last executing test programs: 3m17.955594445s ago: executing program 0 (id=441): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x35451d7003101a08, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETGROUP(r0, 0x400454ce, 0xee01) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x103900, 0x0) setgroups(0x1, &(0x7f00000000c0)=[0xee01]) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) 3m17.609319979s ago: executing program 0 (id=445): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000008c0)='./file0\x00', 0x1008490, &(0x7f0000000000)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000000}}, {@grpquota}]}, 0x4, 0x4fb, &(0x7f0000000900)="$eJzs3c1vVF0ZAPDnTju09B3egrJQo4KIoiFMP4CG4ELYaAwhMRJXLqC2Q9N0hmk6LdLKoizdm0jiSv8Edy5MWLlw5053bnBhgko01MTFmHvn0g5thxb7MaXz+yV37j3nzsxzzkzPOXNPOz0B9KzzEbEaESci4kFEDOf5Sb7FrdaW3u/N66dTa6+fTiXRbN77R5KdT/Oi7TGpT/LnHIyIH3w34sfJ1riN5ZW5yWq1spCnRxZr8yON5ZUrs4U8Z3xibGL0xtXr4/tW13O137z6zuydH/7ut196+cfVb/40LVbpZ6eyc+31aNO315itqhej1JbXHxF39vrER0h//vPDxydtbZ+JiAtZ+x+OvuzdBACOs2ZzOJrD7WkA4LhLr/9LkRTK+VxAKQqFcrk1h3c2hgrVemPx8nB96dF0ZHNYp6NYeDhbrYzmc4Wno5ik6bHseCM9vil9NSLORMTPB05m6fJUvTrdzQ8+ANDDPtk0/v97oDX+AwDH3GC3CwAAHDrjPwD0HuM/APSeDxj/fTsQAI4J1/8A0HuM/wDQe3Yc/5/l+5MHXxYA4MB9/+7ddGuu5f//evrx8tK3So+vTFcac+Xa0lR5qr4wX56p12eqlfJUs7nT81Xr9fmxa+vJxvLK/Vp96dHi/dna5EzlfqV4wPUBAHZ25tyLPycRsXrzZLZF21oOxmo43grdLgDQNXte4Ar4aPk+D/SuXVzjmwaAY26bJXrf0fFPhJ5b/BU+Vpc+b/4fepX5f+hd/9/8/7f3vRzA4TP/D72r2Uys+Q8APcYcP7Cn3/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAjyplW1IoZ2uBr6a3hXI54lREnI5i8nC2WhmNiE8j4k8DxYE0PdbtQgMAe1T4W5Kv/3Vp+GJp89kTyX8Gsn1E/OSX937xZHJxcWEszf/nev7i8zx//EQ3KgAAtLu1Nas1Tuf7tgv5N6+fTr3dDrOIr263FhdN467lW+tMf/Rn+8EoRsTQv5I83ZJ+Xunbh/irzyLicxv1f9IWoZTNgbRWPt0cP4196gDib7z+m+MX3olfyM6l+2L2Wnx2H8oCvebF7VY/mbe9tInl7a8Q57P99u1/MOuh9u5t/7e2pf8rrPd/fVviJ1mbP7+efn9JXl37/fe2ZDaHW+eeRXyhf7v4yXr8pEP/e3GXdfzLF798odO55q8iLsX28VtqWTc7slibH2ksr1yZrU3OVGYqj8bHJ8YmRm9cvT4+ks1Rt27/sF2Mv9+8/Gmn+Gn9hzrEH9yh/l/bZf1//d8HP/rKe+J/46vbv/9n3xM/HRO/vsv4k0O3Oi7fncaf7lD/nd7/y7uM//KvK9O7vCsAcAgayytzk9VqZWGHg/Sz5k73ObSDvg9/1EBEHI3CH72DWI04AsVwcKQOut0zAQdto9F3uyQAAAAAAAAAAAAAAEAnjeWVuYE42K8TdbuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHF//CwAA//+zZ8zN") r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x8004587d, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x8000200000000000, 0x0, 0x85c, 0x5}) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x8004587d, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={[{@usrquota}, {@noblock_validity}, {@bh}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@debug}, {@inlinecrypt}]}, 0x6, 0x5fc, &(0x7f0000000c00)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=") openat(0xffffffffffffff9c, &(0x7f0000000200)='./file2\x00', 0x100, 0x52) 3m16.970803908s ago: executing program 0 (id=449): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x4, 0x2, 0x5, 0x2000000}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) write$binfmt_aout(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="03040000b500000001008aea0000feffd0ca"], 0xc8) dup3(r1, r0, 0x0) 3m16.539059418s ago: executing program 0 (id=452): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a09007, 0x0) pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0\x00') 3m16.334532915s ago: executing program 0 (id=453): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x80000) read$alg(r1, &(0x7f0000000000)=""/35, 0x23) sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[], 0x1bc}, 0x1, 0x0, 0x0, 0x8884}, 0x10) 3m15.837412324s ago: executing program 0 (id=456): r0 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, 0x0}, 0x0) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20023) r1 = socket$kcm(0x2a, 0x2, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, 0x0) sendmsg$kcm(r1, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 3m15.422678281s ago: executing program 32 (id=456): r0 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, 0x0}, 0x0) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20023) r1 = socket$kcm(0x2a, 0x2, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, 0x0) sendmsg$kcm(r1, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 2m4.618148123s ago: executing program 1 (id=1030): writev(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001c00)=@newtfilter={0x34, 0x2c, 0xf35, 0x70bd23, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0x2400}, {}, {0xa, 0x4}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x440}, 0x0) 2m4.215180032s ago: executing program 1 (id=1031): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000340)={0x5, 0x0, [{0x9a7, 0x0, 0x100}, {0xb65, 0x0, 0x2}, {0x37d, 0x0, 0x3}, {0x3f6, 0x0, 0x6}, {0x4b564d01, 0x0, 0x200}]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xf3b8, 0x0, 0x8000001000, 0x400, 0x4002004c4, 0x1000, 0x0, 0x97, 0x10, 0x0, 0x3, 0x4], 0xeeee8000, 0x140640}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m3.514591502s ago: executing program 1 (id=1033): creat(&(0x7f0000000300)='./bus\x00', 0x10) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e24, 0x0, @mcast2, 0x2}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="8252", 0x2}], 0x1}}], 0x1, 0x4400c800) sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd) 2m3.255473621s ago: executing program 1 (id=1034): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000680)='./file0\x00', 0x12148c5, &(0x7f00000002c0)={[{@utf8no}, {@fat=@time_offset={'time_offset', 0x3d, 0x30a}}, {@shortname_mixed}, {@utf8}, {@uni_xlateno}, {@fat=@check_strict}, {@fat=@quiet}, {@uni_xlate}, {@shortname_mixed}, {@fat=@errors_continue}, {@shortname_lower}, {@numtail}, {@rodir}, {@utf8}]}, 0x0, 0x2c4, &(0x7f0000000a40)="$eJzs3UFr02AYwPFn7dZ2HVt7GIKC+KAXvYStfoIiG4gFZVvFeRAyl2ppbEZTKxVxu3n1E/gBht48Kah32cWbd/Gyi+BlB7WyNLFdF7FVttTt/4ORd++bp3nT9015Etpk+8bTe5WSa5TMusRSKjGRDdkRye6WfCP+MuaVE9JtQy5MfP14enH55pV8oTC3oDqfX7qYU9WpM28ePHp+9l194vrLqddJ2cre2v6S+7R1Yuvk9o+l4NUdEVNXHKdurtiWrpbdiqF6zbZM19Jy1bVqde1qL9nO2lpTzerqZHqtZrmumtWmVqym1h2t15pq3jHLVTUMQyfTvd0/8uIDRxS/J0TyB9IZRGE8rLJWy5vx0Mbi5mF0CgAADJeo8v+7ZVfLrladPfn9/vw/JgPk/yJh+T9+q7i5sGCS/x9xu/l/2j9+9yL/BwAAAAAAAAAAAAAAAAAAAADgf7Ajkmm1WpmdVstbBn9JEUmJSPB/1P3EwQjGnfE/nhaXR8T/4V5KxH7SKDaK7WW7PV+SsthiycyYyDdvPvja5fnLhbkZ9WTlrb3ux683inFJBvGBbHj8bDteu+PXZUzS3dvPSUamw+NzIfGNYkLOn2sl/S1bYkhGPtwWR2xZ9eZ1J/7xrOqlq4We+HFvPQAAAAAAjgJDf9l3/u61GxrcNqSnvV3ZuT4gmc71gbmw6wM959ejcmo0uv0GAAAAAOA4cZsPK6ZtW7U/FVKdmvf9Rw1VIXj+wcDh8ZCm4Bsx0e1Oqt+VR0XEr3k1LGPRTyH2D29vfIBRHts/nxMisqdm+vDn/ItnAxye/RU+3+9/0kb1iQQAAADgoARJ/7F5SCYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEOo35uHBev/zb3HujYXj2YvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOHwMwAA//8VhA3+") r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333406, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005c48, 0x0) read$FUSE(r0, &(0x7f0000004c40)={0x2020}, 0x2020) 2m2.626560521s ago: executing program 1 (id=1037): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0xc, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x4, @void}, 0x10) syz_emit_ethernet(0x8a, &(0x7f0000000180)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @multicast, @val={@void, {0x8100, 0x6, 0x1, 0x4}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x2, 0x78, 0x0, 0x2, 0x0, 0x11, 0x0, @rand_addr=0x64010100, @private=0xa010102}, {0x4e20, 0xfffc, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x2, "e5400e86db87241f716be8e1fa0fe2fb143899778cc5c15c1337404bb397a8fc", "0c17d7b0eb591c2a7eb609eb8d2d9d15", {"28cbbe8b3bc8849d1e6124e7e5913283", "00802000183211817ada1e97297a54f5"}}}}}}}, 0x0) 2m0.65095708s ago: executing program 1 (id=1059): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000900)="580000001400192360834b80043f679a10ff3d420000000001000000f61bcdf1194ad353e9cc853a804824cabece4b381effffffff0057e792945f80000000050028925aaa000000c600000004002e499391db0926f27805", 0x58}], 0x1) 2m0.312673964s ago: executing program 33 (id=1059): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000900)="580000001400192360834b80043f679a10ff3d420000000001000000f61bcdf1194ad353e9cc853a804824cabece4b381effffffff0057e792945f80000000050028925aaa000000c600000004002e499391db0926f27805", 0x58}], 0x1) 1m16.644483709s ago: executing program 3 (id=1483): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x400a8, &(0x7f00000002c0)=ANY=[], 0x5, 0x0, 0x0) symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0) umount2(&(0x7f0000000180)='./file0\x00', 0x0) 1m16.32551497s ago: executing program 3 (id=1486): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8) accept4(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x80400) sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, 0x0, 0x40000) 1m13.651872922s ago: executing program 3 (id=1501): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xa, 0x2, 0x1, 0x23, 0x0, 0x1, 0x3}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000040000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r3, 0x4) 1m13.351022612s ago: executing program 3 (id=1506): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000680)='./file0\x00', 0x2148c5, &(0x7f00000002c0)={[{@utf8no}, {@fat=@umask={'umask', 0x3d, 