last executing test programs: 12m22.74125846s ago: executing program 3 (id=8): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) fstat(r6, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r7) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r8, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[], 0x0) 12m22.147357685s ago: executing program 3 (id=9): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r7, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mount$fuseblk(&(0x7f00000000c0), &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140), 0x3818000, 0x0) 12m21.986766142s ago: executing program 3 (id=14): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r2, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r7, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) pipe2$9p(&(0x7f0000000240), 0x0) 12m21.79669855s ago: executing program 3 (id=16): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0x118) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r7, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) 12m21.201146076s ago: executing program 3 (id=22): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x28181, 0x0) readv(r6, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000a40)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") 12m18.016224733s ago: executing program 3 (id=35): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x42, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00), 0x1, 0x4008080) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r7 = getpid() r8 = syz_pidfd_open(r7, 0x0) setns(r8, 0x24020000) syz_clone(0x52022180, 0x0, 0x0, 0x0, 0x0, 0x0) 12m2.52306126s ago: executing program 32 (id=35): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x42, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00), 0x1, 0x4008080) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r7 = getpid() r8 = syz_pidfd_open(r7, 0x0) setns(r8, 0x24020000) syz_clone(0x52022180, 0x0, 0x0, 0x0, 0x0, 0x0) 10m40.91128038s ago: executing program 1 (id=369): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000085}, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f00000007c0)={{0x8000000, 0xd000, 0xd, 0x8, 0x2, 0x6, 0xd, 0x3, 0x9, 0x1, 0x9, 0x8}, {0xf000, 0xe6e71000, 0x9, 0x7a, 0x0, 0x7, 0x1, 0x4, 0x4, 0x0, 0x2, 0xc}, {0xffff1000, 0x4000, 0xb, 0x3, 0x10, 0x0, 0x1, 0x85, 0xac, 0x8, 0x0, 0x7c}, {0xdddd0000, 0xf000, 0xa, 0x3d, 0x0, 0xa, 0x8, 0x7, 0x7f, 0x1, 0x3, 0x3}, {0x2, 0xeeef0000, 0x4, 0x80, 0xca, 0x2, 0x5, 0x0, 0x1, 0x81, 0x2, 0x4}, {0xffff1000, 0xeeef5000, 0x3, 0xe, 0x10, 0x7, 0x3, 0x80, 0x7f, 0x4, 0x4, 0x1}, {0xdddd1000, 0x100000, 0x4, 0x2, 0x0, 0x0, 0x6, 0x2, 0x4, 0x9, 0x79, 0x10}, {0x10000, 0xf000, 0xd, 0x7, 0x7f, 0x2, 0x54, 0x7, 0x9, 0x0, 0x10}, {0x2, 0x9}, {0xdddd1000, 0x3}, 0x8001000c, 0x0, 0x2000, 0x10090, 0x1, 0xbd00, 0xf000, 0x1, [0x4, 0xfffffffffffffff7, 0x8, 0x2]}) 10m40.697068149s ago: executing program 1 (id=370): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000000)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x0) sendmsg$inet_sctp(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="94", 0x1}, {0x0, 0xe0}], 0x2, &(0x7f0000000340)=[@sndrcv={0x30, 0x84, 0x1, {0x8, 0x0, 0x45, 0x8, 0x6, 0xffffffff, 0x101, 0x7ffffdff}}], 0x30, 0x20000810}, 0x8000) 10m40.469336249s ago: executing program 1 (id=371): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x9, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000400)={@broadcast, @random="8eff80ec0031", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @local}, @source_quench={0x4, 0x0, 0x0, 0x1000000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000000300)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/142, 0x8e}, 0x7fff}], 0x1, 0x100, 0x0) 10m40.005258399s ago: executing program 1 (id=373): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c}) 10m39.358956597s ago: executing program 1 (id=382): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0xaa26}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000000)=0x2, 0x4) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 10m34.785177003s ago: executing program 1 (id=401): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7200000000003900000027000300", @ANYRES32, @ANYBLOB="18005a8014000180050001003000000005000200"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3400000011000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000002000000014001a80100004800c000180"], 0x34}}, 0x0) 10m34.679768868s ago: executing program 33 (id=401): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7200000000003900000027000300", @ANYRES32, @ANYBLOB="18005a8014000180050001003000000005000200"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3400000011000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000002000000014001a80100004800c000180"], 0x34}}, 0x0) 1.368212091s ago: executing program 0 (id=14507): socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00), 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000000)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@remote, 0x4e23, 0x6, 0x4e22, 0x0, 0x2, 0x20, 0x20, 0x1d}, {0x7, 0x7, 0x5, 0x95d, 0xfffffffffffffffb, 0x2, 0x0, 0x5c2}, {0xe, 0x5, 0xb1b}, 0x401, 0x0, 0x2, 0x1, 0x2, 0x2}, {{@in6=@empty, 0x4d4, 0x2a}, 0x39573c4e467c4e, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3502, 0x4, 0x0, 0x40, 0x9, 0x30, 0x7}}, 0xe8) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x8000}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[], 0x28}], 0x1, 0x0, 0x0, 0x8000}, 0x0) 1.195829909s ago: executing program 0 (id=14512): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000780)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000340), 0x100, &(0x7f00000007c0)=ANY=[@ANYBLOB='trans=fd,rfdno=']) 979.181178ms ago: executing program 0 (id=14520): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) creat(&(0x7f0000000040)='./file0\x00', 0x0) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r4) 740.916678ms ago: executing program 2 (id=14527): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x84) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r5, @ANYRES32], 0x68}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 714.387359ms ago: executing program 6 (id=14528): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18004a58de4c6347c59000000000000071123200000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 700.961819ms ago: executing program 4 (id=14529): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f00000031c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r2, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r4 = gettid() process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) syz_clone(0x80020000, 0x0, 0x0, 0x0, 0x0, 0x0) 626.695593ms ago: executing program 5 (id=14530): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r2, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @local}, &(0x7f0000000140)=0xc) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1f}}, 0x7e, r3}) r4 = socket(0xa, 0x1, 0x0) setsockopt$inet6_int(r4, 0x29, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4) ioctl(r4, 0x8916, &(0x7f0000000000)) 626.368233ms ago: executing program 0 (id=14531): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8) mkdir(&(0x7f0000000140)='./control\x00', 0x5) close(r2) r3 = inotify_init1(0x800) fcntl$setstatus(r2, 0x4, 0x2c00) gettid() inotify_add_watch(r3, &(0x7f0000000180)='./control\x00', 0xa400080a) rmdir(&(0x7f0000000100)='./control\x00') 626.161273ms ago: executing program 2 (id=14532): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r5 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1) fcntl$setlease(r5, 0x400, 0x1) 625.960023ms ago: executing program 6 (id=14533): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) 509.140728ms ago: executing program 5 (id=14534): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[], 0x30}}, 0x400d800) 508.871158ms ago: executing program 4 (id=14535): socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00), 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000000)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@remote, 0x4e23, 0x6, 0x4e22, 0x0, 0x2, 0x20, 0x20, 0x1d}, {0x7, 0x7, 0x5, 0x95d, 0xfffffffffffffffb, 0x2, 0x0, 0x5c2}, {0xe, 0x5, 0xb1b}, 0x401, 0x0, 0x2, 0x1, 0x2, 0x2}, {{@in6=@empty, 0x4d4, 0x2a}, 0x39573c4e467c4e, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3502, 0x4, 0x0, 0x40, 0x9, 0x30, 0x7}}, 0xe8) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x28}], 0x1, 0x0, 0x0, 0x8000}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[], 0x28}], 0x1, 0x0, 0x0, 0x8000}, 0x0) 506.375838ms ago: executing program 6 (id=14536): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) connect$inet(r3, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_int(r3, 0x6, 0xc, &(0x7f0000000040)=0x2, 0x4) 484.044629ms ago: executing program 2 (id=14537): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaa0086dd60"], 0x0) 436.419241ms ago: executing program 5 (id=14538): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r3, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='tmpfs\x00', 0x16, 0x0) 407.740273ms ago: executing program 4 (id=14539): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x87) fchdir(r4) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r5, &(0x7f0000000180)=""/49, 0x2d) getdents(r5, &(0x7f00000001c0)=""/254, 0xfe) 337.167215ms ago: executing program 6 (id=14540): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$PPPIOCGCHAN(r4, 0x80047437, 0x0) 336.840065ms ago: executing program 2 (id=14541): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="020300093400000000000000000000000300060000000e00020000007f000001000000000000000002000100000000000300020100000000030005000000000002000000e0000001000000000000000002000a0003000000f8ffffffffffffff12000800200400002490cf6710fdb471532b8b52fef5681c66c8335136fc6e89f451b489718f179ff9082dc4c9ff9a6982e9d522d900b32cd583a46cdbbb568ce8b536385e0b2ad555b5d702f96e2bf8d59657bdc237fc9d87be5e96cac6dfad7eee355fc19b8878bb4970a42d80435d628118d18304a7fa4a1bcadf03b125843c3ed673dbe4a31269b25136000000000e001800050362005a3983fbad079c31dc1db609d41612c6e273de07dc4601a1514029dcf81dd3296f13221ee3f8d4834c8643e87e9dbecf2b649731bd61163f4949b02623e3ccd854e21d78b3397b81957bcfa5bf6e994d0b15b5ccbfc154f6630fd8c5a91772b0c66e000000000000080012"], 0x1a0}}, 0x0) 300.866937ms ago: executing program 5 (id=14542): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000a40)="cc5a4dbac0", 0x5}], 0x2}}], 0x1, 0x408e0) 291.200097ms ago: executing program 0 (id=14543): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x84) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x20, 0x0) 217.094481ms ago: executing program 6 (id=14544): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x54404d0a08a4d8, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) 216.794141ms ago: executing program 4 (id=14545): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x54404d0a08a4d8, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) 199.925561ms ago: executing program 2 (id=14546): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40004) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sigaltstack(&(0x7f0000000040)={&(0x7f0000000380)=""/4096, 0x80000000, 0x1000}, 0x0) 169.624212ms ago: executing program 5 (id=14547): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) 97.174846ms ago: executing program 6 (id=14548): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r4], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 92.896626ms ago: executing program 4 (id=14549): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f0000000040)={@loopback, 0x8001, 0x0, 0x2, 0x4}, 0x20) 69.395327ms ago: executing program 2 (id=14550): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6f, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) 5.15524ms ago: executing program 0 (id=14551): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='freezer.self_freezing\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) fsopen(0x0, 0x0) 4.90086ms ago: executing program 5 (id=14552): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x1, 0x0) fchdir(r4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) 0s ago: executing program 4 (id=14553): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x77}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) kernel console output (not intermixed with test programs): t promiscuous mode [ 514.494953][T19666] bridge0: port 2(bridge_slave_1) entered disabled state [ 514.540330][T19666] device bridge_slave_0 left promiscuous mode [ 514.546758][T19666] bridge0: port 1(bridge_slave_0) entered disabled state [ 515.332546][T19714] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 516.149534][T19773] __nla_validate_parse: 2 callbacks suppressed [ 516.149550][T19773] netlink: 84 bytes leftover after parsing attributes in process `syz.0.6473'. [ 516.626759][T19803] overlayfs: overlapping lowerdir path [ 516.688685][T19720] loop5: detected capacity change from 0 to 40427 [ 516.805774][T19819] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6495'. [ 516.821454][T19720] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x1ffff [ 516.866119][T19720] F2FS-fs (loop5): invalid crc value [ 516.942738][T19720] F2FS-fs (loop5): Found nat_bits in checkpoint [ 517.004241][T19828] loop2: detected capacity change from 0 to 256 [ 517.067538][T19720] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 517.756659][T19868] overlayfs: missing 'lowerdir' [ 517.972612][ T4257] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 518.211726][T19897] loop6: detected capacity change from 0 to 2048 [ 518.244662][ T4257] usb 3-1: Using ep0 maxpacket: 16 [ 518.259276][T19897] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option [ 518.346378][T19897] EXT4-fs (loop6): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,grpquota,nomblk_io_submit,stripe=0x000000000004ffff,norecovery,errors=remount-ro,max_batch_time=0x000000000000186b,. Quota mode: writeback. [ 518.372795][ T4257] usb 3-1: config 8 has an invalid interface number: 108 but max is 0 [ 518.389338][ T4257] usb 3-1: config 8 has no interface number 0 [ 518.582044][T19928] netlink: 'syz.6.6541': attribute type 4 has an invalid length. [ 518.592119][T19928] netlink: 17 bytes leftover after parsing attributes in process `syz.6.6541'. [ 518.751082][ T4257] usb 3-1: New USB device found, idVendor=0421, idProduct=04c9, bcdDevice=6e.97 [ 518.763717][ T4257] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.772278][ T4257] usb 3-1: Product: syz [ 518.776499][ T4257] usb 3-1: Manufacturer: syz [ 518.781196][ T4257] usb 3-1: SerialNumber: syz [ 518.937606][T19941] netlink: 288 bytes leftover after parsing attributes in process `syz.5.6550'. [ 519.101985][ T4257] usb 3-1: bad CDC descriptors [ 519.123695][ T4257] usb 3-1: bad CDC descriptors [ 519.153583][ T4257] cdc_acm 3-1:8.108: Zero length descriptor references [ 519.160476][ T4257] cdc_acm: probe of 3-1:8.108 failed with error -22 [ 519.205449][ T4257] usb 3-1: USB disconnect, device number 7 [ 519.389556][T19975] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6566'. [ 519.429199][T19975] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6566'. [ 520.244967][T20040] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6598'. [ 520.737607][T20070] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6612'. [ 520.738123][T20071] netlink: 108 bytes leftover after parsing attributes in process `syz.4.6613'. [ 520.769501][T20071] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6613'. [ 521.134273][T20090] trusted_key: encrypted_key: master key parameter is missing [ 521.724014][T20124] 9pnet: Could not find request transport: 0xffffffffffffffff [ 522.107119][T20138] netlink: 160 bytes leftover after parsing attributes in process `syz.2.6647'. [ 522.154394][T20138] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check. [ 522.488333][T20155] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6654'. [ 522.576891][T20159] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6656'. [ 523.059878][ T5783] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 523.310730][T20173] fuse: Invalid rootmode [ 523.336962][ T5783] usb 7-1: Using ep0 maxpacket: 32 [ 523.443515][ T4246] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 523.464872][ T5783] usb 7-1: config 8 has an invalid interface number: 203 but max is 0 [ 523.484166][ T5783] usb 7-1: config 8 has no interface number 0 [ 523.505614][ T5783] usb 7-1: config 8 interface 203 has no altsetting 0 [ 523.632743][T20213] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6683'. [ 523.699341][ T5783] usb 7-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 523.726553][ T5783] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.735021][ T4246] usb 6-1: Using ep0 maxpacket: 8 [ 523.761406][ T5783] usb 7-1: Product: syz [ 523.775768][ T5783] usb 7-1: Manufacturer: syz [ 523.784890][ T5783] usb 7-1: SerialNumber: syz [ 523.891003][ T4246] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 523.922731][ T4246] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 523.953249][ T4246] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 