_from_page_cache_batch+0x84c/0x9b0 [ 124.830582][ T6525] ? shmem_mapping+0xd/0x50 [ 124.830601][ T6525] ? __pfx_delete_from_page_cache_batch+0x10/0x10 [ 124.830623][ T6525] ? __filemap_fdatawait_range+0x1d2/0x230 [ 124.830647][ T6525] ? __pfx_workingset_update_node+0x10/0x10 [ 124.830665][ T6525] ? folio_mapping+0x16f/0x240 [ 124.830684][ T6525] ? truncate_cleanup_folio+0x34a/0x430 [ 124.830705][ T6525] truncate_inode_pages_range+0x28a/0xda0 [ 124.830730][ T6525] ? __pfx_truncate_inode_pages_range+0x10/0x10 [ 124.830760][ T6525] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.830775][ T6525] ? __pfx_invalidate_bh_lru+0x10/0x10 [ 124.830794][ T6525] ? smp_call_function_many_cond+0xf65/0x12c0 [ 124.830822][ T6525] ? __pfx___mutex_lock+0x10/0x10 [ 124.830841][ T6525] ? __pfx_has_bh_in_lru+0x10/0x10 [ 124.830861][ T6525] blkdev_flush_mapping+0x108/0x270 [ 124.830883][ T6525] ? bdev_release+0x40f/0x650 [ 124.830902][ T6525] bdev_release+0x417/0x650 [ 124.830936][ T6525] ? __pfx_blkdev_release+0x10/0x10 [ 124.830956][ T6525] blkdev_release+0x15/0x20 [ 124.830981][ T6525] __fput+0x44c/0xa70 [ 124.831003][ T6525] task_work_run+0x1d1/0x260 [ 124.831019][ T6525] ? __pfx_task_work_run+0x10/0x10 [ 124.831036][ T6525] do_exit+0x6b5/0x2300 [ 124.831050][ T6525] ? preempt_schedule_common+0x83/0xd0 [ 124.831064][ T6525] ? preempt_schedule+0xae/0xc0 [ 124.831077][ T6525] ? __pfx_do_exit+0x10/0x10 [ 124.831102][ T6525] ? preempt_schedule_thunk+0x16/0x30 [ 124.831121][ T6525] do_group_exit+0x21c/0x2d0 [ 124.831135][ T6525] __x64_sys_exit_group+0x3f/0x40 [ 124.831149][ T6525] x64_sys_call+0x21f7/0x2200 [ 124.831162][ T6525] do_syscall_64+0xfa/0x3b0 [ 124.831178][ T6525] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.831192][ T6525] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 124.831209][ T6525] ? clear_bhb_loop+0x60/0xb0 [ 124.831225][ T6525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.831238][ T6525] RIP: 0033:0x7fc3b798e929 [ 124.831250][ T6525] Code: Unable to access opcode bytes at 0x7fc3b798e8ff. [ 124.831261][ T6525] RSP: 002b:00007ffd45051f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 124.831282][ T6525] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc3b798e929 [ 124.831297][ T6525] RDX: 00007fc3b67f9000 RSI: 0000000000000000 RDI: 0000000000000000 [ 124.831310][ T6525] RBP: 00007ffd45051ffc R08: 0000000000001110 R09: 00000000000927c0 [ 124.831323][ T6525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000029 [ 124.831336][ T6525] R13: 00000000000927c0 R14: 000000000001d720 R15: 00007ffd45052050 [ 124.831354][ T6525]