0x8}}, {@shortname_mixed}, {@utf8}, {@uni_xlateno}, {@fat=@nfs_nostale_ro}, {@fat=@quiet}, {@uni_xlate}, {@shortname_mixed}, {@fat=@errors_continue}, {@shortname_lower}, {@shortname_lower}, {@rodir}, {@utf8}]}, 0x0, 0x2c4, &(0x7f0000000a40)="$eJzs3UFr02AYwPFn7dZ2HVt7GIKC+KAXvYStfoIiG4gFZVvFeRAyl2ppbEZTKxVxu3n1E/gBht48Kah32cWbd/Gyi+BlB7WyNLFdF7FVttTt/4ORd++bp3nT9015Etpk+8bTe5WSa5TMusRSKjGRDdkRye6WfCP+MuaVE9JtQy5MfP14enH55pV8oTC3oDqfX7qYU9WpM28ePHp+9l194vrLqddJ2cre2v6S+7R1Yuvk9o+l4NUdEVNXHKdurtiWrpbdiqF6zbZM19Jy1bVqde1qL9nO2lpTzerqZHqtZrmumtWmVqym1h2t15pq3jHLVTUMQyfTvd0/8uIDRxS/J0TyB9IZRGE8rLJWy5vx0Mbi5mF0CgAADJeo8v+7ZVfLrladPfn9/vw/JgPk/yJh+T9+q7i5sGCS/x9xu/l/2j9+9yL/BwAAAAAAAAAAAAAAAAAAAADgf7Ajkmm1WpmdVstbBn9JEUmJSPB/1P3EwQjGnfE/nhaXR8T/4V5KxH7SKDaK7WW7PV+SsthiycyYyDdvPvja5fnLhbkZ9WTlrb3ux683inFJBvGBbHj8bDteu+PXZUzS3dvPSUamw+NzIfGNYkLOn2sl/S1bYkhGPtwWR2xZ9eZ1J/7xrOqlq4We+HFvPQAAAAAAjgJDf9l3/u61GxrcNqSnvV3ZuT4gmc71gbmw6wM959ejcmo0uv0GAAAAAOA4cZsPK6ZtW7U/FVKdmvf9Rw1VIXj+wcDh8ZCm4Bsx0e1Oqt+VR0XEr3k1LGPRTyH2D29vfIBRHts/nxMisqdm+vDn/ItnAxye/RU+3+9/0kb1iQQAAADgoARJ/7F5SCYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEOo35uHBev/zb3HujYXj2YvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOHwMwAA//8VhA3+") r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333406, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005c48, 0x0) read$FUSE(r0, &(0x7f0000004c40)={0x2020}, 0x2020) 1m12.996175052s ago: executing program 3 (id=1508): r0 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) fallocate(r4, 0x1, 0x100000000, 0x1010000) 1m11.437100726s ago: executing program 3 (id=1515): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x2}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0x0, r2}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000340)={0x9000, 0x12000}) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000380)={0x9000, 0x10000}) 1m10.719218045s ago: executing program 34 (id=1515): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x2}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0x0, r2}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000340)={0x9000, 0x12000}) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000380)={0x9000, 0x10000}) 21.500401226s ago: executing program 7 (id=1975): syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000140)='./bus\x00', 0x808808, &(0x7f00000000c0)=ANY=[@ANYBLOB="636f6465706167653d757466382c66696c655f756d61736b3d30303030303030303030303030303030303030303030332c696f636861727365743d63703737352c71756965742c008f7881d185c35a6a28ef06c5b85628f12a02248de249c2a338d049166371583781680d171f47"], 0x1, 0x2f2, &(0x7f0000000400)="$eJzs3c1u00oYxvFnnKRNP9ST0/boSGdzUKESbCoKLBCbSChb9qwQ0KRSRVREWyRgQ0EsEReA2HILXAQbEDfADjZcQFcYzXicOKntJBA3/fj/pFrOeGb8DrbjeY1aC8CZdbPx9f3Vb/bHSCWVJN2QAklVqSzpH/1bfby9t7XXbjXzOiq5FvbHKGppog0z3Tob2620prada+HV7Key5pNlKEb4MwxDKXRLnFnu6k8RSNP+OnTbq0ccV1H2pf8nHcNYfR9cJXmAzYEO9EQLRYYEADj+/P0/8LeJeVdkFATSqr/tn6r7/8GkAxiva+1DRfnz+cT9383uQmOP719uUzffcymc3R7EWeIwwVT6Pk8pOrN6JphmUFbpYglmNrfKWtt4oWagl6p7iWrLbtmMTt3YgGhX4tx0ONm9VXRrNhqNm1H2i0Pa3Gq3pu1KSvxLo+3xz5mP5rO5Y2p6q2Zn/lcOjab0Lq7Tc6SCio3/cnaPc3ZRs7Xk0/56vR70VPnb7eQ/fy54A0ZZTc9Ikn3GDwj2OxHkxen2vajexwrR6NYHtFpKa1XrfMpotdzTquTPhLWNh+3cRynFiIdo3pjbZkU/9EGNxPw/sPGtKnFl5n3VG1fTnxnReKbSa3b+bfq6614u5/prTo80LnijPS17rfu6roXdp88elNrt1o5duZey8mh+x/iSyisptU7xKyXl1NF+tyS0nofhsD2HRQZ/aawd2u+PTom9fNIq26usUxIc9WHyK/E5Npm9j3MlYxSNT8o7IU/OShhKGZsK+IbCsbNr4oPuC2YmHBCOmp13mSj/czN5P6tzKZJd1HLm6QP/0yjR43ong+udCi665exIGdxcdgaX2OOVjJzR5VznL0oXEoVGuXus+ThPCdPQF93l+T8AAAAAAAAAAAAAAAAAAMBJM8ZfJ4h/k/HQpgkPEQAAAAAAAAAAAAAAAAAAAACAE++33v+b9jfi3ft/aynv/00Y3/t/898MBGAovwIAAP//n7F2ZA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) pwritev2(r0, &(0x7f0000000200)=[{&(0x7f00000001c0)="b8df", 0x2}], 0x1, 0x1800, 0x4000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183243, 0x0) r1 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) write$binfmt_register(r1, &(0x7f00000000c0)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x1000, 0x3a, '/dev/bus/usb/00#/00\\\x00', 0x3a, '/dev/bus/usb/00#/00#\x00', 0x3a, './file0'}, 0x51) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a0100001905"], 0x0) 19.724220955s ago: executing program 7 (id=1998): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000002cc0)="099ccccf84f531d9ec214606c11430c1", 0x10) sendmmsg$alg(r1, &(0x7f0000000b40)=[{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000003cc0)="5985d20392a438a118753a61ccd1d0e83101f02653a3db12a8785d9bcc59b58251f9ae571dc6a2d023b82407fbb8ae52a24b445059869df6095b826013c10bb7745d9edc0ef211452945180b52cc3986fb74d70cdc0194be37b376d2d4798d4e4463d042b1a462e80d80915fcffca56f2e0f5a6b6bff7e43eb6c80c1a8e85c077f4e980c3aa7b4b34562044059224e7280a86d55356ca279765d0943a185ac585ba7355885a40b0f4d02e5afe7b154deb20048d62307273f7069b86987af5b7fd9272d1ed5a9891e493deafa8a98f30c86803d00028221b891d3ae3437e26e9e0bbb0c152036ffebc06c5aa3fe55480e68414e7283793c5f93bf95ee471bf2b70abf696bb304bbecce852fd81439df022489675c1827a96f824378a80ce5338143bbc8fc3b1955bba34f2121cf485212c7cd8b50d81382605d28573b46b376e1092560f6d76c8ee2c4ebd9cf88665cec5acd5c2bb34ed1ce0338a7c1c8583914be1ef3a054e91f35a82147c0ef819f7971e12c18c5314df9e06bbbea133f82e638fd4646fb6a517fe75130f65392e8e1456fff3ae5cc7298b7bd6e7ea141808b4b4ec6930e7ee97e802a9a5c37c7bfaf6f8fd113b1e713e9d07cf0ddddf91965c29dbcc7a6478a071efe498458ee8428baeacd171ca321a88863d747ae8ba633f835401e66c831bec8d66ede3a6be8c9d6cd2e543df191a661d934e115c49db11cf3382aa4c378ea27b37078e4dbd52d5237873388f0b114dbcd77332e3cae456d8a96465a763709b9e33255b9648f186ae462f585dd729676a66e5dcba00b76ef82b9926d820d1f81f2ef2bdedb9727bc9b8420a16af0a3d49bfabaf53637b5712cd1efcfecefea443d99749398406a15af44464330fcc7ae05bc1319a403f17320384adf670171b10572b7a3c29224327d4da0cc98605adb69b143b75f495c3ee34b0e2df6119cdecfc9c14adac77c00225ba394a33c2031f7fd6fd5c51603133fd282b714d0206a61dcbfd9826847751c0828c7258b75739fc0f26cb4f5037652f608bfd156660b8ca43069fdfd27dc658b768b0842a71bd2191064e7c343710b26b4f94900dea847881b9269a250b165aa5b32cb02e853e01df7283f5aae557f555cdd110ffa52c5c702cb214934c5aa8a99c87b2ec9dd6717693827029ad477fa822c84c83303d04a6db313af73b83ef53d0caae2a0de16e13746d092a2e6260638245c57bf2904740ef4d4385b3fd888ea17795c712dbce6a559c71a8425deab805f99ec9f16cf268c5c6cb6cbbefe71115e62c85e9a0940b96a19a49b4a9373250c5b7a2446b4393aaa144ba32a9a0fff5cffc515d48691911a84ef869af3c3b08db4d8e44279b8ecf0753e88e5405897b4050db08c254cf0ff5b69a045bc62049218a573c6a395148454953a72768ddbd4326a0d247a0a4571ea894875a2f899f47487c3d2b62e51d8239633d3421fd79b0c32d05b99256614accf64ee6e2d51a3bdd2210d000000e6ac68159923977200feba975e290d768d7255416a06c8f161fa39f7a04c4651d420f1d96703cb3773bd2a2a0c37b1603151c4cc47f0699900849509534f8ec5131cfee5d96d598e28d571328ca037a34ba31aa5e6d51fe2604f8316545f129f0ae8e0856888d3315ed22f6246852df12d67e3a64e7891df946b81495189341e9401406037cfb31490fcff4fc0406f2f70e2cabcd0fb8adeec4be909526dfa252a5aee0435df3a07e0897b86eaff8dd190f466b2a81e8a37ffb577bfb5feddefb292809c1d925c2f9cf27380dc78e74d74ceb1d31ebe84bbd2e6ce48dded3c55203966896ad1458d3d3095b9bacf250416ee27aa73a5c5d6ec6b2c9c323759ffe97df44481f796f4762e3245c0a88fd129dbafde688f2c57445665c623025a76748a9931a7f67c53faa4a155c9ba5caa38986462e48db7c580749bd372955244c9d4a17631f24b9b64036de9e97147b7056dcb54652fca36a037d0c3f754a303c594d8e04f706fe75e8f19607e6cc94ac60d83b4fc620a00b52605323391f3e005dcdb9be443b59d89760b605f32c07bef27a326863e07d770e7bb2853354f6404a83d099559e5a25849bd16c6381354ec45df14e3e16099a0cc299256118be93e47c025b01a2fe899c81411c8f6b74808562ecb2f91b8688b1617b93516b29162bf71db6e2dbee1ba98fba3cf6e7f56d90fbf017d2d81d2411515d73272bc167a55770deacb3d79dcfa1cb9c27e27585b521d3900e4fb280c1ba1f9e956bd1326bf162255f66b0189ae648a402e48cc61fdd20fd3a09070c88167730bf80b34cecfcb37a4046552d1b345f66c97fb67f1993990e55e43ee58372455864de62d636d836477fca1ca355bce2eed04ca30751ad642e61862d1e29886b9acc5be9d6ab7e6eab7c89a7ebde051116ae5f12432caa8228c4dddb5221f7f5fafeef8d397ee0c7d94dfcd2fade21947c98bd89b071f4e24dfb43b46f1db5f1276d8d71e3cccca479cb612be6bd02e6f188403b85022ed0e9d42f9c4531a11659bfd144b4a49b6659be2a548658a66d7faa44622742d7c42d7f90caa2ca3a24d10c993a9b1c814f4e0b735615cbd9c00d6bf444d0ae1071f2b74023d2e53b9d2b79f6ddaeadcef3bcc5d13971b7f9c7e72d1a431e1d79234e1dab13ee758f741777d836905c7873de0192ecda15d3a224331fc2222f6793edd69da51befe4f772ec696e4e4e5deba877b52b91d8b7de4fd151e1009134cebf4a353e6219b21f131487b3fba0f4b7e39626c5c7583ed5073086ff735ce19cb786e8d1bf359b4c3a7bc29bbf9d441d914d7e842b88f0868d0f6a6fd41624271ad5e166d677ea5109b6c8e9d2fdfff9e944e9c9ad50b3cde7e3f229e2bbf81c6aaa7b7c8e5700362000b6509942bbed25253e0833a5f7a71975b780472ed6f3da3a2ba162f20b3b90d4a084acbb137129bbd9b65f3e9ba6886241d80ee90dcf7d64050d52e8550f21262a88395ca06b83a5b5d9c05426582c86fe7753019a71ecc84c59fae3239d195246306f153b301629fbc6bd6e3fbc6aff7d35d79c5c8046b61ec70e2b7356c9400477778990364091be2b74bdab711f5561ff137021fdf9e82a35fd5bf85673bbb2944cf1f36a2e25fa4dd948525621f7a14dc3c8d1e1f1ec9d334dddcf7f9487f3d3ec60106becfddc15ece3850215aa3231a543264263757c6417adde58eb6b624096a9759c8f7a1c9add4d374a4301a86fcc5c7b96e4e294cc935ad9315669d03b80522e5b7f6207e325cc5e9a33cdd8d5512aa388e452674a936826d47f23097d33c4e4a1f2f0802a2b9be2a608f2f0ff27f6b041d70d268f848687d45e6e510691ad516c7d7038d4153fb30415e425a4cb9d879aee8ffbca65df46876151af9a583d9a3fb331fb1b