523.984451][ T4246] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 524.024588][T20235] netlink: 64 bytes leftover after parsing attributes in process `syz.4.6693'. [ 524.045474][ T4246] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 524.061421][ T4246] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.155497][ T5783] port100 7-1:8.203: NFC: Could not find bulk-in or bulk-out endpoint [ 524.176097][ T5783] usb 7-1: USB disconnect, device number 4 [ 524.365386][ T4246] usb 6-1: GET_CAPABILITIES returned 0 [ 524.373702][ T4246] usbtmc 6-1:16.0: can't read capabilities [ 524.465625][T20263] tipc: Started in network mode [ 524.477929][T20263] tipc: Node identity ac14140f, cluster identity 4711 [ 524.504310][T20263] tipc: New replicast peer: 255.255.255.255 [ 524.526263][T20263] tipc: Enabled bearer , priority 10 [ 524.583077][ T4246] usb 6-1: USB disconnect, device number 7 [ 525.447991][T20315] overlayfs: unrecognized mount option "fsname=}[#*\!. " or missing value [ 525.714774][T11750] tipc: Node number set to 2886997007 [ 525.867247][T20297] loop2: detected capacity change from 0 to 32768 [ 525.963212][T20297] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.6724 (20297) [ 526.042363][T20297] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 526.079360][T20297] BTRFS info (device loop2): force zlib compression, level 3 [ 526.114362][T20297] BTRFS info (device loop2): force clearing of disk cache [ 526.149477][T20297] BTRFS info (device loop2): setting nodatasum [ 526.176932][T20297] BTRFS info (device loop2): allowing degraded mounts [ 526.204284][T20297] BTRFS info (device loop2): enabling disk space caching [ 526.257177][T20297] BTRFS info (device loop2): disk space caching is enabled [ 526.300233][T20297] BTRFS info (device loop2): has skinny extents [ 526.360945][T20371] binder: Unknown parameter 'context' [ 526.579261][ T25] audit: type=1326 audit(2000000532.373:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20394 comm="syz.0.6764" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f399bd60749 code=0x0 [ 526.765662][T20297] BTRFS info (device loop2): clearing free space tree [ 526.774244][T20297] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 526.786291][T20297] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 527.245592][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 527.252163][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 528.577775][T20500] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6810'. [ 529.266408][T20536] binder: 20534:20536 ioctl c0306201 2000000004c0 returned -22 [ 529.704203][T20558] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6833'. [ 529.769882][T20558] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 529.781449][T20558] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 529.802318][T20558] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 529.834220][T20558] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 530.060849][T20584] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6845'. [ 531.127815][T20660] xt_CT: No such helper "pptp" [ 531.230819][ T5780] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 531.667341][ T5780] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 531.702855][ T5780] usb 7-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 531.722987][ T5780] usb 7-1: config 220 interface 0 has no altsetting 0 [ 531.923643][ T5780] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 531.949218][ T5780] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.979057][ T5780] usb 7-1: Product: syz [ 532.011316][ T5780] usb 7-1: Manufacturer: syz [ 532.015950][ T5780] usb 7-1: SerialNumber: syz [ 532.087482][T20719] netlink: 'syz.4.6903': attribute type 4 has an invalid length. [ 532.106372][T20719] netlink: 17 bytes leftover after parsing attributes in process `syz.4.6903'. [ 532.416522][T20735] No source specified [ 532.534821][ T5780] usb 7-1: Found UVC 0.00 device syz (8086:0b07) [ 532.551839][ T5780] usb 7-1: No valid video chain found. [ 532.589843][ T5780] usb 7-1: USB disconnect, device number 5 [ 532.638908][T20745] netlink: 664 bytes leftover after parsing attributes in process `syz.0.6915'. [ 532.870323][T20761] netlink: 108 bytes leftover after parsing attributes in process `syz.4.6922'. [ 533.055578][T20776] tipc: Started in network mode [ 533.108818][T20776] tipc: Node identity ac14140f, cluster identity 4711 [ 533.136063][T20776] tipc: New replicast peer: 255.255.255.255 [ 533.165743][T20776] tipc: Enabled bearer , priority 10 [ 533.346442][T20798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6935'. [ 534.012181][T20846] netlink: 68 bytes leftover after parsing attributes in process `syz.5.6964'. [ 534.225695][ T5782] tipc: Node number set to 2886997007 [ 534.362441][T20868] loop0: detected capacity change from 0 to 512 [ 534.531873][T20868] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 534.585233][T20868] ext4 filesystem being mounted at /1384/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 534.638565][T20868] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #2: comm syz.0.6973: corrupted inode contents [ 534.679973][T20868] EXT4-fs error (device loop0): ext4_dirty_inode:6054: inode #2: comm syz.0.6973: mark_inode_dirty error [ 534.699779][T20884] netlink: 'syz.5.6980': attribute type 11 has an invalid length. [ 534.734307][T20868] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #2: comm syz.0.6973: corrupted inode contents [ 534.755858][T20868] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.6973: mark_inode_dirty error [ 534.758660][T20884] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6980'. [ 535.027661][T20898] netlink: 37 bytes leftover after parsing attributes in process `syz.4.6988'. [ 535.918291][T20953] netlink: 44 bytes leftover after parsing attributes in process `syz.2.7014'. [ 536.439366][T20979] SET target dimension over the limit! [ 536.898259][ T25] audit: type=1326 audit(2000000542.051:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21007 comm="syz.4.7039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 536.972694][ T25] audit: type=1326 audit(2000000542.080:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21007 comm="syz.4.7039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 537.074241][ T25] audit: type=1326 audit(2000000542.080:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21007 comm="syz.4.7039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 537.180307][ T25] audit: type=1326 audit(2000000542.080:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21007 comm="syz.4.7039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 537.246054][ T25] audit: type=1326 audit(2000000542.080:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21007 comm="syz.4.7039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 537.340581][ T25] audit: type=1326 audit(2000000542.080:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21007 comm="syz.4.7039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 537.433092][ T25] audit: type=1326 audit(2000000542.080:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21007 comm="syz.4.7039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 537.497313][ T25] audit: type=1326 audit(2000000542.080:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21007 comm="syz.4.7039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 537.732160][T21048] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7059'. [ 537.806186][T21057] SET target dimension over the limit! [ 537.841155][T21060] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7063'. [ 538.016765][ T5782] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 538.308851][ T5782] usb 7-1: Using ep0 maxpacket: 32 [ 538.449177][ T5782] usb 7-1: config 0 has no interfaces? [ 538.634780][ T5782] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 538.655358][ T5782] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 538.677716][ T5782] usb 7-1: Product: syz [ 538.686592][ T5782] usb 7-1: Manufacturer: syz [ 538.702163][ T5782] usb 7-1: SerialNumber: syz [ 538.723031][ T5782] usb 7-1: config 0 descriptor?? [ 539.004675][ T5782] usb 7-1: USB disconnect, device number 6 [ 540.794401][T21255] 9pnet: p9_errstr2errno: server reported unknown error 1844674 [ 541.104955][T21270] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7167'. [ 541.856148][T21311] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 542.666795][T21364] netlink: 104 bytes leftover after parsing attributes in process `syz.2.7208'. [ 543.690240][ T25] audit: type=1326 audit(2000000548.435:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21426 comm="syz.2.7240" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x0 [ 543.950395][T11750] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 544.199449][T21466] netlink: 'syz.4.7260': attribute type 1 has an invalid length. [ 544.212046][T21466] netlink: 'syz.4.7260': attribute type 2 has an invalid length. [ 544.216831][T11750] usb 6-1: Using ep0 maxpacket: 8 [ 544.398005][T11750] usb 6-1: unable to get BOS descriptor or descriptor too short [ 544.496825][T11750] usb 6-1: config 12 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 108 [ 544.543121][T11750] usb 6-1: config 12 interface 0 has no altsetting 0 [ 544.731370][T11750] usb 6-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 544.769372][T11750] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.792343][T11750] usb 6-1: Product: syz [ 544.796562][T11750] usb 6-1: Manufacturer: syz [ 544.801156][T11750] usb 6-1: SerialNumber: syz [ 544.838897][T21424] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 545.178003][T11750] usb 6-1: selecting invalid altsetting 0 [ 545.262033][T11750] usb 6-1: USB disconnect, device number 8 [ 545.466594][T21523] netlink: 52 bytes leftover after parsing attributes in process `syz.6.7286'. [ 545.701515][T21538] overlayfs: failed to clone upperpath [ 545.758520][T21540] netlink: 44 bytes leftover after parsing attributes in process `syz.5.7295'. [ 545.805274][T21540] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7295'. [ 545.836089][T21540] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7295'. [ 545.886640][T21540] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7295'. [ 547.441564][T21658] 9pnet: p9_errstr2errno: server reported unknown error 1844674 [ 547.446748][T21659] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7351'. [ 547.799302][T21678] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 548.189233][T21698] loop6: detected capacity change from 0 to 2048 [ 548.258656][T21698] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option [ 548.316859][T21698] EXT4-fs (loop6): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,grpquota,nomblk_io_submit,stripe=0x000000000004ffff,norecovery,errors=remount-ro,max_batch_time=0x0000000000000814,. Quota mode: writeback. [ 548.900633][T21721] ipt_CLUSTERIP: Please specify destination IP [ 548.923936][T21727] netlink: 44 bytes leftover after parsing attributes in process `syz.6.7384'. [ 548.962330][T21727] netlink: 43 bytes leftover after parsing attributes in process `syz.6.7384'. [ 548.992720][T21727] netlink: 'syz.6.7384': attribute type 5 has an invalid length. [ 549.021371][T21727] netlink: 43 bytes leftover after parsing attributes in process `syz.6.7384'. [ 549.256108][T21740] netlink: 64 bytes leftover after parsing attributes in process `syz.0.7390'. [ 550.071578][T21778] IPVS: Scheduler module ip_vs_sip not found [ 551.327707][T21873] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7450'. [ 551.558564][T21889] netlink: 140 bytes leftover after parsing attributes in process `syz.6.7457'. [ 551.647911][ T4402] tipc: Subscription rejected, illegal request [ 552.385566][T21945] netlink: 188 bytes leftover after parsing attributes in process `syz.0.7485'. [ 552.417261][T21945] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7485'. [ 552.976907][T21992] loop0: detected capacity change from 0 to 512 [ 553.027051][T21992] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a803c02c, mo2=0002] [ 553.045033][T21992] System zones: 1-12 [ 553.067233][T21992] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.7508: error while reading EA inode 32 err=-116 [ 553.086153][T21992] EXT4-fs (loop0): Remounting filesystem read-only [ 553.093045][T21992] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.7508: error while reading EA inode 32 err=-116 [ 553.114956][T21992] EXT4-fs (loop0): Remounting filesystem read-only [ 553.132579][T21992] EXT4-fs (loop0): 1 orphan inode deleted [ 553.143175][T21992] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,debug,debug_want_extra_isize=0x000000000000005e,noauto_da_alloc,bsddf,jqfmt=vfsv1,grpid,. Quota mode: none. [ 553.468944][T22021] binder: Binderfs stats mode cannot be changed during a remount [ 553.550468][T22026] netlink: 48 bytes leftover after parsing attributes in process `syz.4.7524'. [ 553.730753][T22044] loop0: detected capacity change from 0 to 16 [ 553.834143][T22044] erofs: (device loop0): mounted with root inode @ nid 36. [ 554.023554][T22067] netlink: 32 bytes leftover after parsing attributes in process `syz.5.7543'. [ 554.091361][T22071] overlayfs: unrecognized mount option "verity=on" or missing value [ 554.768343][T22125] overlayfs: unrecognized mount option "verity=on" or missing value [ 556.269472][ T25] audit: type=1326 audit(2000000560.243:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22227 comm="syz.4.7623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 556.370701][ T25] audit: type=1326 audit(2000000560.262:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22227 comm="syz.4.7623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 556.425587][T22236] netlink: 72 bytes leftover after parsing attributes in process `syz.4.7627'. [ 556.450973][ T25] audit: type=1326 audit(2000000560.262:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22227 comm="syz.4.7623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 556.472608][T22239] x_tables: duplicate underflow at hook 1 [ 556.522156][ T25] audit: type=1326 audit(2000000560.290:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22227 comm="syz.4.7623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 556.597920][T22246] netlink: 1004 bytes leftover after parsing attributes in process `syz.5.7632'. [ 556.622146][ T25] audit: type=1326 audit(2000000560.290:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22227 comm="syz.4.7623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 556.704213][ T25] audit: type=1326 audit(2000000560.290:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22227 comm="syz.4.7623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 556.744174][T22256] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7635'. [ 556.806030][ T25] audit: type=1326 audit(2000000560.290:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22227 comm="syz.4.7623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 556.873792][ T25] audit: type=1326 audit(2000000560.290:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22227 comm="syz.4.7623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 557.437455][T22302] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7658'. [ 557.484900][T22307] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7659'. [ 558.089702][T22341] tmpfs: Bad value for 'mpol' [ 558.252020][T22354] netlink: 'syz.2.7681': attribute type 1 has an invalid length. [ 558.333457][T22354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 559.013883][T20436] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 559.359328][T22431] netem: change failed [ 559.458371][T20436] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 559.483154][T20436] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 559.503842][T20436] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 559.513163][T20436] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.573057][T20436] usb 1-1: config 0 descriptor?? [ 559.827886][T22462] xt_bpf: check failed: parse error [ 559.955095][T22469] overlayfs: overlapping lowerdir path [ 560.165838][T20436] usbhid 1-1:0.0: can't add hid device: -71 [ 560.176718][T20436] usbhid: probe of 1-1:0.0 failed with error -71 [ 560.206010][T20436] usb 1-1: USB disconnect, device number 7 [ 561.085578][T22535] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7771'. [ 561.228402][T22547] overlayfs: failed to clone upperpath [ 561.647633][T22581] netlink: 156 bytes leftover after parsing attributes in process `syz.5.7793'. [ 562.295043][T20436] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 562.436672][T22634] bpf: Bad value for 'mode' [ 562.573593][T22640] tipc: Started in network mode [ 562.578740][T22640] tipc: Node identity 4, cluster identity 4711 [ 562.585398][T20436] usb 1-1: Using ep0 maxpacket: 32 [ 562.625491][T22640] tipc: Node number set to 4 [ 562.732039][T20436] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 562.740215][T20436] usb 1-1: config 0 has no interface number 0 [ 562.786645][T20436] usb 1-1: config 0 interface 184 has no altsetting 0 [ 562.998218][T20436] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 563.014768][T20436] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.045977][T20436] usb 1-1: Product: syz [ 563.058633][T20436] usb 1-1: Manufacturer: syz [ 563.075081][T20436] usb 1-1: SerialNumber: syz [ 563.098941][T20436] usb 1-1: config 0 descriptor?? [ 563.173539][T20436] smsc75xx v1.0.0 [ 563.177233][T20436] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 563.198517][T20436] smsc75xx: probe of 1-1:0.184 failed with error -22 [ 563.396076][T20436] usb 1-1: USB disconnect, device number 8 [ 563.880282][T22708] loop5: detected capacity change from 0 to 512 [ 564.005387][T22708] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 564.032180][T22708] EXT4-fs (loop5): inline encryption not supported [ 564.067705][T22708] EXT4-fs (loop5): Test dummy encryption mode enabled [ 564.099106][T22708] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 564.152071][T22708] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 564.217195][T22708] EXT4-fs (loop5): 1 truncate cleaned up [ 564.222876][T22708] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 564.757924][T22771] netlink: 16 bytes leftover after parsing attributes in process `syz.6.7884'. [ 564.987961][T22786] netlink: 68 bytes leftover after parsing attributes in process `syz.5.7891'. [ 565.281047][T22810] netlink: 44 bytes leftover after parsing attributes in process `syz.2.7903'. [ 565.641423][T22841] binder: 22840:22841 ioctl 40046205 0 returned -22 [ 565.901387][T22858] overlayfs: unrecognized mount option "verity=require" or missing value [ 566.132186][ T25] audit: type=1326 audit(2000000007.093:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22879 comm="syz.2.7937" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x0 [ 566.136863][T22881] netlink: 68 bytes leftover after parsing attributes in process `syz.4.7936'. [ 566.410216][T22900] netlink: 44 bytes leftover after parsing attributes in process `syz.2.7945'. [ 566.752813][T22928] loop0: detected capacity change from 0 to 128 [ 567.995954][T23012] binfmt_misc: register: failed to install interpreter file ./cgroup [ 569.344220][T23089] netlink: 24 bytes leftover after parsing attributes in process `syz.5.8023'. [ 569.480703][T23097] netlink: 132 bytes leftover after parsing attributes in process `syz.5.8027'. [ 569.501528][T23099] loop0: detected capacity change from 0 to 16 [ 569.585810][T23099] erofs: (device loop0): mounted with root inode @ nid 36. [ 569.636399][T23105] loop2: detected capacity change from 0 to 128 [ 570.053534][T23127] overlayfs: missing 'workdir' [ 570.259011][T23138] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8047'. [ 570.302667][T23138] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8047'. [ 570.317974][T23142] netlink: 'syz.2.8049': attribute type 13 has an invalid length. [ 570.369981][T23145] netlink: 'syz.4.8050': attribute type 4 has an invalid length. [ 570.385288][T23140] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 570.474557][T23151] netlink: 56 bytes leftover after parsing attributes in process `syz.2.8053'. [ 571.461903][T23218] loop0: detected capacity change from 0 to 512 [ 571.486301][T23218] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.547682][T23218] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #16: comm syz.0.8085: invalid indirect mapped block 4294967295 (level 0) [ 571.577273][T23218] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #16: comm syz.0.8085: invalid indirect mapped block 4294967295 (level 1) [ 571.614273][T23218] EXT4-fs (loop0): 1 orphan inode deleted [ 571.635021][T23218] EXT4-fs (loop0): 1 truncate cleaned up [ 571.640906][T23218] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 571.976239][T23249] netlink: 'syz.4.8099': attribute type 4 has an invalid length. [ 572.029644][T23247] @: renamed from vlan0 [ 572.088701][T23253] netlink: 'syz.4.8099': attribute type 4 has an invalid length. [ 572.345556][T23273] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8110'. [ 572.573435][T23286] netlink: 52 bytes leftover after parsing attributes in process `syz.2.8117'. [ 573.060184][T23323] netlink: 140 bytes leftover after parsing attributes in process `syz.6.8135'. [ 573.121690][T23329] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8138'. [ 573.368203][T23346] x_tables: ip_tables: TCPMSS target: only valid for protocol 6 [ 573.568833][T23361] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 575.092884][T23451] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8196'. [ 575.139927][T23452] loop0: detected capacity change from 0 to 2048 [ 575.244310][T23452] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 575.265605][T23452] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 576.368430][T23525] netlink: 280 bytes leftover after parsing attributes in process `syz.6.8231'. [ 576.694574][ T25] audit: type=1326 audit(2000000272.995:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23547 comm="syz.4.8242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 576.808613][ T25] audit: type=1326 audit(2000000272.995:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23547 comm="syz.4.8242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 577.784974][T23633] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8280'. [ 578.235877][T23663] netlink: 'syz.6.8296': attribute type 6 has an invalid length. [ 579.126736][T20436] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 579.273426][T23735] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8331'. [ 579.533589][T23755] 9pnet: Insufficient options for proto=fd [ 579.564525][T20436] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 579.595482][T20436] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 579.625935][T20436] usb 3-1: config 1 has no interface number 0 [ 579.658150][T20436] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 579.872737][T20436] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 579.885700][T20436] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.918265][T20436] usb 3-1: Product: syz [ 579.920014][T23781] binder: 23778:23781 ioctl 4018620d 0 returned -22 [ 579.922433][T20436] usb 3-1: Manufacturer: syz [ 579.922450][T20436] usb 3-1: SerialNumber: syz [ 580.001391][T20436] usb 3-1: selecting invalid altsetting 1 [ 580.239016][T20436] cdc_ncm 3-1:1.1: bind() failure [ 580.248997][T20436] usb 3-1: USB disconnect, device number 8 [ 580.856130][T23839] loop5: detected capacity change from 0 to 512 [ 581.246598][T23863] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8393'. [ 581.516472][T23886] netlink: 76 bytes leftover after parsing attributes in process `syz.5.8402'. [ 581.555619][T23886] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8402'. [ 581.564576][T23886] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8402'. [ 581.690999][T23886] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8402'. [ 584.243040][T23986] netlink: 32 bytes leftover after parsing attributes in process `syz.5.8447'. [ 584.490393][T24004] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8458'. [ 584.524753][T24006] tipc: Enabled bearer , priority 8 [ 584.549670][T24013] overlayfs: missing 'lowerdir' [ 585.152043][T24064] netlink: 104 bytes leftover after parsing attributes in process `syz.5.8483'. [ 585.166820][ T25] audit: type=1326 audit(2000000280.956:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24065 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 585.189148][ C0] vkms_vblank_simulate: vblank timer overrun [ 585.226311][ T25] audit: type=1326 audit(2000000281.012:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24065 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 585.314120][ T25] audit: type=1326 audit(2000000281.031:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24065 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 585.406255][ T25] audit: type=1326 audit(2000000281.031:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24065 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 585.484988][ T25] audit: type=1326 audit(2000000281.031:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24065 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 585.507236][ C0] vkms_vblank_simulate: vblank timer overrun [ 585.564208][ T25] audit: type=1326 audit(2000000281.031:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24065 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 585.600873][ T25] audit: type=1326 audit(2000000281.031:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24065 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 585.669329][ T25] audit: type=1326 audit(2000000281.031:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24065 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 585.693770][ T25] audit: type=1326 audit(2000000281.031:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24065 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 585.753105][ T4294] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 585.795588][ T25] audit: type=1326 audit(2000000281.031:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24065 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 586.151525][ T4294] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 586.179816][ T4294] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 586.209401][T24132] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8517'. [ 586.211017][ T4294] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.259754][ T4294] usb 6-1: config 0 descriptor?? [ 586.308896][ T4294] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 586.529398][ T5623] usb 6-1: USB disconnect, device number 9 [ 586.986868][T24181] loop2: detected capacity change from 0 to 128 [ 587.069699][T24181] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 587.130331][T24181] ext4 filesystem being mounted at /1597/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 587.370625][T24214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8556'. [ 587.640908][T24233] overlayfs: overlapping lowerdir path [ 588.288325][ T5623] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 588.565306][ T5623] usb 7-1: Using ep0 maxpacket: 32 [ 588.693331][ T5623] usb 7-1: config 0 has an invalid interface number: 184 but max is 0 [ 588.701549][ T5623] usb 7-1: config 0 has no interface number 0 [ 588.729232][ T5623] usb 7-1: config 0 interface 184 has no altsetting 0 [ 588.799781][T20436] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 588.906463][ T5623] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 588.920794][ T5623] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.939698][ T5623] usb 7-1: Product: syz [ 588.943874][ T5623] usb 7-1: Manufacturer: syz [ 588.951954][ T5623] usb 7-1: SerialNumber: syz [ 588.962056][ T5623] usb 7-1: config 0 descriptor?? [ 589.024305][ T5623] smsc75xx v1.0.0 [ 589.028050][ T5623] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 589.056215][ T5623] smsc75xx: probe of 7-1:0.184 failed with error -22 [ 589.092079][T20436] usb 1-1: Using ep0 maxpacket: 8 [ 589.247767][ T5623] usb 7-1: USB disconnect, device number 7 [ 589.251431][T20436] usb 1-1: too many endpoints for config 0 interface 0 altsetting 250: 251, using maximum allowed: 30 [ 589.289757][T20436] usb 1-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 251 [ 589.316957][T20436] usb 1-1: config 0 interface 0 has no altsetting 0 [ 589.326023][T20436] usb 1-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 589.367118][T20436] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.399497][T20436] usb 1-1: config 0 descriptor?? [ 589.812019][T20436] usbhid 1-1:0.0: can't add hid device: -71 [ 589.818013][T20436] usbhid: probe of 1-1:0.0 failed with error -71 [ 589.852845][T20436] usb 1-1: USB disconnect, device number 9 [ 590.846787][T24426] overlayfs: missing 'lowerdir' [ 591.092481][T24435] netlink: 132 bytes leftover after parsing attributes in process `syz.6.8660'. [ 592.192824][T24495] netlink: 56 bytes leftover after parsing attributes in process `syz.0.8689'. [ 592.681477][T24525] loop0: detected capacity change from 0 to 1024 [ 592.700054][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 592.706440][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 592.881115][T24525] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x0000000000000003,abort,,errors=continue. Quota mode: none. [ 592.905644][T24525] EXT4-fs error (device loop0): ext4_generic_delete_entry:2729: inode #12: block 7: comm syz.0.8703: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0 [ 593.045055][T24525] EXT4-fs error (device loop0) in ext4_delete_inline_entry:1790: Corrupt filesystem [ 593.403483][T24558] 9pnet: Insufficient options for proto=fd [ 594.071532][T24607] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8739'. [ 594.280963][T24620] loop2: detected capacity change from 0 to 128 [ 594.775421][T24650] netlink: 'syz.2.8760': attribute type 16 has an invalid length. [ 594.822491][T24650] netlink: 64130 bytes leftover after parsing attributes in process `syz.2.8760'. [ 595.391932][T24700] device batadv_slave_1 entered promiscuous mode [ 595.403371][T24699] device batadv_slave_1 left promiscuous mode [ 595.609277][T24717] tmpfs: Bad value for 'nr_inodes' [ 597.006359][T24819] loop5: detected capacity change from 0 to 128 [ 597.123352][T24819] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 597.154844][T24819] EXT4-fs (loop5): Ignoring removed oldalloc option [ 597.181223][T24819] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,grpjquota=,nomblk_io_submit,jqfmt=vfsold,oldalloc,,errors=continue. Quota mode: writeback. [ 597.208719][T24819] ext4 filesystem being mounted at /1656/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 597.527564][T24860] netlink: 132 bytes leftover after parsing attributes in process `syz.5.8857'. [ 597.594391][T24864] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8860'. [ 597.933346][T24889] netlink: 20 bytes leftover after parsing attributes in process `syz.5.8872'. [ 598.759039][T24948] loop5: detected capacity change from 0 to 1024 [ 598.847363][T24948] EXT4-fs (loop5): Ignoring removed oldalloc option [ 598.908901][T24948] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodelalloc,auto_da_alloc=0x00000000000000e6,oldalloc,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 598.941391][T24948] ext4 filesystem being mounted at /1671/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 598.984142][T24965] 9pnet: Insufficient options for proto=fd [ 599.846745][T25033] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8941'. [ 599.921145][T25033] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8941'. [ 600.024044][T25046] overlayfs: overlapping lowerdir path [ 600.221014][T25057] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8950'. [ 600.455703][T25072] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8957'. [ 601.425015][T25137] netlink: 16 bytes leftover after parsing attributes in process `syz.6.8985'. [ 601.594973][T25150] netlink: 40 bytes leftover after parsing attributes in process `syz.2.8991'. [ 602.333061][T25204] netlink: 'syz.4.9017': attribute type 4 has an invalid length. [ 602.389766][T25204] netlink: 'syz.4.9017': attribute type 5 has an invalid length. [ 602.397504][T25204] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.9017'. [ 602.751004][T25238] netlink: 100 bytes leftover after parsing attributes in process `syz.6.9035'. [ 603.383979][T25277] overlayfs: unrecognized mount option "appraise" or missing value [ 603.409497][T25281] netlink: 128 bytes leftover after parsing attributes in process `syz.2.9055'. [ 603.434172][T25281] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9055'. [ 604.505880][T25354] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 604.595244][T25354] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 606.876544][ T5778] usb 6-1: new low-speed USB device number 10 using dummy_hcd [ 607.025236][T25520] __nla_validate_parse: 4 callbacks suppressed [ 607.025252][T25520] netlink: 56 bytes leftover after parsing attributes in process `syz.2.9171'. [ 607.326287][ T5778] usb 6-1: config 16 has an invalid interface number: 236 but max is 0 [ 607.344078][ T5778] usb 6-1: config 16 has no interface number 0 [ 607.634967][T25560] loop6: detected capacity change from 0 to 128 [ 607.665225][ T5778] usb 6-1: string descriptor 0 read error: -22 [ 607.676382][ T5778] usb 6-1: New USB device found, idVendor=2040, idProduct=c61a, bcdDevice=f4.96 [ 607.719677][ T5778] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.027507][T20436] usb 6-1: USB disconnect, device number 10 [ 608.067607][T25590] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9205'. [ 608.206177][T25600] netlink: 368 bytes leftover after parsing attributes in process `syz.6.9209'. [ 608.218947][T25601] 9pnet: Insufficient options for proto=fd [ 608.458837][T25618] netlink: 140 bytes leftover after parsing attributes in process `syz.2.9219'. [ 609.230096][T25669] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9245'. [ 610.002935][T25718] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9269'. [ 610.631475][T25751] xt_CT: No such helper "pptp" [ 610.656076][T25761] tmpfs: Unknown parameter 'noswap' [ 610.913836][ T25] kauditd_printk_skb: 13 callbacks suppressed [ 610.913851][ T25] audit: type=1326 audit(2000000019.570:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25774 comm="syz.4.9295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 611.000280][ T25] audit: type=1326 audit(2000000019.608:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25774 comm="syz.4.9295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 611.375681][T25809] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9311'. [ 611.519274][T25814] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9313'. [ 611.968300][T25851] 9pnet: Insufficient options for proto=fd [ 612.414070][ T5778] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 612.523397][T25896] netlink: 'syz.4.9354': attribute type 72 has an invalid length. [ 612.764417][T25915] qnx4: no qnx4 filesystem (no root dir). [ 612.877776][ T5778] usb 6-1: unable to get BOS descriptor or descriptor too short [ 612.974575][T25934] netlink: 'syz.4.9368': attribute type 72 has an invalid length. [ 612.984237][ T5778] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 612.991834][ T5778] usb 6-1: can't read configurations, error -71 [ 613.445136][T25966] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9386'. [ 615.270619][T26067] loop0: detected capacity change from 0 to 2048 [ 615.415355][T26067] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 615.455098][T26067] ext4 filesystem being mounted at /1866/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 615.547924][T26084] loop6: detected capacity change from 0 to 256 [ 615.870555][T26102] overlayfs: missing 'lowerdir' [ 616.122680][T26125] loop6: detected capacity change from 0 to 512 [ 616.225381][T26125] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 616.255160][T26125] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c118, mo2=0002] [ 616.302946][T26125] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2229: inode #15: comm syz.6.9455: corrupted in-inode xattr [ 616.327804][T26125] EXT4-fs error (device loop6): ext4_orphan_get:1406: comm syz.6.9455: couldn't read orphan inode 15 (err -117) [ 616.341446][T26125] EXT4-fs (loop6): mounted filesystem without journal. Opts: jqfmt=vfsold,max_batch_time=0x0000000000000001,debug,noload,jqfmt=vfsv1,noblock_validity,init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000002,usrjquota=,,errors=continue. Quota mode: none. [ 616.399990][ T5780] Bluetooth: hci0: command 0x0405 tx timeout [ 616.406131][ T5778] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 616.406297][T26146] netlink: 'syz.0.9467': attribute type 11 has an invalid length. [ 616.421800][T26146] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.9467'. [ 616.891629][T26184] 9pnet: Insufficient options for proto=fd [ 617.045339][ T5778] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 617.054440][ T5778] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.104624][ T5778] usb 3-1: Product: syz [ 617.108817][ T5778] usb 3-1: Manufacturer: syz [ 617.130353][ T5778] usb 3-1: SerialNumber: syz [ 617.582502][T26237] netlink: 165 bytes leftover after parsing attributes in process `syz.0.9509'. [ 617.751008][T26248] overlayfs: missing 'lowerdir' [ 618.429380][T26295] 9p: Unknown access argument a [ 618.437197][ T25] audit: type=1326 audit(2000000003.872:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26296 comm="syz.5.9535" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c5c361749 code=0x0 [ 619.033724][T26335] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9555'. [ 619.439503][T26368] fuse: Bad value for 'fd' [ 619.848270][ T5778] rtl8150 3-1:1.0: couldn't reset the device [ 619.854434][ T5778] rtl8150: probe of 3-1:1.0 failed with error -5 [ 619.902541][ T5778] usb 3-1: USB disconnect, device number 9 [ 620.216831][T26423] netlink: 108 bytes leftover after parsing attributes in process `syz.4.9596'. [ 620.698923][T26451] netlink: 388 bytes leftover after parsing attributes in process `syz.5.9610'. [ 620.710165][T26452] overlayfs: failed to resolve './file1': -2 [ 620.948296][ T25] audit: type=1326 audit(2000000006.236:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26472 comm="syz.0.9621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bd60749 code=0x7ffc0000 [ 621.027388][ T25] audit: type=1326 audit(2000000006.264:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26472 comm="syz.0.9621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bd60749 code=0x7ffc0000 [ 621.238527][ T25] audit: type=1326 audit(2000000006.264:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26472 comm="syz.0.9621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f399bd60749 code=0x7ffc0000 [ 621.261221][ T25] audit: type=1326 audit(2000000006.264:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26472 comm="syz.0.9621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bd60749 code=0x7ffc0000 [ 621.284704][ T25] audit: type=1326 audit(2000000006.264:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26472 comm="syz.0.9621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bd60749 code=0x7ffc0000 [ 622.620141][T26535] netlink: 28 bytes leftover after parsing attributes in process `syz.6.9649'. [ 622.813497][T26554] netlink: 44 bytes leftover after parsing attributes in process `syz.5.9656'. [ 623.616047][T26606] loop5: detected capacity change from 0 to 2048 [ 623.822282][T26606] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 623.833881][T26606] ext4 filesystem being mounted at /1803/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 624.651039][T26667] fuse: Invalid rootmode [ 625.135034][T26695] netlink: 20 bytes leftover after parsing attributes in process `syz.5.9724'. [ 625.148442][T26693] overlayfs: missing 'lowerdir' [ 626.036591][T26752] netlink: 388 bytes leftover after parsing attributes in process `syz.2.9749'. [ 626.049645][T26750] netlink: 'syz.0.9750': attribute type 27 has an invalid length. [ 626.203464][T26758] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9753'. [ 626.305095][T26767] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9757'. [ 626.439679][ T25] audit: type=1326 audit(2000000011.387:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26774 comm="syz.6.9761" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2cc1dfe749 code=0x0 [ 626.980465][T26808] netlink: 16 bytes leftover after parsing attributes in process `syz.6.9777'. [ 627.053052][T26808] netlink: 52 bytes leftover after parsing attributes in process `syz.6.9777'. [ 627.125585][T26808] netlink: 36 bytes leftover after parsing attributes in process `syz.6.9777'. [ 627.164395][T26818] netlink: 72 bytes leftover after parsing attributes in process `syz.5.9782'. [ 627.448617][T26831] netlink: 'syz.4.9786': attribute type 10 has an invalid length. [ 627.498523][T26831] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9786'. [ 627.521188][T26835] netlink: 28 bytes leftover after parsing attributes in process `syz.5.9790'. [ 627.675842][T26841] overlayfs: unrecognized mount option "verity=require:/" or missing value [ 628.318581][ T25] audit: type=1326 audit(2000000013.141:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26878 comm="syz.6.9811" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2cc1dfe749 code=0x0 [ 629.199206][T26936] loop0: detected capacity change from 0 to 512 [ 629.387573][T26936] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 629.396272][T26936] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 629.463653][T26936] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a816c099, mo2=0002] [ 629.477738][T26936] System zones: 1-12 [ 629.490491][T26936] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.9835: inode #1: comm syz.0.9835: iget: illegal inode # [ 629.508762][T26936] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.9835: error while reading EA inode 1 err=-117 [ 629.521908][T26936] EXT4-fs (loop0): 1 orphan inode deleted [ 629.533342][T26936] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,usrjquota=,usrjquota=,journal_dev=0x0000000000000dcd,resgid=0x0000000000000000,minixdf,debug,grpquota,nombcache,minixdf,nomblk_io_submit,nomblk_io_submit,i_version,,errors=continue. Quota mode: writeback. [ 629.975663][ T25] audit: type=1326 audit(2000000014.708:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26983 comm="syz.4.9856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 630.061191][ T25] audit: type=1326 audit(2000000014.708:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26983 comm="syz.4.9856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 630.129724][ T25] audit: type=1326 audit(2000000014.708:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26983 comm="syz.4.9856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 630.208265][ T25] audit: type=1326 audit(2000000014.708:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26983 comm="syz.4.9856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 630.281718][ T25] audit: type=1326 audit(2000000014.708:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26983 comm="syz.4.9856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 630.462577][T27016] loop6: detected capacity change from 0 to 512 [ 630.536210][T27016] EXT4-fs (loop6): Ignoring removed bh option [ 630.566011][T27016] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 630.602275][T27016] EXT4-fs (loop6): 1 truncate cleaned up [ 630.620417][T27016] EXT4-fs (loop6): mounted filesystem without journal. Opts: quota,resgid=0x000000000000ee00,bh,noload,data_err=ignore,abort,,errors=continue. Quota mode: writeback. [ 631.206382][T27063] __nla_validate_parse: 1 callbacks suppressed [ 631.206396][T27063] netlink: 44 bytes leftover after parsing attributes in process `syz.4.9890'. [ 632.772796][T27173] binder: Unknown parameter 'fscontext?' [ 633.505137][T27214] loop2: detected capacity change from 0 to 128 [ 634.021506][T27238] netlink: 68 bytes leftover after parsing attributes in process `syz.2.9973'. [ 634.273192][T27249] 9pnet: Insufficient options for proto=fd [ 634.379095][T27253] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 634.830959][T27285] xt_CT: You must specify a L4 protocol and not use inversions on it [ 635.198162][T27309] loop5: detected capacity change from 0 to 164 [ 635.283119][T27319] binder: Unknown parameter 'co' [ 635.375418][T27323] IPv6: A: Disabled Multicast RS [ 635.669615][T27338] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10019'. [ 635.843199][T27347] netlink: 56 bytes leftover after parsing attributes in process `syz.4.10021'. [ 637.137567][T27429] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10065'. [ 638.607569][T27532] loop6: detected capacity change from 0 to 512 [ 638.702442][T27532] EXT4-fs error (device loop6): ext4_orphan_get:1401: inode #15: comm syz.6.10112: inode has both inline data and extents flags [ 638.724180][T27532] EXT4-fs error (device loop6): ext4_orphan_get:1406: comm syz.6.10112: couldn't read orphan inode 15 (err -117) [ 638.745641][T27532] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 640.166805][ T25] audit: type=1326 audit(2000000003.115:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27625 comm="syz.2.10156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x7fc00000 [ 640.267116][T27637] binder: 27636:27637 ioctl c0306201 2000000001c0 returned -14 [ 640.641321][T27665] 9pnet_virtio: no channels available for device syz [ 641.061478][T27692] 9pnet_virtio: no channels available for device [ 641.132966][T27699] overlayfs: overlapping lowerdir path [ 641.385450][T27715] trusted_key: encrypted_key: master key parameter is missing [ 643.331674][T27848] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10260'. [ 643.883110][T27880] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10276'. [ 643.983371][ T25] audit: type=1326 audit(2000000006.708:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27883 comm="syz.4.10278" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8edce86749 code=0x0 [ 645.210608][T27959] netlink: 20 bytes leftover after parsing attributes in process `syz.2.10312'. [ 645.267074][T27965] IPv6: A: Disabled Multicast RS [ 645.702048][T27999] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10326'. [ 645.781932][T28001] device batadv_slave_1 entered promiscuous mode [ 645.795982][T28000] device batadv_slave_1 left promiscuous mode [ 646.342770][T28027] overlayfs: missing 'lowerdir' [ 646.549086][T28036] loop6: detected capacity change from 0 to 512 [ 646.623986][T28036] EXT4-fs (loop6): Journaled quota options ignored when QUOTA feature is enabled [ 646.659114][T28036] EXT4-fs (loop6): Unrecognized mount option "seclabel" or missing value [ 648.419457][T28134] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10391'. [ 648.451878][T28134] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10391'. [ 648.472032][T28134] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10391'. [ 648.507812][ T5782] usb 6-1: new low-speed USB device number 13 using dummy_hcd [ 648.614076][T28146] 9pnet: Could not find request transport: 0xffffffffffffffff [ 648.787109][T28157] netlink: 32 bytes leftover after parsing attributes in process `syz.0.10403'. [ 648.991832][ T5782] usb 6-1: config 16 has an invalid interface number: 236 but max is 0 [ 649.012133][ T5782] usb 6-1: config 16 has no interface number 0 [ 649.285910][ T5782] usb 6-1: string descriptor 0 read error: -22 [ 649.292169][ T5782] usb 6-1: New USB device found, idVendor=2040, idProduct=c61a, bcdDevice=f4.96 [ 649.343607][ T5782] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.457918][T28194] binder: 28193:28194 ioctl c0306201 0 returned -14 [ 649.640642][ T5782] usb 6-1: USB disconnect, device number 13 [ 650.071814][T28233] netlink: 140 bytes leftover after parsing attributes in process `syz.6.10440'. [ 650.608147][T28271] netlink: 16 bytes leftover after parsing attributes in process `syz.4.10457'. [ 650.722309][T28270] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 651.193380][T28305] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 651.242525][T28310] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 651.251520][T28310] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 651.263104][T28311] netlink: 72 bytes leftover after parsing attributes in process `syz.5.10476'. [ 652.000670][T28362] loop5: detected capacity change from 0 to 512 [ 652.056956][T28362] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 652.082146][T28362] EXT4-fs (loop5): inline encryption not supported [ 652.147829][T28362] EXT4-fs (loop5): Test dummy encryption mode enabled [ 652.208234][T28362] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 652.230260][T28362] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 652.317442][T28362] EXT4-fs (loop5): 1 truncate cleaned up [ 652.323327][T28362] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 653.023997][T28433] 9pnet: Insufficient options for proto=fd [ 653.476081][T28470] netlink: 84 bytes leftover after parsing attributes in process `syz.4.10548'. [ 653.530630][T28470] netlink: 64 bytes leftover after parsing attributes in process `syz.4.10548'. [ 653.981235][T28504] loop0: detected capacity change from 0 to 512 [ 654.057175][T28504] EXT4-fs (loop0): Ignoring removed nobh option [ 654.092637][ T5782] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 654.151978][T28504] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 654.191441][T28504] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.10564: attempt to clear invalid blocks 1 len 1 [ 654.209779][T28504] EXT4-fs (loop0): Remounting filesystem read-only [ 654.222043][T28504] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 654.239046][T28504] EXT4-fs (loop0): Remounting filesystem read-only [ 654.254587][T28504] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.10564: invalid indirect mapped block 1819239214 (level 0) [ 654.272671][T28504] EXT4-fs (loop0): Remounting filesystem read-only [ 654.279602][T28504] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.10564: invalid indirect mapped block 1819239214 (level 1) [ 654.307165][T28519] device sit0 entered promiscuous mode [ 654.312761][T28519] netlink: 'syz.6.10570': attribute type 1 has an invalid length. [ 654.321665][T28519] netlink: 1 bytes leftover after parsing attributes in process `syz.6.10570'. [ 654.330704][T28504] EXT4-fs (loop0): Remounting filesystem read-only [ 654.347429][T28504] EXT4-fs (loop0): 1 truncate cleaned up [ 654.356503][T28504] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 654.540511][ T5782] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 654.582599][ T5782] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 654.627703][ T5782] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 654.653957][T28536] netlink: 12 bytes leftover after parsing attributes in process `syz.6.10579'. [ 654.663273][ T5782] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.691568][ T5782] usb 3-1: config 0 descriptor?? [ 654.735215][ T5782] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 654.957722][ T5782] usb 3-1: USB disconnect, device number 10 [ 