616a8007fddba31bee77e420172cd2a2a140a3376db47d7336d958bfa6f4ae80f78310c9043a184258dbaa9bba0c2482d7eb70c2bd94d52587fb92fd80c58110b05ad6eb1623009cd263deb3cb219bfde713ef738dfed0b1c6254177d939e8c358cc69ddfa3e31aa4c3cbfe384d96749217ff3b2b45a15f34403fe327aa2f805d1eaf7ee7f187070032eceba18a11e4ccf7c2e3a4d5c72d1db7b0bb5dc2354ae7eb27dedb91a5571203835b482353950220ad39f21334135c6fdd22a71c6119ce5dfa292a71ad296b141663210872c192aa228e21068d717235f1186234de39e69e5904ead38314ef69b86a656371d9987d327a7064fc6e1acd7f822165b1e42da9bff573db1eaf2563552bf6dbb6591031883f5cf7e22d1f2e2522e5bb88fc4bdece187d7f2612886a7f314895d43dd2c9e1b731aec39014028590ea0c76f1cd7d71c96ed45ce31d5e38f38a36a95d54708875dd99d8612275450a700251c7f21742d31b9be6de5fcf63b7b639ff746f31537694b3005ddf6cc8375f25bd782bc784943b72bd19f938a449fe0a617b5b1430a4d506e3bf0a1f118b6e45e9e6a3515efd9ecd1a964c5459921b01a0cacf0d4e4659f06ee2e53123a2241b583072f91af6b82f51fa14622ead00697b2f511e7f54cc4e8b015bd03b4ebae849ec9f7738d945450ff8363aee60678b80a86e93326f6a87d73b1a114f6f6186e2a4365d66d5b74df15280c4060ec847da5a1baf1706e7a373f2ec73ad755bffdd5813cf5ce8cf8b07d4ac8b324293b7248145b35b13fe638f902c5e8147084c221591cefa221573080f49ed7b3479e9c81c4ec2e5e8df89ce0266f6023327aae85f74fc70085398ca9749a1b8467d3d2d7bdcfc4bb9af62721a4cf55a5d2600210eeda03de3b9353725eb991583d7226debf7e3d4b06d89c41599b3687d56571c6c810882e1060510b0e6480b4e3d8705c858e24897dd8bd936f9a16bd626b98dd55696aa2dea3c0a12a6b12f5befba90ea487134453b5a8e863b5446565730e9d84e019d664654568c3448bbddd8cccc15e4615addae0d732dafe6f54b229cd5689396720d0010dfea3f9e6d9793b51be5c4e39659e8eb604ec15ee7ae2a2961a8b815d9417795cdde0702d6cf7dcdc16f02365d7eee5dfc7a0a9ea3957672f00a209fb845e782777ef9e5c9e7aa7926bb93c3486a8612e222ddc9709d9a2acef6c60db859c4fd39f365bb22f90edd04f891fd3ccdff35c5eac56ec49d02063a7859aa14c938d575fb85cc26a3f3fb3ef4d8ce576e927dc54c27702aff904e133a6869ac4384ca6ce273d1a7f3b4ffb570dd097e607ade8eb8ca1d436733262b527c508e4ff7e09bb56432c36a38065c582210252efc06aa0d3fe0ea99e97e6ee88f80ad33bcb2cd0570b8f97488bfe09d4560b9ab44ec7ea5726d291460ab46d32922c1b37067425ff9abc8a4bf810879114dc266a575e1ddcbfd6ef2c51b624091b3ebe68ededfd94f883ae674b1f00be817a559b3c6376aa68f039628ae425191b7c7ba60e73b0fa3c4fe5533b4f8fe0b21f61a5f9e520e22cdbebd929048552b6d8d1d5c18fa9900b7786462e7e4d738e57485e9a6dd14a0fd37f0256613317df8ec3518c7eee50c59070a7276f8b0575426887f2cb5be122cc766a25a07132ef01611d0c2d3f16de29a8c0f39a3a5a3e9596b61fdd3dff97b95ff67b4798ddbc4b14e518bcc52cdd2d87605ce9d9c5f2a6d4e11d2f94575b0d5de72d0b97d0a2cf32b5465c6a4ddb62d61b97f2331341c9d448ec765180f858394f2c0b2ee982b9f867d73f97d0e0e3b275ef49c7c262c4d6f5fac787edafaa8b79410b1288a0b52afd93c8584ff9d61eddfa0cada98bd3c200fc708078098764bbe304c44d62eff132415a917c022c9f7466318017da7b4649eb0fae58fcb716a1f295d84dd9ec14218beb0372c041aaa4421a8f75eaef5115f0f32aca8fd30fde0e9e08972e23faf5381eb18c626c0ce920261461c3dfe7f1e8b35ca16f7283de3af4bba5c384e256cd369568214101a8e27c94531a81fe4fba595a4455f8724eebea716d1a4940b3d787fc4bd6ad8aa403fceb74f316fb5a816890646338efb6f13aba195f127aa1b1107bf303b1f997c74d6f4f664d708f58c3b3ca063825405ad7a61260debf4b220443b6537f5ae94820ec62901944cc9023e655f82e0e31a13f351ed0336cbcfda8ae0b20025fb33e49f011f6aa708140cffefbd06f9b90fefc6f9d79f67495ff0b1a2f1ff075eda3fdd800088fc0583dc0e1e9f7f02673da61cc4466a2559d70cd90e453b11449442eb11f444e1203bc38754f7ad0d93bb91e40f9cd490d2dd5d7e2571c460718f636038636cac3b4aa11411cd06e6ed73", 0x1010}], 0x1, 0x0, 0x0, 0x20000010}], 0x1, 0x20049001) recvmsg(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000b80)=""/4095, 0xfff}, {&(0x7f00000002c0)=""/39, 0x27}], 0x2}, 0x2) 19.481720389s ago: executing program 7 (id=1999): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000740)={0x30, 0x5, 0x0, {0x0, 0x2}}, 0x30) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd\x00') fchdir(r1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42) rmdir(0x0) 19.422953686s ago: executing program 7 (id=2001): syz_mount_image$fuse(0x0, &(0x7f0000000240)='./file0\x00', 0x130800b, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0) open_tree(r0, &(0x7f0000000640)='\x00', 0x89901) 19.326890098s ago: executing program 7 (id=2003): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x6) fchdir(r1) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x165840, 0x2) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) 19.070973463s ago: executing program 7 (id=2008): r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000280)='./bus\x00', 0x1200840, &(0x7f0000000100)=ANY=[@ANYBLOB="757466383d312c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c696f636861727365743d73703836322c696f636861727365743d63703433372c73686f72746e616d653d77696e39352c756e695f786c6174653d312c756e695f786c6174653d302c757466383d302c756e695f786c6174653d302c003c24d06816418f4be78ed4fbfe47efc82f966a602a8db43ad053c978bbd3501706515140ef63c2a58653ced497550b22917b09702604bc162c57e05beec5bb0c11fc2f9238b25e4527e24bab534e9ba458d92a597c3fee89f57053a4a1535771c9877b3ab101fb26937779cff75a95a296fafddf11280fafeb9bd5f2da4a88b43f3e4d5b1a9aed1f659d88f914548fba990603b0d4f14adda86d459c62701d3d6f007c7e50da9608a03eff5843f6739a8ec5ff33791394a5c075018b5d92bbd7d9874589f3561fbdfc44653bb6c56b522a3413"], 0x3, 0x39a, &(0x7f00000002c0)="$eJzs3UFoW2UcAPB/+pKm1c32IIiC8PQm6NimIHqxZXQwzGVKmHoQg9t0NFVYMbgdltWLeBR21JM3D3rwsJsXUZHdPHh1gkzFg+42cOzJy3tpXprWDUc6h7/fIfz7ff//976XfG1e0+Tra0uxerwRJ69evRJzc7WoLx1aimu1WIwkhs7HpNlt2gCAu8O1LIs/s0LEl7dSUpv+rACAaRo8/7+xt9Ly3jej+OuJ/Kx49m/sxtwAgOkof/+fr7YlW3LmJqrmpz0tAGCK8uf/qFcaHp1Iqfypvz5xbQAA3H1efPmV55dbES+k6VzE2vu9dq8dz476l0/GqejGidgfC3E9onijQH5TG9wePtJa2Z+maT9+WYx2XtFrR6z1e+3iSmE5GdQ340AsxGJZX77bIMuy5PAXrZUD6UBEnO/3Gvkoa7VeuzF4lWF5Pk79eE+ciIORxv0T9RFHWiub1yTt/LiD4zciNkavW+Tz3xcL8f3r8XZ043jktcPLmtbKuQNpeihr7amN6vu9dnOQV5h8BQQAAAAAAAAAAAAAAAAAAAAAAG7HvmLvnb1pmi5u7p+Tjfbv2VcmlP33RkR7sF9gu6gv9wfaKPYHyppZZNkf7z7R/iCJsf2BBhv8jO2vU4+ZO3vqAAAAAAAAAAAAAAAAAAAA8J+xfmY2Ot3uidPrZ86uVoP+6fUzMxGRt7z13Wdfzcd4znw5wHjVWFAvUypd6agqS4bJWTKWUwZJfvBavWj59OLmjCs5lbMYlc+McppbusaCvY/8/NHZ1eEIDyfDqhujnCS2Pa+zyfg0xoK1+4oBhy0Xdr5/JoODN8m5nGXZTuXnXp2silpEfcep/ssgy4Nvr7z54JPrw0WQFR57fOHY5Quf/Lba6eZHznW7s6fXr2ernfLr7RfbRNAcLpuksn5q5WKrVVdCvfPUjaN7dhh5Y7ylk/zw+0sPfXipbJmpPEzbTCM7dmnU8s42OUlx0M+3ds0WQT7Nza7n8iC/jybGGX6X3PRueTpu64F74OOlzsVzP/16q1WVHxI26gAAAAAAAAAAAAAAAAAAgF1R+ax4qfywb+Ofqp45Ov2ZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDuGf3//80gZja2tNxa8Fc/hi3HYtjVzAeM2coRF+/g2QIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8H/1dwAAAP//kp5N2g==") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 18.737474986s ago: executing program 35 (id=2008): r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000280)='./bus\x00', 0x1200840, &(0x7f0000000100)=ANY=[@ANYBLOB="757466383d312c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c696f636861727365743d73703836322c696f636861727365743d63703433372c73686f72746e616d653d77696e39352c756e695f786c6174653d312c756e695f786c6174653d302c757466383d302c756e695f786c6174653d302c003c24d06816418f4be78ed4fbfe47efc82f966a602a8db43ad053c978bbd3501706515140ef63c2a58653ced497550b22917b09702604bc162c57e05beec5bb0c11fc2f9238b25e4527e24bab534e9ba458d92a597c3fee89f57053a4a1535771c9877b3ab101fb26937779cff75a95a296fafddf11280fafeb9bd5f2da4a88b43f3e4d5b1a9aed1f659d88f914548fba990603b0d4f14adda86d459c62701d3d6f007c7e50da9608a03eff5843f6739a8ec5ff33791394a5c075018b5d92bbd7d9874589f3561fbdfc44653bb6c56b522a3413"], 0x3, 0x39a, &(0x7f00000002c0)="$eJzs3UFoW2UcAPB/+pKm1c32IIiC8PQm6NimIHqxZXQwzGVKmHoQg9t0NFVYMbgdltWLeBR21JM3D3rwsJsXUZHdPHh1gkzFg+42cOzJy3tpXprWDUc6h7/fIfz7ff//976XfG1e0+Tra0uxerwRJ69evRJzc7WoLx1aimu1WIwkhs7HpNlt2gCAu8O1LIs/s0LEl7dSUpv+rACAaRo8/7+xt9Ly3jej+OuJ/Kx49m/sxtwAgOkof/+fr7YlW3LmJqrmpz0tAGCK8uf/qFcaHp1Iqfypvz5xbQAA3H1efPmV55dbES+k6VzE2vu9dq8dz476l0/GqejGidgfC3E9onijQH5TG9wePtJa2Z+maT9+WYx2XtFrR6z1e+3iSmE5GdQ340AsxGJZX77bIMuy5PAXrZUD6UBEnO/3Gvkoa7VeuzF4lWF5Pk79eE+ciIORxv0T9RFHWiub1yTt/LiD4zciNkavW+Tz3xcL8f3r8XZ043jktcPLmtbKuQNpeihr7amN6vu9dnOQV5h8BQQAAAAAAAAAAAAAAAAAAAAAAG7HvmLvnb1pmi5u7p+Tjfbv2VcmlP33RkR7sF9gu6gv9wfaKPYHyppZZNkf7z7R/iCJsf2BBhv8jO2vU4+ZO3vqAAAAAAAAAAAAAAAAAAAA8J+xfmY2Ot3uidPrZ86uVoP+6fUzMxGRt7z13Wdfzcd4znw5wHjVWFAvUypd6agqS4bJWTKWUwZJfvBavWj59OLmjCs5lbMYlc+McppbusaCvY/8/NHZ1eEIDyfDqhujnCS2Pa+zyfg0xoK1+4oBhy0Xdr5/JoODN8m5nGXZTuXnXp2silpEfcep/ssgy4Nvr7z54JPrw0WQFR57fOHY5Quf/Lba6eZHznW7s6fXr2ernfLr7RfbRNAcLpuksn5q5WKrVVdCvfPUjaN7dhh5Y7ylk/zw+0sPfXipbJmpPEzbTCM7dmnU8s42OUlx0M+3ds0WQT7Nza7n8iC/jybGGX6X3PRueTpu64F74OOlzsVzP/16q1WVHxI26gAAAAAAAAAAAAAAAAAAgF1R+ax4qfywb+Ofqp45Ov2ZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDuGf3//80gZja2tNxa8Fc/hi3HYtjVzAeM2coRF+/g2QIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8H/1dwAAAP//kp5N2g==") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 11.166050118s ago: executing program 5 (id=2082): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1, 0xfffffffe}, 0xc) r1 = socket$qrtr(0x2a, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000ac0), 0x40001de, 0x10002, 0x0) ioctl$sock_qrtr_TIOCOUTQ(r0, 0x5411, &(0x7f0000000180)) connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)="fb", 0x1}], 0x1) 7.251337581s ago: executing program 4 (id=2121): r0 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x800) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r4, 0xffffffffffffffff, 0x0, 0x0, 0x11, 0x1}) io_uring_enter(r0, 0x627, 0x4c1, 0xb, 0x0, 0x0) 6.909650332s ago: executing program 4 (id=2124): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x28c81, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 5.831090395s ago: executing program 5 (id=2129): sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000280)={0x28, 0x0, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x40000) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a00000208000c4004"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a3100000000140003800800014000000000"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 5.623606423s ago: executing program 5 (id=2131): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000100)={[{@grpid}, {@auto_da_alloc}, {@lazytime}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x7, 0x4d4, &(0x7f0000000180)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpiuJN4NDEejTdNvOrRePIPwIMHE0NCDBfA05jZnWm3291ttz8p+/kk232e2WfmeZ6ZeWaffZ7OBNCzhrI/ScT/IuJORDxVjy5MMFR/e3j/+sSj+9cnYjZNz/yT1NI9yOK5Yr2deWS4FFH6MmnaYN301WsXxqvVqSt5fHTm4mej01evvX7+4vi5qXNTl8ZOnTpx/NjJN8fe6L5SLfLL6vVg/xeXD+x79+zt9yfKxfKB/L2xHm2VuyvGUIfPXuluU4+9XQ3hZPF+urGhhWHZBvLTupK1/+vVw2c3u0DAhknTNO1v//Fs2uzmoiXAlpXEZpcA2BzFF332+7d4bVDX47Fw73T9B1BW74f5q/5JOUp5mkrT79u1NBQRH8/++032ik7jEH+uUwEAgJ7zy+miJ9jc/yvF3oZ0/8/nUAYj4umI2B0Rz0TEnoh4NqKW9rmIeL45gyQi7ZD/nqb4fP4/5rMIpburrmQHWf/vrXxua2H/r+j9xWBfHtsVUXSYp47m+2Q4Kv2fnK9OHWuz/W1L5N/Y/8teWf5FXzAvx91y0wDd5PjM+Mpqu9i9mxH7y831T8rZgSumcZKI2BcR+7vY7mBD+Pxr3x2Yi1Ty96/rb0vXvyZtMaXX9XxcK+m3Ea/Wj/9sNB7/ZD7HpPP85OhAVKeOjmZnwdGWefz2+60P2uW/ZP1/+qt5lXdO/nxm1fUuZMd/R8P5H8X87fwk6mASkczN105HpH3d5XHrj/YrrPT835Z8VAsX7evz8ZmZK8citiXvLV4+Nr9uES/SZ/UfPtK6/e/O18n2xAsRkZ3EL0bESxFxMC/7oYg4HBFHOtT/17df/nTl9V9fWf0nW17/Fhz/+fn6ZQaKlbMlfRcO3XnU5uKxvON/ohYazpe0vv4lCy4Ryy3p6vYeAAAAbA2lqP3vf2lkLlwqjYzUx4D2xI5S9fL0zMGIuDRZv0dgMCqlYqSrPh5cSYrxz8GG+FhT/Hg+bvxV3/ZafGTicnVysysPPW5nrc0ni9p/5u8ux3mBLWgN5tGALWqp9r/39gYVBNhwvv+hdzW0/9k2SWb9pww8mXz/Q+9q1f5vxPcd711wzYCtL9WWoadp/9C7yvHhXLh223PLu22BJ5Hvf+hJ3d7Xv5xA8biGaxfS/tZpBqLFEwMG1rgYeWB7i7w2JZD1rNZwg5WIWF7i7SvJougCtn/CQ6m7DfbH4o/6otNaSRfPcSgC2V5ZMvG5vWt+8hfPRFnr0+aH+XZaaTgW5aWOzuoDG3oZAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWDf/BQAA//8mic8a") prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) r0 = open(&(0x7f0000000240)='./file1\x00', 0x105342, 0x20) ioprio_set$pid(0x2, 0x0, 0x0) ftruncate(r0, 0x2007ffc) sendfile(r0, r0, 0x0, 0x800000009) 4.871649712s ago: executing program 5 (id=2134): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x4001, &(0x7f00000000c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_INVAL_INODE(r2, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x1, 0xfffffffffffffffd, 0xb4a}}, 0x28) 4.378288795s ago: executing program 5 (id=2136): r0 = syz_io_uring_setup(0xe4, &(0x7f0000000340)={0x0, 0x44c5, 0x800, 0x1, 0x353}, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x12, 0x4000, @fd_index=0x1, 0x9, 0x0, 0x0, 0x8, 0x0, {0x1}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0x48, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MSG_RING={0x28, 0x2, 0x0, r0, 0x0, 0x0, 0x48, 0x3}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 4.336553058s ago: executing program 4 (id=2137): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = semget$private(0x0, 0x4000000009, 0x0) semop(r1, &(0x7f0000000100)=[{0x0, 0xec7b, 0x1000}], 0x1) semop(r1, &(0x7f0000000000)=[{0x0, 0xffff}], 0x1) semop(r1, &(0x7f0000000080)=[{0x0, 0x4}], 0x1) 4.322435338s ago: executing program 5 (id=2138): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073717a30000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) syz_genetlink_get_family_id$netlbl_unlabel(0x0, r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x81) r2 = socket(0x10, 0x2, 0x0) write(r2, &(0x7f00000000c0)="1c0000001d005f0214fffffffffffff8070000001d00000000000000", 0x1c) 3.311075667s ago: executing program 4 (id=2143): syz_mount_image$exfat(&(0x7f00000002c0), &(0x7f0000001900)='./file1\x00', 0x14090, &(0x7f0000001800)=ANY=[@ANYRES32=0x0, @ANYRESHEX=0x0, @ANYRESOCT=0x0, @ANYRES64, @ANYRES32], 0xfd, 0x1508, &(0x7f0000001b00)="$eJzs3AuYjtX6MPB1r7UexjR4m+S87nU/vGmwTJKEkuSQJElIzglJkyRJEkNOSUhCjpPkMCbknCaN8/mQc9JkS5IkJCSs75rSZ7d3+7P3/vf/7P9/7t91Pdes+32eez33M/f1zvus57rm/bbb8JpNalVrSETi36F+G8CvP5KFEDFCiEFCiLxCiEAIUT6+fHzW/lwKkv+tk7D/Jo1Sr3YF7Gri/mdv3P/sjfufvXH/szfuf/bG/c/euP/ZG/efsWwtrdC1vGXfjZ///w8n/yvJ/PmfLcA/2sH9/99G/UtHc/+zN+5/9sb9z964/9lZcLULYFcZv/+zN+4/Y9nan/5Mef3Zq/1Mm7d/YWOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxv4/OOsv00KI38ZXuy7GGGOMMcYYY4z9efz7V7sCxhhjjDHGGGOM/fcDIYUSWgQih8gpYkQuESuuEXEit8gj8oqIuFbEi+tEPnG9yC8KiIKikCgsioiiwggUVpAIRTFRXETFDaKEuFEkiJKilCgtnCgjEsVNoqy4WZQTt4jy4lZRQdwmKopKv5wzy52iqrhLVBN3i+qihqgpaol7RG1xr6gj7hN1xf2innhA1BcPigbiIdFQNBKNxcOiiXhENBXNRHPRQrQUrUTrK+Sn5P2j/BdFT/GS6CV6i2TRR/QVL4t+or8YIAaKQeIVMVi8KoaI18RQMUwMF6+LEeINMVK8KUaJ0WKMeEuMFePEeDFBTBSTRIp4W0wW74gp4t1HcotpYrqYIVLFTJEm3hOzxGwxR7wv5op5Yr5IybVQLBKLxQdiifhQpIuPxFLxscgQy8RysUKsFKvEarFGrBXrxHqxQWwUm8RmsUVsFZ+IbWK72CF2il1it9gjPhV7xWdin/hcZMIX/2L+md/ni+4gQIAECRo05IAcEAMxEAuxEAdxkAfyQAQiEA/xkA/yQX7IDwWhICRDYSgKRQEBgYCgGBSDKEShBJSABEiAUlAKHDhIhEQoCzdDOSgH5aE8VIAKUBEqQSW4HW6HKlAFqkJVqAbVoDpUh5pQE+6Be+BeqAN1oC7UhXpQD+pDfWgADaAhNITG0BiaQBNoCk2hOTSHltASWkNraANtoC20hfbQHjpAB+gIHSEJkqATdILO0Bm6QBfoCl2hG3SD7vACvAAvwovwErwEvaG67AN9oS/0g34wAAbCQHgFBsOr8Cq8BkNhGAyH1+F1eANGwmkYBaNhDIyBKnIcjIcJQHISpEAK5BSTYQpMgakwDabBDEiFmZAGaTALZsNseB/mwjyYBwtgASyCxbAYlsCHkA7psBTOQAYsg+WwAlbCKlgJa2AtrIH1sAHWwybYBFtgC3wCn8B22A47YSfsht3wKXwKn8FnMBQyIRP2w344AAfgIByEQ3AIDsNhOAJH4CgchWNwDI7DCTgJJ+AUnILTcAbOCiHOwTk4D+fhIlzMevPLLFpqmUPmkDEyRsbKWBkn42QemUdGZETGy3iZT+aT+WV+WVAWlIVlYVlUFpUoUZIMZTFZTEZlVJaQJWSCTJClZCnppJOJMlGWlWVlOVlOlpe3ygryNllRVpLt3O3ydllFtndV5V2ymqwmq8sasqasJWvJ2rK2rCPryLqyrqwn68n68kHZQPaBAdBIZnWmiRwGTeVwaC5byJaylXwDHpVt5EhoK9vJ9vJxORpGQUfZxiXJp2QnOR46y2fkBHhWdpWToJt8XnaXL8ge8kXZU7Z1vWRvORX6yL5yBvST/eUAOVDOghoyq2M15WvyxZzD5HD5ulwEb8iR8k05So6WY+RbcqwcJ8fLCXKinCRT5NtysnxHTpHvyqlympwuZ8hUOVOmyffkLDlbzpHvy7lynpwvF8iFcpFcLD+QS+SHMl1+JJfKj2WGXCaXyxVypVwlV8s1cq1cJ9fLDXKj3CQ3yy1yq/xEbpPb5Q65U+6Su+Ue+ancKz+T++TnMlN+IffLv8gD8kt5UH4lD8mv5WH5jTwiv5VH5XfymPxeHpcn5En5gzwlf5Sn5Rl5Vv4kz8mf5Xl5QV6UXgoFSiqltApUDpVTxahcKlZdo+JUbpVH5VURda2KV9epfOp6lV8VUAV1IVVYFVFFlVGorCIVqmKquIqqG1QJdaNKUCVVKVVaOVVGJaqbVFl1syqnblHl1a2qgrpNVVSVVGUv1B2qirpTVVV3qWrqblVd1VA1VS11j6qt7lV11H2qrrpf1VMPqPrqQdVAPaQaqkaqsXpYNVGPqKaqmWquWqiWqpVqrR5VbdRjqq1qp9qrx1UH9YTqqJ5USeop1Uk9rTqrZ1QX9azqqp5T3dTzqrt6QfVQF9RF5VUv1Vslqz6qr3pZ9VP91QA1UA1Sr6jB6lU1RL2mhqpharh6XY1Qb6iR6k01So1WY9Rbaqwap8arCWqimqRS1NtqsnpHTVHvqqlqmpquZqhUNVMNuDTTnH8i/50/yB/yy9m3qK3qE7VNbVc71E61S+1We9QetVftVfvUPpWpMtV+tV8dUAfUQXVQHVKH1GF1WB1RR9RRdVQdU8fUcXVC/aR+UKfUj+q0OqPOqJ/UOXVOnb/0OxAatNRKax3oHDqnjtG5dKy+Rsfp3DqPzqsj+lodr6/T+fT1Or8uoAvqQrqwLqKLaqNRW0061MV0cR3VN+gS+kadoEvqUrq0drqMTtQ3/Zfzr1Rfa91at9FtdFvdVrfX7XUH3UF31B11kk7SnXQn3Vl31l10F91Vd9XddDfdXXfXPXQP3VP31L10L52sk3Vf/bLup/vrAXqgHqRf0YP1YD1ED9FD9VA9XA/XI/QIPVKP1KP0KD1Gj9Fj9Vg9Xo/XE/VEneLz6sl6sp6ip+ipeqqePiivTtWpOk2n6Vl6lp6j5+i5eq6er+frhXqhXqwX6yV6iU7X6XqpXqoz9DK9TK/QK/QqvUqv0Wv0Or1Ob9Ab9Ca9SWforXqr3qa36R16h96ld+k9eo/eq/fqfXqfztSZer/erw/oA/qgPqgP6UP6sD6sj+gj+qg+qo/pY/q4Pq5P6pP6lD6lT+vT+qw+q8/pc/q8Pq8v6otZt32BDGSgAx3kCHIEMUFMEBvEBnFBXJAnyBNEgkgQH8QH+YLrg/xBgaBgUCgoHBQJigYmwMAGFIRBsaB4EA1uCEoENwYJQcmgVFA6cEGZIDG4KSgb3ByUC24Jyge3BhWC24KKQaWgcnB7cEdQJbgzqBrcFVQL7g6qBzWCmkGt4J6gdnBvUCe4L6gb3B/UCx4I6gcPBg2Ch4KGQaOgcfBw0CR4JGgaNAuaBy2ClkGroPWfOr/3pws85nqZ3ibZ9DF9zcumn+lvBpiBZpB5xQw2r5oh5jUz1Awzw83rZoR5w4w0b5pRZrQZY94yY804M95MMBPNJJNi3jaTzTtminnXTDXTzPRghkk1M02aec/MMrPNHPO+mWvmmflmgVloFhn49ZZYpJuPzFLzsckwy8xys8KsNKvMarPGrDXrzHqzwWw0m8oP/vVQs81sNzvMTrPL7DZ7zKdmr/nM7DOfm0zzhdlv/mIOmC/NQfOVOWS+NofNN+aI+dYcNd+ZY+Z7c9ycMCfND+aU+dGcNmfMWfOTOWd+NufNBXPR+Kyb+6yPd9SoMQfmwBiMwViMxTiMwzyYByMYwXiMx3yYD/NjfiyIBbEwFsaiWBSzEBIWw2IYxSiWwBKYgAlYCkuhQ4eJmIhlsSyWw3JYHstjBayAFbEiVsbKeAfegXfinXgX3oV3491YA2tgLayFtbE21sE6WBfrYj2sh/WxPjbABtgQG2JjbIxNsAk2xabYHJtjS2yJrbE1tsE22BbbYntsjx2wA3bEjpiESdgJO2Fn7IxdsAt2xa7YDbthd+yOPbAH9sSe2At7YTImY1/si/2wHw7AATgIB+FgHIxDcAgOxaE4HIfjCByBI3EkjsLROAbfwrE4DsfjBJyIkzAFU3AyTsYpOAWn4lScjtMxFVMxDdNwFs7COTgH5+JcnI/zcSEuxMW4GJfgEkzHdFyKSzEDM3A5LseVuBJX42pci2txPa7HjbgRN+Nm3IpbcRtuwx24A3fhLtyDe3Av7sV9uA8zMRP34348gAfwIB7EQ3gID+NhPIJH8CgexWN4DI/jcTyJJ/EUnsLTeBrP4lk8hz/jebyAF9FjjM1lY+01Ns7mtnlsXvu3cUFbyBa2RWxRa2x+W+B3MVprE2xJW8qWts6WsYn2pr+LK9pKtrK93d5hq9g7bVVb0eYSfx3XtvfaOvY+W9feb2vZe34X17MP2Pr2EdvANrMNbQvb2LayTewjtqltZpvbFralbWU72CdsR/ukTbJP2U726b+Ll9gP7Vq7zq63G+xe+5k9a3+yR+y39pz92fayve0g+4odbF+1Q+xrdqgd9vtYCDvGvmXH2nF2vJ1gJ9pJfxdPtzNsqp1p0+x7dpad/XfxYvuBnWvT7Xy7wC60i36Js2pKtx/ZpfZjm2GX2eV2hV1pV9nVds3/rXWF3WQ32y12j/3UbrPb7Q670+6yu3+Js65jn/3cZtov7GH7jT1gv7QH7VF7yH79S5x1fUftd/aY/d4etyfsSfuDPWV/tKftmV+uP+vaf7AX7EXrrSAgSYo0BZSDclIM5aJYuobiKDflobwUoWspnq6jfHQ95acCVJAKUWEqQkXJEJIlopCKUXGK0g1Ugm6kBCpJpag0OSpDiXQTlaWbqRzdQuXpVqpAt1FFqkSV6Xa6g6rQnVSV7qJqdDdVpxpUk2rRPVSb7qU6dB/VpfupHj1A9elBakAPUUNqRI3pYWpCj1BTakbNqQW1pFbUmh6lNvQYtaV21J4epw70BHWkJymJnqJO9DR1pmeoCz1LXek56kbPU3d6gXrQi9STXqJe1JuSqQ/1pZepH/WnATSQBtErNJhepSH0Gg2lYTScXqcR9AaNpDdpFI2mMfQWjaVxNJ4m0ESaRCn0Nk2md2gKvUtTaRpNpxmUSjMpjd6jWTSb5tD7NJfm0XxaQAtpES2mD2gJfUjp9BEtpY8pg5bRclpBK2kVraY1tJbW0XraQBtpE22mLbSVPqFttJ120E7aRbtpD31Ke+kz2kefUyZ9QfvpL3SAvqSD9BUdoq/pMH1DR+hbOkrf0TH6no7TCTpJP9Ap+pFO0xk6Sz/ROfqZztMFukieRAihDFWowyDMEeYMY8JcYWx4TRgX5g7zhHnDSHhtGB9eF+YLrw/zhwXCgmGhsHBYJCwamhBDG1IYhsXC4mE0vCEsEd4YJoQlw1Jh6dCFZcLE8KawbHhzWC68JSwf3hpWCG8LK4aVwsrh7eEdYZXwzrBqeFdYLbw7rB7WCGuGtcJ7wtrhvWGd8L6wbnh/WC58IKwfPhg2CB8KG4aNwsbhw2GT8JGwadgsbB62CFuGrcLW4aNhm/CxsG3YLmwfPh52CJ8IO4ZPhknhU2Gn8OnL+0sGv36a/s3+5LBPqC49IbtPLYwuii6OfhBdEv0wmh79KLo0+nE0I7osujy6Iroyuiq6Oromuja6Lro+uiG6Mbopujm6Jep9rZzCQdZCWGgXuBwup4txuVysu8bFudwuj8vrIu5aF++uc/nc9S6/K+AKukKusCviijrj0FlHLnTFXHEXdTe4Eu5Gl+BKulKutHOujEt0rVxr19q1cY+5tq6da+8ed4+7J9wT7smYS4W7zu4Z18U967q659xz7nnX3b3gergXXU/3kuvlertkl+z6ur6un+vnBrgBbpAb5Aa7wW6IG+KGuqFuuBvuRrgRbqQb6Ua5UW6MG+PGurFuvBvvJrqJLsWluMluspvipripbqqb7qa7VJfq0lyam+VmuTlujpvr5rr5br5b6Ba6xW6xW+KWuHSX7pa6pS7DZbjlbrlb6Va61W61W+vWuvUg3Ea30W12m91Wt9Vtc9vcDrfD7XK73B63x+11e90+t89luky33+13B9wBd9B95Q65r91h94074r51R9137pj73h13J9xJ59Up96M77c64s+4nd8797M67C+6i8y4l8nZkcuSdyJTIu5GpkWmR6ZEZkdTIzEha5L3IrMjsyJzI+5G5kXmR+ZEFkYWRRZHFkQ8iSyIfRtIjH0WWRj6OZESWRZZHVkRWRlZFvC+yLfTFfHEf9Tf4Ev5Gn+BL+lK+tHe+jE/0N/my/mZfzt/iy/tbfQV/m6/oK/nKvplv7lv4lr6Vb+0f9W38Y76tb+fb+8d9B/+E7+if9En+Kd/JP+07+2d8F/+s7+qf89388/Muddn39C/5Xr63T/Z9fF//su/n+/sBfqAf5F/xg/2rfoh/zQ/1w/xw/7of4d/wI/2bfpQf7cf4t/xYP86P9xP8RD/Jp/i3/WT/jp/i3/VT/TQ/3c/wqX6mT/Pv+Vl+tp/j3/dz/Tw/3y/wC/0iv9h/4Jf4D326/8gv9R/7DL/ML/cr/Eq/yq/2a/xav86v9xv8Rr/Jb/Zb/Fb/id/mt/sdfqff5Xf7Pf5Tv9d/5vf5z32m/8Lv93/xB/yX/qD/yh/yX/vD/ht/xH/rj/rv/DH/vT/uT/iT/gd/yv/oT/sz/qz/yZ/zP/vz/oK/yP+zxhhjjDH2T1FX2N/nD16Tl7YsfYUQubcXOvS3c27M/+u4v9zbKeel15/q3a1R1taoUXJy8qXXMpQIii8QQkQu5//y/QOX4mWivXhCJIl2ouwf1tdfVvZ/PfcfzR+9VYhYIXL9lpO1PIoVfzv/zf9g/mYf0JXmXyBEQvHLOVkn+i2+PH+5fzD/7g5XmD/XlylCtP2rnDhxOb48f6J4TDwtkn53JGOMMcYYY4wx9qv+8lz3K61vs9bnhfXlnKz1/G/xldbnV1D1z7gGxhhjjDHGGGOM/b89+0KPJx9NSmrX5X/zIOd/Rhn/AQMQQvwHlMGD//zB1f7LxBhjjDHGGPuzXb7pv9qVMMYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj2de//w1h8p8++GpfI2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMXa1/Z8AAAD//9C+Ux4=") mknod$loop(0x0, 0x0, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xb, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="8500000011000000690a04ff000000000f00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) 2.978578472s ago: executing program 4 (id=2147): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="00000c000000eaff01"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000700)={0x2c, &(0x7f0000000580)=ANY=[@ANYBLOB="20310400000021"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 2.966442268s ago: executing program 2 (id=2148): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = syz_io_uring_setup(0x208c, &(0x7f0000000200)={0x0, 0xcb14, 0x10100, 0x3, 0x4001bf}, &(0x7f0000000040), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000380)=""/113, 0x71}], 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 2.496988981s ago: executing program 2 (id=2152): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) iopl(0x3) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) io_uring_setup(0x4db5, &(0x7f0000000400)={0x0, 0xb98f, 0x2, 0x2, 0x28b}) 1.604012203s ago: executing program 6 (id=2154): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56551, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {0xa6, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) 1.488304999s ago: executing program 2 (id=2156): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4, 0x2, 0x0, 0x1, [[]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x40000c4) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000011000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000040000000c001a8008000580"], 0x2c}}, 0x800) 1.309352396s ago: executing program 6 (id=2157): r0 = fsopen(&(0x7f0000001140)='hugetlbfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff25, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) 1.30794034s ago: executing program 2 (id=2158): syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000000904"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) r1 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, &(0x7f0000000dc0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000340)={&(0x7f0000000140)=[{0x36de, 0x5800, 0x0, 0x0}], 0x1}) 1.196959973s ago: executing program 6 (id=2160): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @broadcast}, 0x2, 0x3}}, 0x2e) getsockopt(r2, 0x111, 0x4, 0x0, &(0x7f0000000080)) 1.059544229s ago: executing program 6 (id=2162): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0x3}, 0x1c) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000003c0)={@val={0x8, 0x800}, @val={0x0, 0x3, 0x6, 0x4, 0x102f, 0x40}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x28, 0x1c, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x26}}, {0x4e26, 0x4e20, 0x8}}}, 0x2a) 812.639891ms ago: executing program 6 (id=2163): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r1, 0x5000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r1, 0x0, 0xffffffdb) write$UHID_CREATE2(r1, &(0x7f00000000c0)={0xb, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x0, 0xc, 0x9, 0x4, 0x7, 0x5}}, 0x118) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 812.490323ms ago: executing program 8 (id=2164): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0xc1c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103) renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file7\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file3\x00', 0xffffffffffffff9c, &(0x7f00000007c0)='./file7\x00', 0x0) 738.698167ms ago: executing program 8 (id=2165): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x6, 0x0, 0x4}]}, 0x10) r1 = socket(0x2, 0x3, 0x6) bind$inet(r1, &(0x7f0000000080)={0x2, 0xfffa, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4) sendto$inet(r1, 0x0, 0x0, 0x48800, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r1, &(0x7f00000023c0)="8ce2ad4d4f95e087a7846d3f81", 0x14, 0x0, &(0x7f0000002400)={0x2, 0x0, @multicast2}, 0x10) 664.041149ms ago: executing program 6 (id=2166): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r0, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x9, 0x9}) fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x0, 0xffffffff, 0x8}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0) preadv(r1, &(0x7f0000001e80)=[{&(0x7f0000000080)=""/4094, 0xffe}], 0x1, 0x33, 0x0) 594.800172ms ago: executing program 8 (id=2167): r0 = fanotify_init(0x200, 0x0) r1 = memfd_create(&(0x7f0000000500)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17', 0x1) r2 = dup(r1) fanotify_mark(r0, 0x1, 0x48000046, r2, 0x0) r3 = dup(r2) write$binfmt_elf64(r3, &(0x7f00000016c0)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0xff, 0x78, 0xa3, 0x242, 0x2, 0x3e, 0xcd, 0x3c9, 0x40, 0x2ea, 0x10002, 0x5, 0x38, 0x1, 0x6, 0x6b1, 0x400}, [{0x3, 0x7, 0xff, 0xff5, 0x7, 0x1b8, 0x7}], "", ['\x00']}, 0x178) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 490.225034ms ago: executing program 8 (id=2168): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000006c0)={0x1, &(0x7f0000000500)=[{0x6, 0x43, 0x0, 0x7fff0000}]}) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4b0, 0x158, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3e0, 0xffffffff, 0xffffffff, 0x3e0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x0, 0x0, 0xff], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x138, 0x158, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0x2}, {0x7f}], 0x2, 0x2}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [0x0, 0xffffffff], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x5, 0x41, 0x0, 0x2, 0x1800, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x510) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r2, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) 342.787136ms ago: executing program 2 (id=2169): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) fchdir(r2) umount2(&(0x7f0000000040)='.