655.921149][T28612] loop5: detected capacity change from 0 to 1024 [ 656.040603][T28612] EXT4-fs (loop5): Unrecognized mount option "obj_role=appraise_type=imasig" or missing value [ 656.520725][T28646] netlink: 108 bytes leftover after parsing attributes in process `syz.5.10630'. [ 656.808201][T28663] netlink: 12 bytes leftover after parsing attributes in process `syz.5.10638'. [ 656.987960][T28676] netlink: 'syz.6.10644': attribute type 11 has an invalid length. [ 657.007238][T28676] netlink: 3657 bytes leftover after parsing attributes in process `syz.6.10644'. [ 657.566391][ T150] block nbd0: Attempted send on invalid socket [ 657.572707][ T150] blk_update_request: I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 657.589439][T28712] EXT4-fs (nbd0): unable to read superblock [ 658.055663][T28747] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10676'. [ 658.102799][T28747] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10676'. [ 658.135890][T28747] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10676'. [ 658.148669][T28753] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10676'. [ 658.185538][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 658.191860][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 658.215876][T28747] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10676'. [ 659.417079][T28815] loop5: detected capacity change from 0 to 512 [ 659.501287][ T25] audit: type=1326 audit(2000000021.270:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28819 comm="syz.2.10711" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x0 [ 659.536998][T28815] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 659.553560][T28815] EXT4-fs (loop5): inline encryption not supported [ 659.569074][T28815] EXT4-fs (loop5): Test dummy encryption mode enabled [ 659.607528][T28815] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 659.628193][T28815] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 659.693205][T28815] EXT4-fs (loop5): 1 truncate cleaned up [ 659.704908][T28815] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 660.007428][T28849] __nla_validate_parse: 10 callbacks suppressed [ 660.007441][T28849] netlink: 304 bytes leftover after parsing attributes in process `syz.0.10724'. [ 660.508518][T28885] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10741'. [ 661.033386][T28919] device wlan0 entered promiscuous mode [ 663.122340][T29040] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10814'. [ 663.467166][T29059] netlink: 16 bytes leftover after parsing attributes in process `syz.4.10824'. [ 664.128650][T29104] netlink: 'syz.0.10846': attribute type 4 has an invalid length. [ 664.263312][T29116] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 664.279326][T29111] netlink: 80 bytes leftover after parsing attributes in process `syz.5.10850'. [ 664.397066][T29119] netlink: 28 bytes leftover after parsing attributes in process `syz.6.10852'. [ 664.486189][T29125] tmpfs: Unknown parameter 'noswap' [ 664.505317][T29129] netlink: 68 bytes leftover after parsing attributes in process `syz.6.10857'. [ 664.682960][T29139] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10860'. [ 666.059406][T29204] overlayfs: missing 'workdir' [ 667.107250][T29271] overlayfs: unrecognized mount option "/'" or missing value [ 668.791013][T29386] netlink: 92 bytes leftover after parsing attributes in process `syz.2.10977'. [ 668.986284][T29397] overlayfs: missing 'lowerdir' [ 669.298776][T29416] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10990'. [ 669.488630][T29429] device pim6reg1 entered promiscuous mode [ 670.689199][T29506] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11032'. [ 670.860552][T29520] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11039'. [ 670.940001][T29524] 9pnet: Insufficient options for proto=fd [ 671.192682][T29539] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11048'. [ 671.917536][T29571] loop2: detected capacity change from 0 to 256 [ 672.046639][T29571] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d) [ 672.073858][T29571] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 672.155384][T29571] attempt to access beyond end of device [ 672.155384][T29571] loop2: rw=524288, want=408, limit=256 [ 672.239250][T29571] attempt to access beyond end of device [ 672.239250][T29571] loop2: rw=524288, want=664, limit=256 [ 672.272669][T29571] attempt to access beyond end of device [ 672.272669][T29571] loop2: rw=0, want=288, limit=256 [ 672.307252][ T25] audit: type=1800 audit(2000000033.279:1018): pid=29571 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.11062" name="file1" dev="loop2" ino=1048649 res=0 errno=0 [ 672.325681][T29596] Dead loop on virtual device ip6_vti0, fix it urgently! [ 673.296819][T29636] device batadv_slave_1 entered promiscuous mode [ 673.340268][T29633] device batadv_slave_1 left promiscuous mode [ 674.736337][ T25] audit: type=1326 audit(2000000035.559:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29714 comm="syz.4.11131" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8edce86749 code=0x0 [ 674.928620][T29724] trusted_key: encrypted_key: insufficient parameters specified [ 675.115679][T29734] tipc: Enabling of bearer rejected, failed to enable media [ 675.164151][T29736] device syzkaller0 entered promiscuous mode [ 675.243018][T29736] tipc: Enabled bearer , priority 0 [ 675.262947][T29735] tipc: Resetting bearer [ 675.318758][T29735] tipc: Disabling bearer [ 675.426279][T29752] netlink: 76 bytes leftover after parsing attributes in process `syz.6.11149'. [ 675.828654][T29773] netlink: 92 bytes leftover after parsing attributes in process `syz.5.11160'. [ 676.380576][T29812] 9pnet: Insufficient options for proto=fd [ 676.823888][T29838] loop6: detected capacity change from 0 to 512 [ 676.932109][T29850] netlink: 28 bytes leftover after parsing attributes in process `syz.5.11197'. [ 676.976492][T29850] netlink: 28 bytes leftover after parsing attributes in process `syz.5.11197'. [ 677.052037][T29838] EXT4-fs error (device loop6): ext4_xattr_inode_iget:404: inode #11: comm syz.6.11191: ea_inode with extended attributes [ 677.099903][T29861] devtmpfs: Unknown parameter 'usrquota_inode_hardlimit' [ 677.109670][T29838] EXT4-fs error (device loop6): ext4_xattr_inode_iget:409: comm syz.6.11191: error while reading EA inode 11 err=-117 [ 677.146295][T29838] EXT4-fs (loop6): 1 orphan inode deleted [ 677.162914][T29838] EXT4-fs (loop6): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000004c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue. Quota mode: none. [ 677.479541][T29889] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 677.767996][T29910] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11225'. [ 677.787649][T29912] netlink: 388 bytes leftover after parsing attributes in process `syz.0.11227'. [ 678.143543][T29934] netlink: 'syz.6.11238': attribute type 11 has an invalid length. [ 679.027082][T29998] fuse: Bad value for 'user_id' [ 680.944556][T30119] netlink: 'syz.5.11326': attribute type 4 has an invalid length. [ 680.954443][T30119] netlink: 17 bytes leftover after parsing attributes in process `syz.5.11326'. [ 680.977813][T30117] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11324'. [ 681.268996][T30144] 9p: Unknown Cache mode readahead [ 681.608089][T30160] netlink: 4 bytes leftover after parsing attributes in process `syz.5.11347'. [ 681.920957][T30177] netlink: 388 bytes leftover after parsing attributes in process `syz.5.11354'. [ 682.168671][T30193] loop2: detected capacity change from 0 to 8 [ 682.577737][T30203] kvm: emulating exchange as write [ 682.937825][T30229] netlink: 72 bytes leftover after parsing attributes in process `syz.2.11378'. [ 683.109352][T30240] fuse: Bad value for 'group_id' [ 683.338545][T30253] loop6: detected capacity change from 0 to 256 [ 683.771776][T30278] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11401'. [ 685.071720][T30344] netlink: 44 bytes leftover after parsing attributes in process `syz.6.11433'. [ 685.107722][T30344] netlink: 12 bytes leftover after parsing attributes in process `syz.6.11433'. [ 685.159568][T30344] netlink: 16 bytes leftover after parsing attributes in process `syz.6.11433'. [ 685.218873][T30344] netlink: 16 bytes leftover after parsing attributes in process `syz.6.11433'. [ 685.415202][T30357] loop6: detected capacity change from 0 to 2048 [ 685.474790][ T4174] Alternate GPT is invalid, using primary GPT. [ 685.508183][ T4174] loop6: p1 p2 p3 [ 685.537665][T30357] Alternate GPT is invalid, using primary GPT. [ 685.550655][T30357] loop6: p1 p2 p3 [ 685.710203][ T4323] udevd[4323]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 685.710396][ T5526] udevd[5526]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 685.743888][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 685.871650][ T5526] udevd[5526]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 685.888816][ T4323] udevd[4323]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 685.905242][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 686.255046][ T25] audit: type=1326 audit(2000000046.368:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30407 comm="syz.6.11463" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2cc1dfe749 code=0x0 [ 686.688210][T30437] __nla_validate_parse: 1 callbacks suppressed [ 686.688226][T30437] netlink: 44 bytes leftover after parsing attributes in process `syz.2.11477'. [ 688.179427][T30532] netlink: 'syz.6.11518': attribute type 2 has an invalid length. [ 688.893359][T30568] overlayfs: missing 'lowerdir' [ 689.402400][T30592] loop6: detected capacity change from 0 to 512 [ 689.492291][T30592] EXT4-fs (loop6): Ignoring removed nobh option [ 689.517865][T30597] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11549'. [ 689.550818][T30592] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -13 [ 689.574495][T30592] EXT4-fs error (device loop6): ext4_clear_blocks:883: inode #13: comm syz.6.11547: attempt to clear invalid blocks 1 len 1 [ 689.637790][T30592] EXT4-fs (loop6): Remounting filesystem read-only [ 689.644553][T30592] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 689.661032][T30592] EXT4-fs (loop6): Remounting filesystem read-only [ 689.668056][T30592] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz.6.11547: invalid indirect mapped block 1819239214 (level 0) [ 689.693413][T30592] EXT4-fs (loop6): Remounting filesystem read-only [ 689.704652][T30592] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz.6.11547: invalid indirect mapped block 1819239214 (level 1) [ 689.741176][T30592] EXT4-fs (loop6): Remounting filesystem read-only [ 689.754688][T30592] EXT4-fs (loop6): 1 truncate cleaned up [ 689.760340][T30592] EXT4-fs (loop6): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resuid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback. [ 690.249927][T30630] overlayfs: missing 'lowerdir' [ 691.934121][T30732] overlayfs: missing 'lowerdir' [ 692.118377][T30745] loop5: detected capacity change from 0 to 1024 [ 692.264078][T30761] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11625'. [ 692.306272][T30745] EXT4-fs (loop5): Ignoring removed nobh option [ 692.313638][T30745] EXT4-fs (loop5): Ignoring removed bh option [ 692.323350][T30745] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 692.380569][T30745] EXT4-fs (loop5): mounted filesystem without journal. Opts: resuid=0x0000000000000000,data_err=abort,barrier=0x0000000000000001,dioread_nolock,grpjquota=,quota,data_err=ignore,grpquota,nobh,user_xattr,bh,minixdf,,errors=continue. Quota mode: writeback. [ 692.600374][T11750] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 692.815010][ T25] audit: type=1326 audit(656.541:1021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30803 comm="syz.2.11643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x7ffc0000 [ 692.865779][T11750] usb 1-1: Using ep0 maxpacket: 16 [ 693.001476][T11750] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 693.023627][T11750] usb 1-1: config 0 interface 0 has no altsetting 0 [ 693.037316][T11750] usb 1-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 693.058671][T11750] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 693.081306][T11750] usb 1-1: config 0 descriptor?? [ 693.453055][T11750] usbhid 1-1:0.0: can't add hid device: -71 [ 693.459136][T11750] usbhid: probe of 1-1:0.0 failed with error -71 [ 693.493132][T11750] usb 1-1: USB disconnect, device number 10 [ 693.652853][T30854] futex_wake_op: syz.6.11666 tries to shift op by -1; fix this program [ 694.042189][T30882] loop6: detected capacity change from 0 to 2048 [ 694.163142][ T4174] Alternate GPT is invalid, using primary GPT. [ 694.199042][ T4174] loop6: p2 p3 p7 [ 694.258276][T30882] Alternate GPT is invalid, using primary GPT. [ 694.272415][T30882] loop6: p2 p3 p7 [ 694.518348][T30918] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 694.519430][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 694.551400][ T4323] udevd[4323]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 694.557298][T30920] netlink: 56 bytes leftover after parsing attributes in process `syz.2.11699'. [ 694.566260][ T5526] udevd[5526]: inotify_add_watch(7, /dev/loop6p7, 10) failed: No such file or directory [ 694.575258][T30918] overlayfs: missing 'lowerdir' [ 694.648427][ T4323] udevd[4323]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 694.667255][ T5526] udevd[5526]: inotify_add_watch(7, /dev/loop6p7, 10) failed: No such file or directory [ 694.681214][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 695.031671][T30953] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11715'. [ 695.061316][T30953] device ip6_vti0 entered promiscuous mode [ 695.614268][T30994] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11735'. [ 695.638891][T30994] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11735'. [ 695.647997][T30994] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11735'. [ 695.663942][T30994] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11735'. [ 695.695086][T30996] netlink: 140 bytes leftover after parsing attributes in process `syz.0.11736'. [ 695.897589][T31007] netlink: 56 bytes leftover after parsing attributes in process `syz.2.11741'. [ 696.326415][T31038] netlink: 12 bytes leftover after parsing attributes in process `syz.6.11755'. [ 696.585926][T31052] binder: Unknown parameter 'contextÌðÔð' [ 696.730215][T31058] fuse: Bad value for 'group_id' [ 697.638416][T31120] netlink: 536 bytes leftover after parsing attributes in process `syz.5.11794'. [ 697.657964][T31120] netlink: 32 bytes leftover after parsing attributes in process `syz.5.11794'. [ 698.073439][T31157] 9pnet: Insufficient options for proto=fd [ 698.549721][T31195] netlink: 44 bytes leftover after parsing attributes in process `syz.4.11830'. [ 698.566742][T31195] netlink: 32 bytes leftover after parsing attributes in process `syz.4.11830'. [ 698.665680][ T25] audit: type=1326 audit(662.029:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31202 comm="syz.0.11834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bd60749 code=0x7ffc0000 [ 698.724166][ T25] audit: type=1326 audit(662.029:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31202 comm="syz.0.11834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399bd60749 code=0x7ffc0000 [ 698.770355][ T25] audit: type=1326 audit(662.029:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31202 comm="syz.0.11834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f399bd60749 code=0x7ffc0000 [ 698.770826][T31209] xt_CT: You must specify a L4 protocol and not use inversions on it [ 698.810578][ T25] audit: type=1326 audit(662.029:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31202 comm="syz.0.11834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f399bd60749 code=0x7ffc0000 [ 699.130173][T31237] overlayfs: overlapping lowerdir path [ 699.494569][T31258] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11860'. [ 699.509582][T31262] Dead loop on virtual device ip6_vti0, fix it urgently! [ 699.926279][T31291] tipc: Failed to remove unknown binding: 66,1,1/0:3204367724/3204367726 [ 699.941536][T31291] tipc: Failed to remove unknown binding: 66,1,1/0:3204367724/3204367726 [ 700.205064][T31311] netlink: 36 bytes leftover after parsing attributes in process `syz.2.11885'. [ 700.928526][T31365] 9pnet: p9_errstr2errno: server reported unknown error [ 701.212018][T31381] netlink: 36 bytes leftover after parsing attributes in process `syz.4.11918'. [ 701.221249][T31381] netlink: 32 bytes leftover after parsing attributes in process `syz.4.11918'. [ 701.292475][T31388] netlink: 64 bytes leftover after parsing attributes in process `syz.6.11920'. [ 701.296160][T31384] APIC base relocation is unsupported by KVM [ 702.273613][T31457] fuseblk: Bad value for 'fd' [ 702.446670][T31469] tipc: Enabled bearer , priority 0 [ 702.649063][T31483] XFS (nullb0): Invalid superblock magic number [ 703.271393][T31520] overlayfs: failed to clone upperpath [ 703.382164][T31526] netlink: 'syz.4.11982': attribute type 4 has an invalid length. [ 703.598528][T31540] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11988'. [ 