\x00', 0x2) 258.380242ms ago: executing program 4 (id=2170): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x1a42028, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x49c002, 0x1) io_setup(0x20fe, &(0x7f0000000540)=0x0) io_submit(r1, 0x3, &(0x7f0000002680)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)='p', 0x8200, 0x600}]) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x2d, 0xe, 0x40000002, 0x7f, 0x9, 0x0, 0xb, 0x0, 0x0, 0x10, 0xffff}}, 0x50) 205.934259ms ago: executing program 8 (id=2171): r0 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582ab314be"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19}, 0x42) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r2, 0x4) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000880)={0x20, r0, 0x3, 0x70bd27, 0x25dbdbfb, {}, [{{0x8, 0x1, r4}, {0x4}}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x4004044) 56.327408ms ago: executing program 2 (id=2172): r0 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\"Zm\x1c\x18\x11\x93\xb5z \xc2\x8b\xa9\xc5\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2c, &(0x7f0000000300)={0x0, 0x9, 0x3, 0x1}) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000340)={0x0, 0xaee4, 0x100, 0xffffffff, 0x2d6}, &(0x7f0000000000)=0x0, &(0x7f0000000400)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x75fa, 0xe475, 0xd, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r0, &(0x7f0000000180)=""/196, 0xc4, 0x100000000, 0x0) 0s ago: executing program 8 (id=2173): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) userfaultfd(0x801) openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x3, 0x2, 0xfffffffffffffffd, 0x9, 0x4}, 0x0, &(0x7f0000000240)={0x1f, 0x1, 0x56d92c8a, 0x0, 0xfffffffffffffffc, 0x10000, 0x10}, 0x0, 0x0) kernel console output (not intermixed with test programs): hange from 0 to 4096 [ 217.564693][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 217.583725][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 217.598776][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 217.611902][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 217.619568][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 217.761658][ T5906] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 217.921941][ T5906] usb 4-1: Using ep0 maxpacket: 32 [ 217.934352][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.961157][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.971363][ T5906] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 217.981408][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.983307][ T9306] Invalid ELF header magic: != ELF [ 217.999391][ T5906] usb 4-1: config 0 descriptor?? [ 218.043706][ T5906] hub 4-1:0.0: USB hub found [ 218.102595][ T9289] chnl_net:caif_netlink_parms(): no params data found [ 218.249918][ T5906] hub 4-1:0.0: 1 port detected [ 218.309749][ T9289] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.317479][ T9289] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.326022][ T9289] bridge_slave_0: entered allmulticast mode [ 218.334923][ T9289] bridge_slave_0: entered promiscuous mode [ 218.336184][ T9317] loop4: detected capacity change from 0 to 128 [ 218.349919][ T9289] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.357698][ T9289] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.365180][ T9289] bridge_slave_1: entered allmulticast mode [ 218.374187][ T9289] bridge_slave_1: entered promiscuous mode [ 218.420912][ T9317] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 218.452821][ T9317] hpfs: filesystem error: improperly stopped [ 218.465744][ T9317] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 218.474961][ T9317] hpfs: You really don't want any checks? You are crazy... [ 218.485872][ T9317] hpfs: Code page index out of array [ 218.494709][ T9289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.502215][ T9317] hpfs: code page support is disabled [ 218.528185][ T9317] hpfs: hpfs_map_4sectors(): unaligned read [ 218.537453][ T9317] hpfs: hpfs_map_4sectors(): unaligned read [ 218.545237][ T9317] hpfs: filesystem error: unable to find root dir [ 218.549789][ T9289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.678540][ T9289] team0: Port device team_slave_0 added [ 218.711422][ T9289] team0: Port device team_slave_1 added [ 218.861153][ T9289] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.887221][ T5906] hub 4-1:0.0: activate --> -90 [ 218.887804][ T9289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 218.959888][ T9289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.983970][ T9289] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.990951][ T9289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 219.059140][ T9289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.088627][ T5949] usb 4-1: USB disconnect, device number 16 [ 219.088646][ T5906] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 219.287429][ T9289] hsr_slave_0: entered promiscuous mode [ 219.296196][ T9289] hsr_slave_1: entered promiscuous mode [ 219.303919][ T9289] debugfs: 'hsr0' already exists in 'hsr' [ 219.309829][ T9289] Cannot create hsr debugfs directory [ 219.701923][ T5852] Bluetooth: hci4: command tx timeout [ 219.919119][ T9351] loop3: detected capacity change from 0 to 4096 [ 219.955912][ T9351] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 219.996780][ T9289] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 220.046202][ T9289] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 220.063202][ T9351] ntfs3(loop3): ino=19, mi_enum_attr [ 220.076978][ T9351] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 220.109229][ T9289] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 220.165869][ T29] audit: type=1800 audit(1773776285.277:48): pid=9351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1086" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 220.193483][ T9289] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 220.367939][ T9362] kvm: Disabled LAPIC found during irq injection [ 220.554661][ T9373] overlayfs: failed to clone upperpath [ 220.590585][ T9374] loop4: detected capacity change from 0 to 128 [ 220.618456][ T9289] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.646013][ T9374] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 220.681716][ T9374] hpfs: filesystem error: improperly stopped [ 220.697416][ T9289] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.705843][ T9374] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 220.728439][ T9374] hpfs: You really don't want any checks? You are crazy... [ 220.739659][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.746940][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.754647][ T9374] hpfs: hpfs_map_sector(): read error [ 220.765244][ T9374] hpfs: code page support is disabled [ 220.782846][ T9374] hpfs: hpfs_map_4sectors(): unaligned read [ 220.792119][ T9378] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1096'. [ 220.813031][ T9374] hpfs: hpfs_map_4sectors(): unaligned read [ 220.825322][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.831738][ T9374] hpfs: filesystem error: unable to find root dir [ 220.832569][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.840583][ T9378] unsupported nlmsg_type 40 [ 220.908263][ T9374] hpfs: hpfs_map_4sectors(): unaligned read [ 220.938645][ T9374] hpfs: hpfs_map_sector(): read error [ 220.948183][ T9382] hpfs: hpfs_map_4sectors(): unaligned read [ 220.960155][ T9382] hpfs: hpfs_map_sector(): read error [ 220.979082][ T9374] hpfs: hpfs_map_4sectors(): unaligned read [ 221.011803][ T9374] hpfs: hpfs_map_sector(): read error [ 221.229241][ T9391] loop5: detected capacity change from 0 to 1024 [ 221.257979][ T9394] UHID_CREATE from different security context by process 471 (syz.4.1100), this is not allowed. [ 221.322803][ T9386] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.330532][ T9386] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.591075][ T149] hfsplus: b-tree write err: -5, ino 3 [ 221.609075][ T9386] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.652927][ T9386] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.782137][ T5852] Bluetooth: hci4: command tx timeout [ 221.983440][ T5927] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 222.064099][ T149] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.096735][ T149] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.131526][ T149] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.166073][ T149] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.171120][ T5927] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 222.234579][ T5927] usb 6-1: can't read configurations, error -71 [ 222.304148][ T9289] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.542715][ T10] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 222.555222][ T9429] netlink: 'syz.4.1113': attribute type 1 has an invalid length. [ 222.634858][ T9429] 8021q: adding VLAN 0 to HW filter on device bond1 [ 222.683345][ T9433] bond1: (slave syz_tun): making interface the new active one [ 222.705368][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.726207][ T10] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 222.735758][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.745625][ T9433] bond1: (slave syz_tun): Enslaving as an active interface with an up link [ 222.746897][ T10] usb 4-1: config 0 descriptor?? [ 222.975065][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 223.004519][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 223.050002][ T10] usb 4-1: USB disconnect, device number 17 [ 223.126315][ T9289] veth0_vlan: entered promiscuous mode [ 223.188736][ T9289] veth1_vlan: entered promiscuous mode [ 223.261410][ T5906] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 223.317318][ T9289] veth0_macvtap: entered promiscuous mode [ 223.346645][ T9289] veth1_macvtap: entered promiscuous mode [ 223.397754][ T9289] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 223.418760][ T9289] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.422168][ T5906] usb 5-1: Using ep0 maxpacket: 16 [ 223.433742][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.447019][ T149] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.449148][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 223.461571][ T149] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.467359][ T5906] usb 5-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 223.487496][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.507152][ T149] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.512579][ T5906] usb 5-1: config 0 descriptor?? [ 223.516577][ T10] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 223.549785][ T149] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.711083][ T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.724719][ T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.732356][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.744542][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 223.760167][ T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 223.769831][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.782638][ T10] usb 4-1: config 0 descriptor?? [ 223.809151][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.818584][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.861422][ T5852] Bluetooth: hci4: command tx timeout [ 223.960216][ T5906] ntrig 0003:1B96:0008.0012: item fetching failed at offset 5/7 [ 223.984132][ T5906] ntrig 0003:1B96:0008.0012: parse failed [ 223.997421][ T5906] ntrig 0003:1B96:0008.0012: probe with driver ntrig failed with error -22 [ 224.218229][ T10] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 224.297600][ T5906] usb 5-1: USB disconnect, device number 11 [ 224.427652][ T9469] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1125'. [ 224.456981][ T9466] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=1420284373 (45449099936 ns) > initial count (5257758976 ns). Using initial count to start timer. [ 224.685877][ T9] usb 4-1: USB disconnect, device number 18 [ 225.291345][ T5949] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 225.342647][ T9482] loop3: detected capacity change from 0 to 128 [ 225.390679][ T9482] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 225.422165][ T9482] ext4 filesystem being mounted at /220/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 225.462413][ T5949] usb 5-1: Using ep0 maxpacket: 16 [ 225.473959][ T5949] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 225.494710][ T5949] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.514141][ T5949] usb 5-1: Product: syz [ 225.515634][ T5840] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 225.525116][ T5949] usb 5-1: Manufacturer: syz [ 225.535338][ T5949] usb 5-1: SerialNumber: syz [ 225.942327][ T5852] Bluetooth: hci4: command tx timeout [ 226.796220][ T9529] fuse: Bad value for 'fd' [ 226.998322][ T5949] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 227.046610][ T5949] usb 5-1: USB disconnect, device number 12 [ 227.267149][ T9548] xt_hashlimit: size too large, truncated to 1048576 [ 229.172399][ T9612] loop4: detected capacity change from 0 to 2048 [ 229.306291][ T9621] netlink: 'syz.5.1183': attribute type 83 has an invalid length. [ 229.319625][ T9612] loop4: p3 < > p4 < > [ 229.333550][ T9612] loop4: partition table partially beyond EOD, truncated [ 229.356750][ T9618] loop3: detected capacity change from 0 to 2048 [ 229.361736][ T9612] loop4: p3 start 4284289 is beyond EOD, truncated [ 229.550304][ T5844] loop3: p3 < > p4 < > [ 229.578515][ T5844] loop3: partition table partially beyond EOD, truncated [ 229.634915][ T9628] loop5: detected capacity change from 0 to 1024 [ 229.635156][ T5844] loop3: p3 start 4284289 is beyond EOD, truncated [ 229.670564][ T9628] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 229.726542][ T9628] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 229.812663][ T9618] loop3: p3 < > p4 < > [ 229.825723][ T9618] loop3: partition table partially beyond EOD, truncated [ 229.850417][ T9628] EXT4-fs error (device loop5): ext4_get_journal_inode:5863: inode #32: comm syz.5.1185: iget: special inode unallocated [ 229.872265][ T9618] loop3: p3 start 4284289 is beyond EOD, truncated [ 229.920533][ T9628] loop5: lost file I/O error report for ino 32 type 5 pos 0x0 len 0x0 error -117 [ 229.921294][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 229.937335][ C1] EXT4-fs (loop5): initial error at time 1773776295: ext4_get_journal_inode:5863: inode 32 [ 229.947382][ C1] EXT4-fs (loop5): last error at time 1773776295: ext4_get_journal_inode:5863: inode 32 [ 229.957703][ T9628] EXT4-fs (loop5): no journal found [ 229.963188][ T9628] EXT4-fs (loop5): can't get journal size [ 229.983855][ T9628] EXT4-fs error (device loop5): ext4_protect_reserved_inode:160: inode #32: comm syz.5.1185: iget: special inode unallocated [ 230.072871][ T9628] loop5: lost file I/O error report for ino 32 type 5 pos 0x0 len 0x0 error -117 [ 230.073486][ T9628] EXT4-fs (loop5): failed to initialize system zone (-117) [ 230.164900][ T9628] EXT4-fs (loop5): mount failed [ 230.300093][ T5851] udevd[5851]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 230.393429][ T5851] udevd[5851]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 230.544430][ T9644] fuse: fd is not a fuse device [ 231.015986][ T9654] vivid-003: disconnect [ 231.048143][ T9652] vivid-003: reconnect [ 232.876465][ T9660] loop4: detected capacity change from 0 to 32768 [ 232.959144][ T9660] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1197 (9660) [ 233.037929][ T9660] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 233.084934][ T9660] BTRFS info (device loop4): using sha256 checksum algorithm [ 233.306359][ T9660] BTRFS info (device loop4): rebuilding free space tree [ 233.330415][ T9686] loop3: detected capacity change from 0 to 512 [ 233.401936][ T9660] BTRFS info (device loop4): enabling ssd optimizations [ 233.443884][ T9660] BTRFS info (device loop4): using spread ssd allocation scheme [ 233.443934][ T9686] EXT4-fs error (device loop3): ext4_do_update_inode:5572: inode #15: comm syz.3.1203: corrupted inode contents [ 233.465763][ T9686] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 233.472242][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 233.477058][ T9660] BTRFS info (device loop4): turning on async discard [ 233.481463][ C0] EXT4-fs (loop3): initial error at time 1773776298: ext4_do_update_inode:5572: inode 15 [ 233.504570][ C0] EXT4-fs (loop3): last error at time 1773776298: ext4_do_update_inode:5572: inode 15 [ 233.520585][ T9686] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 233.529284][ T9686] loop3: lost filesystem error report for type 5 error -117 [ 233.534120][ T9686] EXT4-fs error (device loop3): ext4_do_update_inode:5572: inode #15: comm syz.3.1203: corrupted inode contents [ 233.556471][ T9686] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 233.556713][ T9660] BTRFS info (device loop4): enabling free space tree [ 233.557001][ T9686] EXT4-fs error (device loop3): ext4_evict_inode:303: inode #15: comm syz.3.1203: mark_inode_dirty error [ 233.587586][ T9686] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 233.588090][ T9686] EXT4-fs (loop3): 1 orphan inode deleted [ 233.606311][ T9686] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 233.630278][ T9660] BTRFS info (device loop4): force clearing of disk cache [ 233.640735][ T9686] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.820231][ T29] audit: type=1800 audit(1773776298.927:49): pid=9660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1197" name="bus" dev="loop4" ino=263 res=0 errno=0 [ 233.920305][ T9706] fuse: Bad value for 'fd' [ 233.959079][ T9706] 9pnet_fd: p9_fd_create_unix (9706): problem connecting socket: ./file0: -111 [ 234.525713][ T5839] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 234.566829][ T9727] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1221'. [ 234.658830][ T9728] loop3: detected capacity change from 0 to 512 [ 234.701005][ T9728] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 234.867286][ T9728] EXT4-fs (loop3): 1 orphan inode deleted [ 234.898001][ T9728] EXT4-fs (loop3): 1 truncate cleaned up [ 234.964655][ T9728] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.176683][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.279806][ T9743] netlink: 1347 bytes leftover after parsing attributes in process `syz.2.1227'. [ 235.350811][ T9746] ªªªªªª: renamed from vlan0 (while UP) [ 235.910824][ T9769] fuse: Bad value for 'fd' [ 236.163240][ T5843] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 236.194341][ T9781] loop5: detected capacity change from 0 to 512 [ 236.324202][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 236.349151][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 236.370263][ T29] audit: type=1800 audit(1773776301.477:50): pid=9785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1242" name="file2" dev="loop5" ino=1048628 res=0 errno=0 [ 236.400414][ T5843] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 236.420946][ T5843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.447103][ T5843] usb 5-1: config 0 descriptor?? [ 236.447927][ T9781] FAT-fs (loop5): error, corrupted file size (i_pos 51, 8960) [ 236.480250][ T9781] FAT-fs (loop5): error, corrupted file size (i_pos 51, 8960) [ 236.731128][ T9798] fuse: Bad value for 'fd' [ 236.784699][ T9800] fuse: Bad value for 'fd' [ 236.795681][ T9800] overlayfs: failed to clone lowerpath [ 236.899444][ T5843] hid_parser_main: 4007 callbacks