704.026807][T31569] netlink: 8 bytes leftover after parsing attributes in process `syz.5.12001'. [ 704.151121][T31578] loop6: detected capacity change from 0 to 8 [ 704.276384][T31578] SQUASHFS error: Unable to read inode 0x11f [ 704.467003][T31605] netlink: 8 bytes leftover after parsing attributes in process `syz.5.12015'. [ 705.074984][T31635] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12030'. [ 705.365061][T31651] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12037'. [ 705.394303][T31651] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12037'. [ 705.404103][T31653] tmpfs: Unknown parameter 'nosw' [ 705.798240][T31677] netlink: 68 bytes leftover after parsing attributes in process `syz.4.12050'. [ 706.288909][T31709] loop6: detected capacity change from 0 to 512 [ 706.365832][T31709] EXT4-fs (loop6): Ignoring removed mblk_io_submit option [ 706.402394][T31709] EXT4-fs (loop6): inline encryption not supported [ 706.435540][T31709] EXT4-fs (loop6): Test dummy encryption mode enabled [ 706.456036][T31709] EXT4-fs (loop6): Ignoring removed mblk_io_submit option [ 706.463198][T31709] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 706.581686][T31709] EXT4-fs (loop6): 1 truncate cleaned up [ 706.587452][T31709] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 706.970633][T31755] netlink: 388 bytes leftover after parsing attributes in process `syz.6.12085'. [ 706.994515][T31760] netlink: 76 bytes leftover after parsing attributes in process `syz.4.12088'. [ 707.939252][T31836] loop6: detected capacity change from 0 to 1024 [ 708.051411][T31836] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 708.077152][T31836] EXT4-fs error (device loop6): ext4_lookup:1858: inode #15: comm syz.6.12123: inode has both inline data and extents flags [ 708.478595][T31875] netlink: 388 bytes leftover after parsing attributes in process `syz.4.12140'. [ 709.283647][T31936] netlink: 'syz.6.12171': attribute type 16 has an invalid length. [ 709.294439][T31936] __nla_validate_parse: 1 callbacks suppressed [ 709.294452][T31936] netlink: 64122 bytes leftover after parsing attributes in process `syz.6.12171'. [ 709.750546][T31976] overlayfs: missing 'lowerdir' [ 710.322123][T32019] netlink: 'syz.0.12210': attribute type 13 has an invalid length. [ 710.402088][T32022] netlink: 32 bytes leftover after parsing attributes in process `syz.2.12211'. [ 711.462678][T32102] netlink: 96 bytes leftover after parsing attributes in process `syz.4.12247'. [ 711.886316][T32138] fuse: Unknown parameter 'u' [ 711.976763][ T5623] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 712.064487][T32152] Dead loop on virtual device ip6_vti0, fix it urgently! [ 712.243142][ T5623] usb 6-1: Using ep0 maxpacket: 16 [ 712.382027][ T5623] usb 6-1: config 0 has an invalid interface number: 251 but max is 0 [ 712.393884][ T5623] usb 6-1: config 0 has no interface number 0 [ 712.402086][T32180] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12284'. [ 712.412677][ T5623] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 712.428938][ T5623] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 712.628923][ T5623] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 712.644002][ T5623] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.654909][ T5623] usb 6-1: Product: syz [ 712.662905][ T5623] usb 6-1: Manufacturer: syz [ 712.674013][ T5623] usb 6-1: SerialNumber: syz [ 712.693230][ T5623] usb 6-1: config 0 descriptor?? [ 712.712243][T32119] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 712.724931][T32119] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 712.981748][T32119] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 713.018894][T32119] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 713.212239][T32229] loop2: detected capacity change from 0 to 4096 [ 713.245868][T32229] EXT4-fs (loop2): Test dummy encryption mode enabled [ 713.302328][T32229] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 713.325894][T32229] System zones: 0-5 [ 713.350319][T32244] futex_wake_op: syz.4.12315 tries to shift op by 32; fix this program [ 713.374295][T32229] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 714.358710][T32298] overlayfs: conflicting lowerdir path [ 714.443690][T32304] loop0: detected capacity change from 0 to 512 [ 714.493577][T32304] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 714.505279][T32304] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 714.516030][T32304] EXT4-fs error (device loop0): ext4_acquire_dquot:6209: comm syz.0.12343: Failed to acquire dquot type 1 [ 714.530322][T32304] EXT4-fs (loop0): 1 truncate cleaned up [ 714.536370][T32304] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,resuid=0x0000000000000000,nodelalloc,dioread_nolock,quota,,errors=continue. Quota mode: writeback. [ 714.896958][ T5623] asix 6-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 715.430206][ T5623] asix 6-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0002: -71 [ 715.585287][ T5623] asix 6-1:0.251 (unnamed net_device) (uninitialized): Could not register MDIO bus [ 715.617153][ T5623] asix: probe of 6-1:0.251 failed with error -5 [ 715.651703][ T5623] usb 6-1: USB disconnect, device number 14 [ 715.993316][T32401] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 716.150128][T32412] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 716.245165][T32412] kvm: pic: non byte read [ 716.249996][T32412] kvm: pic: non byte read [ 716.259043][T32412] kvm: pic: non byte read [ 716.278292][T32412] kvm: pic: non byte read [ 716.289587][T32412] kvm: pic: non byte read [ 716.296031][T32412] kvm: pic: non byte read [ 716.301247][T32412] kvm: pic: non byte read [ 716.310106][T32412] kvm: pic: non byte read [ 716.336337][T32412] kvm: pic: non byte read [ 716.341077][T32412] kvm: pic: non byte read [ 716.346604][T32412] kvm: pic: single mode not supported [ 716.364470][T32412] kvm: pic: level sensitive irq not supported [ 716.390539][T32412] kvm: pic: single mode not supported [ 716.856323][T32454] tipc: Enabled bearer , priority 8 [ 717.708957][T32519] netlink: 32 bytes leftover after parsing attributes in process `syz.6.12443'. [ 718.022023][T32540] netlink: 'syz.0.12452': attribute type 15 has an invalid length. [ 718.055348][T32540] netlink: 24 bytes leftover after parsing attributes in process `syz.0.12452'. [ 718.141889][T32548] netlink: 536 bytes leftover after parsing attributes in process `syz.4.12457'. [ 718.179202][T32548] netlink: 124 bytes leftover after parsing attributes in process `syz.4.12457'. [ 718.233671][T32553] overlayfs: missing 'workdir' [ 719.109040][T32624] netlink: 44 bytes leftover after parsing attributes in process `syz.0.12495'. [ 719.519650][T32652] loop0: detected capacity change from 0 to 2048 [ 719.666889][T32667] netlink: 720 bytes leftover after parsing attributes in process `syz.4.12515'. [ 719.670659][T32664] loop5: detected capacity change from 0 to 512 [ 719.692613][T32652] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 719.760001][T32667] device veth3 entered promiscuous mode [ 719.806609][T32664] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 719.860225][T32664] EXT4-fs (loop5): orphan cleanup on readonly fs [ 719.951291][T32664] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:510: comm syz.5.12514: Block bitmap for bg 0 marked uninitialized [ 719.986876][T32686] overlayfs: failed to clone upperpath [ 720.078609][T32664] EXT4-fs (loop5): Remounting filesystem read-only [ 720.108659][T32664] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 720.126012][T32664] EXT4-fs (loop5): Remounting filesystem read-only [ 720.136812][T32664] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:510: comm syz.5.12514: Block bitmap for bg 0 marked uninitialized [ 720.206313][T32664] EXT4-fs (loop5): Remounting filesystem read-only [ 720.210771][T32698] netlink: 8 bytes leftover after parsing attributes in process `syz.6.12527'. [ 720.212840][T32664] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 720.312855][T32664] EXT4-fs (loop5): Remounting filesystem read-only [ 720.319566][T32664] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:510: comm syz.5.12514: Block bitmap for bg 0 marked uninitialized [ 720.386226][T32664] EXT4-fs (loop5): Remounting filesystem read-only [ 720.406738][T32664] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 720.443396][T32664] EXT4-fs (loop5): Remounting filesystem read-only [ 720.470107][T32664] EXT4-fs (loop5): 1 orphan inode deleted [ 720.480996][T32664] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,nolazytime,. Quota mode: none. [ 722.041474][T32761] netlink: 120 bytes leftover after parsing attributes in process `syz.2.12558'. [ 722.069959][T32761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12558'. [ 722.986224][ T371] tmpfs: Unknown parameter 'noswap' [ 723.116054][ T385] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12603'. [ 723.245235][ T394] overlayfs: missing 'lowerdir' [ 723.617575][ T422] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 723.644264][ T422] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 723.674605][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 723.680932][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 723.798638][ T430] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12624'. [ 724.008034][ T25] audit: type=1326 audit(685.795:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=447 comm="syz.5.12633" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c5c361749 code=0x0 [ 724.580541][ T481] netlink: 96 bytes leftover after parsing attributes in process `syz.5.12647'. [ 724.859864][ T499] futex_wake_op: syz.5.12656 tries to shift op by 144; fix this program [ 725.202729][ T514] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12662'. [ 725.880214][ T554] netlink: 'syz.5.12682': attribute type 10 has an invalid length. [ 726.609587][ T599] netlink: 'syz.4.12703': attribute type 1 has an invalid length. [ 726.652243][ T599] netlink: 'syz.4.12703': attribute type 2 has an invalid length. [ 726.697362][ T606] fuse: Invalid rootmode [ 726.701738][ T603] netlink: 368 bytes leftover after parsing attributes in process `syz.6.12706'. [ 726.807338][ T604] loop0: detected capacity change from 0 to 4096 [ 726.824105][ T612] netlink: 'syz.6.12710': attribute type 10 has an invalid length. [ 726.855830][ T604] EXT4-fs (loop0): Test dummy encryption mode enabled [ 726.897438][ T604] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 726.936227][ T604] System zones: 0-5 [ 726.960047][ T604] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 727.404637][ T645] netlink: 37 bytes leftover after parsing attributes in process `syz.2.12724'. [ 727.601555][ T658] loop5: detected capacity change from 0 to 7 [ 727.612343][ T658] Dev loop5: unable to read RDB block 7 [ 727.634711][ T658] loop5: unable to read partition table [ 727.663473][ T658] loop5: partition table beyond EOD, truncated [ 727.681089][ T658] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 727.837720][ T664] loop6: detected capacity change from 0 to 4096 [ 727.892803][ T677] overlayfs: missing 'lowerdir' [ 727.921510][ T664] EXT4-fs (loop6): Test dummy encryption mode enabled [ 727.988770][ T664] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 728.054554][ T664] System zones: 0-5 [ 728.078639][ T664] EXT4-fs (loop6): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 728.142279][ T686] loop0: detected capacity change from 0 to 256 [ 728.283775][ T686] FAT-fs (loop0): Directory bread(block 64) failed [ 728.299382][ T686] FAT-fs (loop0): Directory bread(block 65) failed [ 728.349354][ T686] FAT-fs (loop0): Directory bread(block 66) failed [ 728.365480][ T686] FAT-fs (loop0): Directory bread(block 67) failed [ 728.384965][ T686] FAT-fs (loop0): Directory bread(block 68) failed [ 728.429101][ T686] FAT-fs (loop0): Directory bread(block 69) failed [ 728.468438][ T686] FAT-fs (loop0): Directory bread(block 70) failed [ 728.475478][ T686] FAT-fs (loop0): Directory bread(block 71) failed [ 728.499460][ T686] FAT-fs (loop0): Directory bread(block 72) failed [ 728.512529][ T686] FAT-fs (loop0): Directory bread(block 73) failed [ 728.686517][ T25] audit: type=1800 audit(690.186:1027): pid=686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.12741" name="bus" dev="loop0" ino=1048670 res=0 errno=0 [ 728.794625][ T25] audit: type=1326 audit(690.290:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=705 comm="syz.2.12753" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f324f1f1749 code=0x0 [ 728.960425][ T720] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12758'. [ 729.103689][ T25] audit: type=1326 audit(690.580:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=729 comm="syz.4.12763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 729.131681][ T25] audit: type=1326 audit(690.580:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=729 comm="syz.4.12763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 729.153787][ T25] audit: type=1326 audit(690.590:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=729 comm="syz.4.12763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 729.194149][ T25] audit: type=1326 audit(690.590:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=729 comm="syz.4.12763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 729.222518][ T25] audit: type=1326 audit(690.590:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=729 comm="syz.4.12763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 729.246133][ T25] audit: type=1326 audit(690.590:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=729 comm="syz.4.12763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 729.301040][ T25] audit: type=1326 audit(690.590:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=729 comm="syz.4.12763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 729.362422][ T25] audit: type=1326 audit(690.590:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=729 comm="syz.4.12763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 729.449687][ T751] netlink: 136 bytes leftover after parsing attributes in process `syz.4.12772'. [ 729.835613][ T776] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 729.882211][ T776] overlayfs: missing 'lowerdir' [ 730.239292][ T799] loop0: detected capacity change from 0 to 512 [ 730.301855][ T799] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 730.405991][ T799] EXT4-fs (loop0): 1 truncate cleaned up [ 730.411677][ T799] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable,max_dir_size_kb=0x00000000000001ff,bsddf,noblock_validity,,errors=continue. Quota mode: none. [ 731.354587][ T879] loop0: detected capacity change from 0 to 512 [ 731.402521][ T879] EXT4-fs (loop0): Ignoring removed bh option [ 731.497161][ T879] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback. [ 731.566683][ T898] loop6: detected capacity change from 0 to 256 [ 731.734403][ T898] FAT-fs (loop6): Directory bread(block 64) failed [ 731.747694][ T898] FAT-fs (loop6): Directory bread(block 65) failed [ 731.754301][ T898] FAT-fs (loop6): Directory bread(block 66) failed [ 731.767756][ T911] netlink: 48 bytes leftover after parsing attributes in process `syz.5.12847'. [ 731.793012][ T898] FAT-fs (loop6): Directory bread(block 67) failed [ 731.794488][ T915] overlayfs: overlapping lowerdir path [ 731.816542][ T898] FAT-fs (loop6): Directory bread(block 68) failed [ 731.822341][ T911] netlink: 48 bytes leftover after parsing attributes in process `syz.5.12847'. [ 731.878395][ T898] FAT-fs (loop6): Directory bread(block 69) failed [ 731.885021][ T898] FAT-fs (loop6): Directory bread(block 70) failed [ 731.941204][ T898] FAT-fs (loop6): Directory bread(block 71) failed [ 731.950004][ T898] FAT-fs (loop6): Directory bread(block 72) failed [ 731.956552][ T898] FAT-fs (loop6): Directory bread(block 73) failed [ 732.100409][ T25] audit: type=1800 audit(693.395:1037): pid=898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.12840" name="bus" dev="loop6" ino=1048671 res=0 errno=0 [ 732.150523][ T932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12857'. [ 732.731336][ T966] netlink: 68 bytes leftover after parsing attributes in process `syz.0.12871'. [ 732.839643][ T974] 9pnet: Could not find request transport: 0xffffffffffffffff [ 733.045061][ T996] netlink: 'syz.6.12886': attribute type 4 has an invalid length. [ 733.165020][T11750] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 733.345233][ T1022] overlayfs: failed to clone upperpath [ 733.432081][T11750] usb 1-1: Using ep0 maxpacket: 16 [ 733.445308][ T1030] overlayfs: failed to clone upperpath [ 733.559311][T11750] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 733.591215][T11750] usb 1-1: config 1 has no interface number 1 [ 733.597330][T11750] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 733.652795][T11750] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 733.683880][T11750] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 733.872531][T11750] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 733.885374][T11750] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.934542][T11750] usb 1-1: Product: syz [ 733.938763][T11750] usb 1-1: Manufacturer: syz [ 733.950244][T11750] usb 1-1: SerialNumber: syz [ 734.137160][ T25] audit: type=1326 audit(695.309:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1076 comm="syz.2.12921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x7ffc0000 [ 734.208499][ T25] audit: type=1326 audit(695.337:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1076 comm="syz.2.12921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x7ffc0000 [ 734.284254][ T25] audit: type=1326 audit(695.337:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1076 comm="syz.2.12921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x7ffc0000 [ 734.306567][T11750] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 734.358636][T11750] usb 1-1: USB disconnect, device number 11 [ 734.375410][ T25] audit: type=1326 audit(695.337:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1076 comm="syz.2.12921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f324f1f1749 code=0x7ffc0000 [ 734.466504][ T25] audit: type=1326 audit(695.337:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1076 comm="syz.2.12921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x7ffc0000 [ 734.490726][ T25] audit: type=1326 audit(695.337:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1076 comm="syz.2.12921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x7ffc0000 [ 734.555191][ T25] audit: type=1326 audit(695.337:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1076 comm="syz.2.12921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x7ffc0000 [ 734.591565][ T25] audit: type=1326 audit(695.337:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1076 comm="syz.2.12921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f324f1f1749 code=0x7ffc0000 [ 735.123666][ T1145] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12952'. [ 735.529865][ T1194] tmpfs: Unknown parameter 'nosw' [ 735.692765][ T1210] overlayfs: missing 'lowerdir' [ 735.952538][ T25] kauditd_printk_skb: 11 callbacks suppressed [ 735.952553][ T25] audit: type=1326 audit(697.008:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1232 comm="syz.4.12986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 736.038182][ T25] audit: type=1326 audit(697.045:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1232 comm="syz.4.12986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 736.138030][ T25] audit: type=1326 audit(697.045:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1232 comm="syz.4.12986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 736.245196][ T25] audit: type=1326 audit(697.045:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1232 comm="syz.4.12986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 736.330416][ T25] audit: type=1326 audit(697.045:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1232 comm="syz.4.12986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 736.413653][ T25] audit: type=1326 audit(697.045:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1232 comm="syz.4.12986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 736.518640][ T25] audit: type=1326 audit(697.045:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1232 comm="syz.4.12986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 736.600997][ T25] audit: type=1326 audit(697.045:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1232 comm="syz.4.12986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 736.703447][ T25] audit: type=1326 audit(697.045:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1232 comm="syz.4.12986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 736.751300][ T1292] netlink: 240 bytes leftover after parsing attributes in process `syz.4.13014'. [ 736.757591][ T25] audit: type=1326 audit(697.045:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1232 comm="syz.4.12986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 736.826944][ T1298] netlink: 96 bytes leftover after parsing attributes in process `syz.0.13017'. [ 737.211488][ T1333] netlink: 328 bytes leftover after parsing attributes in process `syz.2.13034'. [ 737.606971][ T1365] 9pnet: p9_fd_create_tcp (1365): problem connecting socket to 127.0.0.1 [ 738.390836][ T1430] binder: 1427:1430 ioctl 401c5820 200000000000 returned -22 [ 738.766071][ T1462] 9pnet: Could not find request transport: 0xffffffffffffffff [ 738.866922][ T1465] loop0: detected capacity change from 0 to 512 [ 740.772509][ T1532] loop0: detected capacity change from 0 to 512 [ 740.980012][ T1532] EXT4-fs error (device loop0): ext4_acquire_dquot:6209: comm syz.0.13122: Failed to acquire dquot type 1 [ 741.097294][ T1532] EXT4-fs (loop0): 1 truncate cleaned up [ 741.102965][ T1532] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,resuid=0x0000000000000000,nodelalloc,dioread_nolock,quota,,errors=continue. Quota mode: writeback. [ 743.424298][ T1640] fuse: Bad value for 'fd' [ 743.917765][ T1676] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13190'. [ 744.547651][ T5623] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 744.560485][ T1723] overlayfs: missing 'workdir' [ 744.867360][ T5623] usb 3-1: Using ep0 maxpacket: 8 [ 745.647259][ T5623] usb 3-1: unable to get BOS descriptor or descriptor too short [ 745.730921][ T5623] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 745.765700][ T5623] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 745.790584][ T5623] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 745.812397][ T5623] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 746.040175][ T5623] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 746.049241][ T5623] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 746.091450][ T5623] usb 3-1: Product: syz [ 746.114398][ T5623] usb 3-1: Manufacturer: syz [ 746.119024][ T5623] usb 3-1: SerialNumber: syz [ 746.131674][ T1794] netlink: 'syz.5.13244': attribute type 8 has an invalid length. [ 746.168529][ T1794] netlink: 48 bytes leftover after parsing attributes in process `syz.5.13244'. [ 746.540997][ T5623] usb 3-1: Audio class v2/v3 interfaces need an interface association [ 746.587048][ T5623] snd-usb-audio: probe of 3-1:1.0 failed with error -22 [ 746.627210][ T5623] usb 3-1: USB disconnect, device number 11 [ 746.679089][ T4174] udevd[4174]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 746.824463][ T1839] tmpfs: Unknown parameter 'mp' [ 747.899614][ T1904] netlink: 40 bytes leftover after parsing attributes in process `syz.6.13296'. [ 749.482027][ T1970] netlink: 268 bytes leftover after parsing attributes in process `syz.5.13326'. [ 750.254750][ T1973] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13327'. [ 750.720906][ T2001] netlink: 24 bytes leftover after parsing attributes in process `syz.6.13339'. [ 750.899032][ T2013] loop2: detected capacity change from 0 to 128 [ 750.968773][ T2013] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 752.854790][ T2109] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13390'. [ 752.880303][ T2109] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13390'. [ 752.928996][ T2109] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.938815][ T2109] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.947547][ T2109] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.956288][ T2109] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 753.037267][ T2109] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13390'. [ 753.074212][ T2109] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13390'. [ 753.902544][ T2178] loop6: detected capacity change from 0 to 512 [ 753.926669][ T2177] netlink: 28 bytes leftover after parsing attributes in process `syz.2.13423'. [ 753.976438][ T2178] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 754.056280][ T2178] EXT4-fs (loop6): 1 truncate cleaned up [ 754.072845][ T2178] EXT4-fs (loop6): mounted filesystem without journal. Opts: resuid=0x0000000000000000,max_dir_size_kb=0x00000000000001ff,stripe=0x0000000000000000,noblock_validity,,errors=continue. Quota mode: none. [ 754.590365][ T2215] cgroup: Invalid name [ 755.264539][ T2250] overlayfs: missing 'lowerdir' [ 755.478246][ T2255] loop6: detected capacity change from 0 to 4096 [ 755.534461][ T2255] EXT4-fs (loop6): Test dummy encryption mode enabled [ 755.561768][ T2255] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 755.570193][ T2255] System zones: 0-5 [ 755.585871][ T2255] EXT4-fs (loop6): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 756.218250][ T4246] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 756.516810][ T4246] usb 3-1: Using ep0 maxpacket: 8 [ 756.692614][ T4246] usb 3-1: unable to get BOS descriptor or descriptor too short [ 756.808588][ T4246] usb 3-1: config 0 has no interfaces? [ 756.925253][ T2328] overlayfs: missing 'lowerdir' [ 756.985900][ T4246] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 756.994959][ T4246] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 757.031991][ T4246] usb 3-1: Product: syz [ 757.036299][ T4246] usb 3-1: Manufacturer: syz [ 757.060350][ T4246] usb 3-1: SerialNumber: syz [ 757.072154][ T4246] usb 3-1: config 0 descriptor?? [ 757.340467][ T4246] usb 3-1: USB disconnect, device number 12 [ 757.488350][ T2369] netlink: 268 bytes leftover after parsing attributes in process `syz.5.13509'. [ 758.298737][ T4294] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 758.563184][ T4294] usb 7-1: Using ep0 maxpacket: 16 [ 758.695554][ T4294] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 758.721367][ T2442] 9pnet: Insufficient options for proto=fd [ 758.723274][ T4294] usb 7-1: config 0 interface 0 has no altsetting 0 [ 758.740352][ T4294] usb 7-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 758.770053][ T4294] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 758.805130][ T4294] usb 7-1: config 0 descriptor?? [ 759.188781][ T4294] usbhid 7-1:0.0: can't add hid device: -71 [ 759.202848][ T4294] usbhid: probe of 7-1:0.0 failed with error -71 [ 759.224491][ T4294] usb 7-1: USB disconnect, device number 8 [ 759.563418][ T2508] netlink: 'syz.4.13570': attribute type 23 has an invalid length. [ 759.578601][ T2508] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13570'. [ 759.782954][ T2533] netlink: 20 bytes leftover after parsing attributes in process `syz.6.13580'. [ 760.795514][ T2586] netlink: 28 bytes leftover after parsing attributes in process `syz.6.13601'. [ 761.366243][ T2622] netlink: 28 bytes leftover after parsing attributes in process `syz.2.13617'. [ 762.299237][ T2640] loop2: detected capacity change from 0 to 512 [ 762.408467][ T2640] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 763.642153][ T2723] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13652'. [ 763.715813][ T2721] loop6: detected capacity change from 0 to 512 [ 763.803276][ T2721] EXT4-fs (loop6): Ignoring removed mblk_io_submit option [ 763.889629][ T2721] EXT4-fs (loop6): inline encryption not supported [ 763.950496][ T2721] EXT4-fs (loop6): Test dummy encryption mode enabled [ 764.009438][ T2721] EXT4-fs (loop6): Ignoring removed mblk_io_submit option [ 764.063996][ T2721] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 764.194564][ T2721] EXT4-fs (loop6): 1 truncate cleaned up [ 764.269491][ T2721] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 764.396064][ T2778] netlink: 28 bytes leftover after parsing attributes in process `syz.2.13673'. [ 764.847077][ T2808] loop0: detected capacity change from 0 to 512 [ 764.923706][ T2808] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 764.989565][ T2818] netlink: 'syz.5.13691': attribute type 4 has an invalid length. [ 765.021186][ T2818] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.13691'. [ 765.063605][ T2824] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13689'. [ 765.928907][ T2885] loop6: detected capacity change from 0 to 256 [ 765.976914][ T2885] FAT-fs (loop6): Directory bread(block 64) failed [ 765.987964][ T2885] FAT-fs (loop6): Directory bread(block 65) failed [ 765.996326][ T2885] FAT-fs (loop6): Directory bread(block 66) failed [ 766.017833][ T2885] FAT-fs (loop6): Directory bread(block 67) failed [ 766.035006][ T2885] FAT-fs (loop6): Directory bread(block 68) failed [ 766.041682][ T2885] FAT-fs (loop6): Directory bread(block 69) failed [ 766.049098][ T2885] FAT-fs (loop6): Directory bread(block 70) failed [ 766.059799][ T2885] FAT-fs (loop6): Directory bread(block 71) failed [ 766.066682][ T2885] FAT-fs (loop6): Directory bread(block 72) failed [ 766.073392][ T2885] FAT-fs (loop6): Directory bread(block 73) failed [ 766.120583][ T25] kauditd_printk_skb: 27 callbacks suppressed [ 766.120597][ T25] audit: type=1800 audit(725.315:1092): pid=2885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.13720" name="bus" dev="loop6" ino=1048680 res=0 errno=0 [ 767.196404][ T2974] 9pnet: p9_errstr2errno: server reported unknown error 18446744073 [ 768.295848][ T3029] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13779'. [ 768.578596][ T3050] netlink: 48 bytes leftover after parsing attributes in process `syz.4.13788'. [ 768.625982][ T3050] netlink: 48 bytes leftover after parsing attributes in process `syz.4.13788'. [ 770.303753][ T3155] netlink: 388 bytes leftover after parsing attributes in process `syz.4.13840'. [ 771.544844][ T3260] loop2: detected capacity change from 0 to 1024 [ 771.582680][ T3260] EXT4-fs (loop2): Ignoring removed oldalloc option [ 771.647486][ T3260] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodelalloc,auto_da_alloc=0x00000000000000e6,oldalloc,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 771.781312][ T3272] netlink: 'syz.0.13890': attribute type 16 has an invalid length. [ 771.801367][ T3272] netlink: 64122 bytes leftover after parsing attributes in process `syz.0.13890'. [ 771.830061][ T3274] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13891'. [ 772.466235][ T25] audit: type=1326 audit(731.271:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3299 comm="syz.2.13902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f324f1f1749 code=0x7ffc0000 [ 772.643063][ T3311] netlink: 28 bytes leftover after parsing attributes in process `syz.6.13907'. [ 773.178955][ T3338] tipc: Failed to remove unknown binding: 66,1,1/4:614044778/614044780 [ 773.217354][ T3338] tipc: Failed to remove unknown binding: 66,1,1/4:614044778/614044780 [ 773.571066][ T3364] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13933'. [ 774.272420][ T3418] netlink: 68 bytes leftover after parsing attributes in process `syz.4.13961'. [ 774.509847][ T3437] loop6: detected capacity change from 0 to 512 [ 774.598511][ T3437] EXT4-fs (loop6): Test dummy encryption mode enabled [ 774.619725][ T3437] EXT4-fs (loop6): Test dummy encryption mode enabled [ 774.640886][ T3437] EXT4-fs (loop6): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable=0x0000000000000000,minixdf,jqfmt=vfsv1,prjquota,inode_readahead_blks=0x0000000000000100,barrier=0x000000000000000b,errors=remount-ro,auto_da_alloc,test_dummy_encryption,min_batch_time=0x0000. Quota mode: writeback. [ 774.734580][ T3448] trusted_key: encrypted_key: master key parameter '' is invalid [ 775.761069][ T3539] overlayfs: missing 'workdir' [ 776.588169][ T3610] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14043'. [ 776.714916][ T3616] netlink: 80 bytes leftover after parsing attributes in process `syz.5.14045'. [ 777.036355][ T25] audit: type=1326 audit(735.559:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3640 comm="syz.4.14059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 777.112999][ T25] audit: type=1326 audit(735.559:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3640 comm="syz.4.14059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 777.193098][ T25] audit: type=1326 audit(735.559:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3640 comm="syz.4.14059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 777.214780][ C0] vkms_vblank_simulate: vblank timer overrun [ 777.629168][ T3673] ptrace attach of "./syz-executor exec"[3677] was attempted by "./syz-executor exec"[3673] [ 777.698290][ T25] audit: type=1326 audit(736.178:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3640 comm="syz.4.14059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 777.752891][ T25] audit: type=1326 audit(736.178:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3640 comm="syz.4.14059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 777.852181][ T25] audit: type=1326 audit(736.225:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3640 comm="syz.4.14059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 777.965278][ T25] audit: type=1326 audit(736.225:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3640 comm="syz.4.14059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 778.014168][ T25] audit: type=1326 audit(736.225:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3640 comm="syz.4.14059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8edce86749 code=0x7ffc0000 [ 778.093519][ T3695] netlink: 28 bytes leftover after parsing attributes in process `syz.6.14082'. [ 778.745071][ T3738] syz.6.14103[3738] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 778.745160][ T3738] syz.6.14103[3738] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 778.817529][ T3742] netlink: 56 bytes leftover after parsing attributes in process `syz.2.14105'. [ 779.150317][ T3766] netlink: 8 bytes leftover after parsing attributes in process `syz.5.14115'. [ 779.567643][ T3787] netlink: 56 bytes leftover after parsing attributes in process `syz.5.14126'. [ 779.766255][ T3801] netlink: 28 bytes leftover after parsing attributes in process `syz.5.14132'. [ 779.791785][ T3800] netlink: 108 bytes leftover after parsing attributes in process `syz.4.14133'. [ 781.017055][ T3888] netlink: 188 bytes leftover after parsing attributes in process `syz.0.14171'. [ 781.510283][ T3912] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14183'. [ 781.514999][ T3914] overlayfs: failed to clone upperpath [ 781.984787][ T3937] netlink: 16 bytes leftover after parsing attributes in process `syz.4.14195'. [ 782.212684][ T3953] loop0: detected capacity change from 0 to 512 [ 782.331027][ T3953] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 782.364205][ T3953] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c118, mo2=0002] [ 782.419379][ T3953] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2229: inode #15: comm syz.0.14201: corrupted in-inode xattr [ 782.458773][ T3953] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.14201: couldn't read orphan inode 15 (err -117) [ 782.528232][ T3953] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,max_batch_time=0x0000000000000001,debug,noload,jqfmt=vfsv1,noblock_validity,init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000002,usrjquota=,,errors=continue. Quota mode: none. [ 782.967362][ T3995] netlink: 28 bytes leftover after parsing attributes in process `syz.6.14219'. [ 783.073671][ T4000] overlayfs: failed to clone upperpath [ 783.297965][ T4012] cgroup: Setting release_agent not allowed [ 784.550917][ T4098] netlink: 72 bytes leftover after parsing attributes in process `syz.0.14267'. [ 784.562485][ T4101] netlink: 40 bytes leftover after parsing attributes in process `syz.5.14270'. [ 784.704950][ T4111] loop0: detected capacity change from 0 to 256 [ 784.851843][ T4111] attempt to access beyond end of device [ 784.851843][ T4111] loop0: rw=2049, want=324, limit=256 [ 784.920379][ T4125] attempt to access beyond end of device [ 784.920379][ T4125] loop0: rw=2049, want=260, limit=256 [ 784.953191][ T4125] Buffer I/O error on dev loop0, logical block 64, lost async page write [ 786.318724][ T4232] netlink: 80 bytes leftover after parsing attributes in process `syz.6.14318'. [ 786.624496][ T4256] netlink: 'syz.5.14327': attribute type 4 has an invalid length. [ 786.911946][ T4274] netlink: 32 bytes leftover after parsing attributes in process `syz.0.14334'. [ 788.284857][ T4325] netlink: 388 bytes leftover after parsing attributes in process `syz.5.14355'. [ 788.804717][ T4363] netlink: 44 bytes leftover after parsing attributes in process `syz.6.14370'. [ 788.847967][ T4363] netlink: 12 bytes leftover after parsing attributes in process `syz.6.14370'. [ 788.879608][ T4363] netlink: 8 bytes leftover after parsing attributes in process `syz.6.14370'. [ 788.906467][ T4363] netlink: 8 bytes leftover after parsing attributes in process `syz.6.14370'. [ 789.152004][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 789.158324][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 789.627847][ T4409] netlink: 16 bytes leftover after parsing attributes in process `syz.2.14393'. [ 789.810934][ T4416] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 789.863440][ T4416] overlayfs: missing 'lowerdir' [ 790.954103][ T4477] loop6: detected capacity change from 0 to 512 [ 791.122045][ T4477] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 791.208063][ T4477] System zones: 1-12 [ 791.267711][ T4477] EXT4-fs error (device loop6): dx_probe:823: inode #2: comm syz.6.14422: Directory hole found for htree index block 0 [ 791.320312][ T4477] EXT4-fs (loop6): Remounting filesystem read-only [ 791.327678][ T4477] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -117 [ 791.335922][ T4477] EXT4-fs error (device loop6): dx_probe:823: inode #2: comm syz.6.14422: Directory hole found for htree index block 0 [ 791.384881][ T4477] EXT4-fs (loop6): Remounting filesystem read-only [ 791.395985][ T4500] netlink: 'syz.2.14433': attribute type 4 has an invalid length. [ 791.407431][ T4477] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117 [ 791.425928][ T4477] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=Jdebug,jqfmt=vfsold,noquota,bsdgroups,usrjquota="nojournal_checksum,errors=remount-ro,,. Quota mode: writeback. [ 791.476617][ T4477] EXT4-fs (loop6): re-mounted. Opts: grpjquota=Jdebug,jqfmt=vfsold,noquota,bsdgroups,usrjquota="nojournal_checksum,errors=remount-ro,,. Quota mode: none. [ 792.083612][ T4535] netlink: 'syz.5.14450': attribute type 1 has an invalid length. [ 792.262742][ T4535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 792.840346][ T4578] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14467'. [ 794.838493][ T4682] 9pnet: Insufficient options for proto=fd [ 795.238212][ T4714] netlink: 84 bytes leftover after parsing attributes in process `syz.2.14527'. [ 907.914492][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 907.921467][ C0] rcu: 1-...!: (1 GPs behind) idle=74d/1/0x4000000000000000 softirq=101546/101547 fqs=0 [ 907.933081][ C0] (detected by 0, t=10506 jiffies, g=114641, q=155) [ 907.939754][ C0] Sending NMI from CPU 0 to CPUs 1: [ 907.944955][ C1] NMI backtrace for cpu 1 [ 907.944965][ C1] CPU: 1 PID: 4764 Comm: syz.2.14550 Not tainted syzkaller #0 [ 907.944980][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 907.944999][ C1] RIP: 0010:check_preemption_disabled+0x37/0x110 [ 907.945023][ C1] Code: 04 25 28 00 00 00 48 89 44 24 08 65 8b 05 49 97 58 76 65 8b 0d b2 f1 58 76 f7 c1 ff ff ff 7f 74 1f 65 48 8b 0c 25 28 00 00 00 <48> 3b 4c 24 08 0f 85 c4 00 00 00 48 83 c4 10 5b 41 5e 41 5f 5d c3 [ 907.945034][ C1] RSP: 0018:ffffc90000dd0b08 EFLAGS: 00000006 [ 907.945047][ C1] RAX: 0000000000000001 RBX: 54b51547b38054f9 RCX: a593c304a7d15000 [ 907.945056][ C1] RDX: 0000000000000002 RSI: ffffffff8a0b2f00 RDI: ffffffff8a59e580 [ 907.945065][ C1] RBP: ffffc90000dd0c50 R08: dffffc0000000000 R09: fffffbfff1ad33a6 [ 907.945075][ C1] R10: fffffbfff1ad33a6 R11: 1ffffffff1ad33a5 R12: ffff88802b8a46c0 [ 907.945085][ C1] R13: dffffc0000000000 R14: ffff88802b8a4660 R15: 1ffff920001ba174 [ 907.945096][ C1] FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 907.945108][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 907.945117][ C1] CR2: 0000200000003c00 CR3: 000000000be8e000 CR4: 00000000003506e0 [ 907.945129][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 907.945138][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 907.945146][ C1] Call Trace: [ 907.945152][ C1] [ 907.945161][ C1] lock_release+0x540/0x870 [ 907.945179][ C1] ? debug_deactivate+0x1d/0x1c0 [ 907.945195][ C1] ? __lock_acquire+0x7c60/0x7c60 [ 907.945211][ C1] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 907.945225][ C1] ? _raw_spin_lock+0x40/0x40 [ 907.945238][ C1] _raw_spin_unlock_irqrestore+0x6d/0x100 [ 907.945251][ C1] ? _raw_spin_unlock+0x40/0x40 [ 907.945269][ C1] ? debug_object_deactivate+0x63/0x340 [ 907.945288][ C1] debug_deactivate+0x1d/0x1c0 [ 907.945303][ C1] __hrtimer_run_queues+0x2db/0xc40 [ 907.945320][ C1] ? taprio_free_sched_cb+0x190/0x190 [ 907.945339][ C1] ? hrtimer_interrupt+0x8d0/0x8d0 [ 907.945353][ C1] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 907.945369][ C1] hrtimer_interrupt+0x3bb/0x8d0 [ 907.945392][ C1] __sysvec_apic_timer_interrupt+0x137/0x4a0 [ 907.945406][ C1] sysvec_apic_timer_interrupt+0x9b/0xc0 [ 907.945421][ C1] [ 907.945425][ C1] [ 907.945429][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 907.945443][ C1] RIP: 0010:__tlb_remove_page_size+0xa/0x3f0 [ 907.945460][ C1] Code: 48 c7 c7 00 74 14 8a 48 89 de e8 41 2b f0 07 e9 ba fe ff ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 55 41 57 41 56 41 55 41 54 53 <48> 83 ec 18 48 89 74 24 08 48 89 fb 49 bf 00 00 00 00 00 fc ff df [ 907.945471][ C1] RSP: 0018:ffffc90003657528 EFLAGS: 00000293 [ 907.945482][ C1] RAX: ffffffff81abb441 RBX: ffff8880344a9f88 RCX: ffff88802b8a3b80 [ 907.945492][ C1] RDX: 0000000000001000 RSI: ffffea00019117c0 RDI: ffffc90003657820 [ 907.945501][ C1] RBP: ffffc900036576d0 R08: dffffc0000000000 R09: fffff940003222ff [ 907.945511][ C1] R10: fffff940003222ff R11: 1ffffd40003222fe R12: ffffea00019117f0 [ 907.945521][ C1] R13: ffffc90003657840 R14: 00007f324ddf2000 R15: ffffea00019117c0 [ 907.945533][ C1] ? unmap_page_range+0x10a1/0x2520 [ 907.945550][ C1] unmap_page_range+0x10b8/0x2520 [ 907.945569][ C1] ? uprobe_munmap+0x165/0x3f0 [ 907.945587][ C1] unmap_vmas+0x11b/0x230 [ 907.945598][ C1] ? uprobe_clear_state+0x4f/0x460 [ 907.945611][ C1] ? unmap_page_range+0x2520/0x2520 [ 907.945622][ C1] ? __mutex_lock_common+0x431/0x2390 [ 907.945638][ C1] ? exit_mm_release+0x16/0x30 [ 907.945651][ C1] ? memset+0x1e/0x40 [ 907.945668][ C1] exit_mmap+0x38f/0x5f0 [ 907.945682][ C1] ? vm_brk+0x20/0x20 [ 907.945700][ C1] ? uprobe_clear_state+0x2f6/0x460 [ 907.945712][ C1] ? mm_update_next_owner+0x522/0x640 [ 907.945729][ C1] __mmput+0x115/0x3b0 [ 907.945741][ C1] exit_mm+0x567/0x6c0 [ 907.945755][ C1] ? xacct_add_tsk+0x4b0/0x4b0 [ 907.945770][ C1] ? do_exit+0x20a0/0x20a0 [ 907.945785][ C1] ? taskstats_exit+0x439/0xab0 [ 907.945800][ C1] ? tty_audit_exit+0x14e/0x1f0 [ 907.945816][ C1] do_exit+0x5a1/0x20a0 [ 907.945832][ C1] ? put_task_struct+0x80/0x80 [ 907.945846][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 907.945862][ C1] ? lock_chain_count+0x20/0x20 [ 907.945876][ C1] ? _raw_spin_lock_irq+0xab/0xe0 [ 907.945889][ C1] do_group_exit+0x12e/0x300 [ 907.945904][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 907.945918][ C1] get_signal+0x6ca/0x12c0 [ 907.945938][ C1] arch_do_signal_or_restart+0xc1/0x1300 [ 907.945960][ C1] ? futex_exit_release+0x1c0/0x1c0 [ 907.945976][ C1] ? get_sigframe_size+0x10/0x10 [ 907.945997][ C1] ? exit_to_user_mode_loop+0x3b/0x130 [ 907.946014][ C1] exit_to_user_mode_loop+0x9e/0x130 [ 907.946029][ C1] exit_to_user_mode_prepare+0xee/0x180 [ 907.946044][ C1] syscall_exit_to_user_mode+0x16/0x40 [ 907.946058][ C1] do_syscall_64+0x58/0xa0 [ 907.946069][ C1] ? clear_bhb_loop+0x30/0x80 [ 907.946082][ C1] ? clear_bhb_loop+0x30/0x80 [ 907.946095][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 907.946108][ C1] RIP: 0033:0x7f324f1f1749 [ 907.946119][ C1] Code: Unable to access opcode bytes at RIP 0x7f324f1f171f. [ 907.946125][ C1] RSP: 002b:00007f324d4580e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 907.946138][ C1] RAX: fffffffffffffe00 RBX: 00007f324f447fa8 RCX: 00007f324f1f1749 [ 907.946147][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f324f447fa8 [ 907.946156][ C1] RBP: 00007f324f447fa0 R08: 0000000000000000 R09: 0000000000000000 [ 907.946164][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 907.946172][ C1] R13: 00007f324f448038 R14: 00007ffdc46009f0 R15: 00007ffdc4600ad8 [ 907.946187][ C1] [ 907.946948][ C0] rcu: rcu_preempt kthread starved for 10506 jiffies! g114641 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 908.510823][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 908.520778][ C0] rcu: RCU grace-period kthread stack dump: [ 908.526650][ C0] task:rcu_preempt state:R running task stack:27880 pid: 15 ppid: 2 flags:0x00004000 [ 908.537420][ C0] Call Trace: [ 908.540691][ C0] [ 908.543613][ C0] __schedule+0x11bb/0x4390 [ 908.548115][ C0] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 908.553483][ C0] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 908.559371][ C0] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 908.565253][ C0] ? _raw_spin_unlock+0x40/0x40 [ 908.570093][ C0] ? rcu_is_watching+0x11/0xa0 [ 908.574846][ C0] ? release_firmware_map_entry+0x190/0x190 [ 908.580755][ C0] schedule+0x11b/0x1e0 [ 908.584905][ C0] schedule_timeout+0x15c/0x280 [ 908.589745][ C0] ? console_conditional_schedule+0x40/0x40 [ 908.595629][ C0] ? update_process_times+0x200/0x200 [ 908.600996][ C0] ? prepare_to_swait_event+0x331/0x350 [ 908.606537][ C0] rcu_gp_fqs_loop+0x29e/0x11b0 [ 908.611383][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 908.616571][ C0] ? rcu_gp_init+0xd58/0x10e0 [ 908.621236][ C0] ? rcu_gp_init+0x10e0/0x10e0 [ 908.625995][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 908.631179][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 908.636368][ C0] rcu_gp_kthread+0x98/0x350 [ 908.640948][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 908.646048][ C0] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 908.651928][ C0] ? __kthread_parkme+0x157/0x1b0 [ 908.656950][ C0] kthread+0x436/0x520 [ 908.661009][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 908.666110][ C0] ? kthread_blkcg+0xd0/0xd0 [ 908.670691][ C0] ret_from_fork+0x1f/0x30 [ 908.675113][ C0] [ 908.678117][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 908.684423][ C0] NMI backtrace for cpu 0 [ 908.688736][ C0] CPU: 0 PID: 4637 Comm: kworker/u4:14 Not tainted syzkaller #0 [ 908.696356][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 908.706396][ C0] Workqueue: netns cleanup_net [ 908.711157][ C0] Call Trace: [ 908.714424][ C0] [ 908.717258][ C0] dump_stack_lvl+0x168/0x230 [ 908.721932][ C0] ? show_regs_print_info+0x20/0x20 [ 908.727118][ C0] ? load_image+0x3b0/0x3b0 [ 908.731617][ C0] ? irq_work_queue+0xbf/0x140 [ 908.736378][ C0] nmi_cpu_backtrace+0x397/0x3d0 [ 908.741310][ C0] ? nmi_trigger_cpumask_backtrace+0x280/0x280 [ 908.747451][ C0] ? _printk+0xcc/0x110 [ 908.751603][ C0] ? cpu_online+0x1d/0x30 [ 908.755919][ C0] ? load_image+0x3b0/0x3b0 [ 908.760417][ C0] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 908.766478][ C0] nmi_trigger_cpumask_backtrace+0x163/0x280 [ 908.772447][ C0] rcu_check_gp_kthread_starvation+0x1cd/0x250 [ 908.778593][ C0] print_other_cpu_stall+0x10c8/0x1220 [ 908.784046][ C0] ? print_cpu_stall+0x5f0/0x5f0 [ 908.788974][ C0] ? timekeeping_advance+0x7f6/0xac0 [ 908.794252][ C0] ? __lock_acquire+0x7c60/0x7c60 [ 908.799276][ C0] rcu_sched_clock_irq+0x831/0x1110 [ 908.804465][ C0] ? rcutree_dead_cpu+0x20/0x20 [ 908.809305][ C0] ? account_process_tick+0x227/0x3a0 [ 908.814671][ C0] update_process_times+0x193/0x200 [ 908.819860][ C0] tick_sched_timer+0x37d/0x560 [ 908.824703][ C0] __hrtimer_run_queues+0x4fe/0xc40 [ 908.829898][ C0] ? tick_setup_sched_timer+0x2c0/0x2c0 [ 908.835448][ C0] ? hrtimer_interrupt+0x8d0/0x8d0 [ 908.840547][ C0] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 908.846608][ C0] hrtimer_interrupt+0x3bb/0x8d0 [ 908.851561][ C0] __sysvec_apic_timer_interrupt+0x137/0x4a0 [ 908.857531][ C0] sysvec_apic_timer_interrupt+0x9b/0xc0 [ 908.863151][ C0] [ 908.866072][ C0] [ 908.868989][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 908.874955][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x2c/0x60 [ 908.881095][ C0] Code: 04 24 65 48 8b 0d a4 a3 8a 7e 65 8b 15 a5 a3 8a 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 34 16 00 00 00 74 2c <8b> 91 10 16 00 00 83 fa 02 75 21 48 8b 91 18 16 00 00 48 8b 32 48 [ 908.900686][ C0] RSP: 0018:ffffc90003ca7998 EFLAGS: 00000246 [ 908.906740][ C0] RAX: ffffffff816c70d5 RBX: 0000000000000000 RCX: ffff888021bebb80 [ 908.914704][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 908.922662][ C0] RBP: ffffc90003ca7a90 R08: dffffc0000000000 R09: ffffed1017227681 [ 908.930624][ C0] R10: ffffed1017227681 R11: 1ffff11017227680 R12: dffffc0000000000 [ 908.938581][ C0] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff92000794f38 [ 908.946547][ C0] ? smp_call_function_single+0x225/0x490 [ 908.952262][ C0] smp_call_function_single+0x225/0x490 [ 908.957797][ C0] ? rcu_rdp_is_offloaded+0x180/0x180 [ 908.963158][ C0] ? flush_smp_call_function_from_idle+0x230/0x230 [ 908.969656][ C0] ? rcu_rdp_is_offloaded+0x180/0x180 [ 908.975018][ C0] ? rcu_read_lock_bh_held+0xe0/0xe0 [ 908.980305][ C0] rcu_barrier+0x25d/0x4b0 [ 908.984713][ C0] ? cond_synchronize_rcu+0x20/0x20 [ 908.989900][ C0] ? ops_free_list+0x300/0x330 [ 908.994659][ C0] cleanup_net+0x813/0xb80 [ 908.999067][ C0] ? ops_free_list+0x330/0x330 [ 909.003817][ C0] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 909.009700][ C0] ? _raw_spin_unlock+0x40/0x40 [ 909.014550][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 909.019739][ C0] process_one_work+0x863/0x1000 [ 909.024681][ C0] ? worker_detach_from_pool+0x240/0x240 [ 909.030304][ C0] ? lockdep_hardirqs_off+0x70/0x100 [ 909.035583][ C0] ? _raw_spin_lock_irq+0xab/0xe0 [ 909.040592][ C0] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 909.045953][ C0] ? wq_worker_running+0x97/0x170 [ 909.050968][ C0] worker_thread+0xaa8/0x12a0 [ 909.055638][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 909.060836][ C0] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 909.066727][ C0] kthread+0x436/0x520 [ 909.070785][ C0] ? rcu_lock_release+0x20/0x20 [ 909.075622][ C0] ? kthread_blkcg+0xd0/0xd0 [ 909.080201][ C0] ret_from_fork+0x1f/0x30 [ 909.084624][ C0]