suppressed [ 236.899466][ T5843] isku 0003:1E7D:319C.0014: unknown main item tag 0x0 [ 236.935042][ T9804] overlayfs: failed to clone upperpath [ 236.938015][ T5843] isku 0003:1E7D:319C.0014: unknown main item tag 0x0 [ 236.958410][ T5843] isku 0003:1E7D:319C.0014: unknown main item tag 0x0 [ 236.972549][ T5843] isku 0003:1E7D:319C.0014: unknown main item tag 0x1 [ 236.996268][ T5843] isku 0003:1E7D:319C.0014: unknown main item tag 0x0 [ 237.020337][ T5843] isku 0003:1E7D:319C.0014: unknown main item tag 0x0 [ 237.046061][ T5843] isku 0003:1E7D:319C.0014: item fetching failed at offset 6/7 [ 237.076332][ T5843] isku 0003:1E7D:319C.0014: parse failed [ 237.093914][ T5843] isku 0003:1E7D:319C.0014: probe with driver isku failed with error -22 [ 238.987825][ T5907] usb 5-1: USB disconnect, device number 13 [ 239.286780][ T9860] loop4: detected capacity change from 0 to 512 [ 239.328240][ T9860] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 239.368718][ T9860] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.1275: iget: bad i_size value: 38620345925642 [ 239.401307][ T9860] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 239.406455][ T9860] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1275: couldn't read orphan inode 15 (err -117) [ 239.415725][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 239.415750][ C0] EXT4-fs (loop4): initial error at time 1773776310: ext4_orphan_get:1391: inode 15 [ 239.415776][ C0] EXT4-fs (loop4): last error at time 1773776310: ext4_orphan_get:1391: inode 15 [ 239.552800][ T9860] loop4: lost filesystem error report for type 5 error -117 [ 239.558715][ T9860] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.708779][ T9876] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.1275: bg 0: block 5: invalid block bitmap [ 239.756434][ T9878] loop5: detected capacity change from 0 to 512 [ 239.782364][ T9878] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 239.827339][ T9878] EXT4-fs (loop5): 1 truncate cleaned up [ 239.843119][ T9878] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 239.870520][ T9876] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 48 with error 28 [ 239.931731][ T9876] EXT4-fs (loop4): This should not happen!! Data will be lost [ 239.931731][ T9876] [ 239.968040][ T29] audit: type=1800 audit(1773776311.074:51): pid=9878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1282" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 240.008135][ T9876] EXT4-fs (loop4): Total free blocks count 0 [ 240.028264][ T9876] EXT4-fs (loop4): Free/Dirty block details [ 240.051529][ T9876] EXT4-fs (loop4): free_blocks=0 [ 240.062953][ T9876] EXT4-fs (loop4): dirty_blocks=48 [ 240.091527][ T9876] EXT4-fs (loop4): Block reservation details [ 240.098464][ T9876] EXT4-fs (loop4): i_reserved_data_blocks=48 [ 240.121704][ T7474] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.298910][ T5839] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.488563][ T9901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1289'. [ 240.997325][ T9915] loop5: detected capacity change from 0 to 512 [ 241.028454][ T9915] EXT4-fs (loop5): Test dummy encryption mode enabled [ 241.059026][ T9915] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 241.068623][ T9920] overlayfs: failed to clone upperpath [ 241.100198][ T9915] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.1297: bad orphan inode 131083 [ 241.142732][ T9915] loop5: lost filesystem error report for type 5 error -117 [ 241.161291][ T9915] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 241.408623][ T9915] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 241.507960][ T9915] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 241.865293][ T7474] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.870903][ T9937] loop6: detected capacity change from 0 to 2640 [ 241.902062][ T9937] Buffer I/O error on dev loop6, logical block 0, async page read [ 241.931824][ T9937] Buffer I/O error on dev loop6, logical block 0, async page read [ 241.950416][ T9937] Buffer I/O error on dev loop6, logical block 0, async page read [ 242.053910][ T9937] Buffer I/O error on dev loop6, logical block 0, async page read [ 242.166160][ T9937] Buffer I/O error on dev loop6, logical block 0, async page read [ 242.234145][ T9937] Buffer I/O error on dev loop6, logical block 0, async page read [ 242.257109][ T9937] Buffer I/O error on dev loop6, logical block 0, async page read [ 242.321426][ T9937] Buffer I/O error on dev loop6, logical block 0, async page read [ 242.332113][ T9945] loop5: detected capacity change from 0 to 1024 [ 242.357986][ T9937] ldm_validate_partition_table(): Disk read failed. [ 242.394464][ T9937] Buffer I/O error on dev loop6, logical block 0, async page read [ 242.415674][ T9945] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 242.437569][ T9937] Buffer I/O error on dev loop6, logical block 0, async page read [ 242.451657][ T9937] Dev loop6: unable to read RDB block 0 [ 242.493752][ T9937] loop6: unable to read partition table [ 242.500614][ T9937] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 242.886667][ T9909] loop3: detected capacity change from 0 to 32768 [ 242.974100][ T9909] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 243.011279][ T9909] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 243.185885][ T9909] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 243.320490][ T7474] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.336745][ T5843] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 243.363135][ T5843] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 243.569511][ T5843] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 206ms [ 243.654631][ T5843] gfs2: fsid=syz:syz.0: jid=0: Done [ 243.668907][ T9909] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 243.716636][ T9909] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 244.085675][ T9971] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.093515][ T9971] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.268186][ T9971] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 244.306594][ T9971] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 245.069927][ T58] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.104752][ T58] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.138734][ T58] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.177788][ T58] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.096409][ T5949] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 246.273367][ T5949] usb 4-1: Using ep0 maxpacket: 32 [ 246.305407][ T5949] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.350982][ T5949] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.400819][ T5949] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 246.439576][ T5949] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 246.468020][ T5949] usb 4-1: Product: syz [ 246.484176][T10026] loop4: detected capacity change from 0 to 32768 [ 246.493804][ T5949] usb 4-1: Manufacturer: syz [ 246.550321][ T5949] hub 4-1:4.0: USB hub found [ 246.638802][ T5851] loop4: p1 p3 < > [ 246.704600][T10026] loop4: p1 p3 < > [ 246.762761][ T5949] hub 4-1:4.0: 2 ports detected [ 247.127751][T10045] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1345'. [ 247.193717][ T5949] hub 4-1:4.0: set hub depth failed [ 247.206073][ T1179] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 247.215765][T10045] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1345'. [ 247.219672][ T5949] usb 4-1: USB disconnect, device number 19 [ 247.263119][ T1179] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 247.289068][ T1179] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 247.319355][ T1179] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 247.414062][ T5860] udevd[5860]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 247.432085][ T5844] udevd[5844]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 247.550780][ T5844] udevd[5844]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 247.553389][ T5851] udevd[5851]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 248.413244][ T5914] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 248.605731][ T5914] usb 4-1: Using ep0 maxpacket: 8 [ 248.653379][ T5914] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 248.680871][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.702530][ T5914] usb 4-1: Product: syz [ 248.711606][ T5914] usb 4-1: Manufacturer: syz [ 248.722107][ T5914] usb 4-1: SerialNumber: syz [ 248.756699][ T5914] usb 4-1: config 0 descriptor?? [ 248.788910][ T5914] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 248.794552][T10084] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1361'. [ 250.221415][ T5914] gspca_sonixj: i2c_w8 err -71 [ 250.271396][ T5914] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 250.358118][ T5914] usb 4-1: USB disconnect, device number 20 [ 251.518111][T10153] loop5: detected capacity change from 0 to 1024 [ 251.570002][T10153] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 251.632516][T10153] ext4 filesystem being mounted at /190/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 251.871974][T10164] EXT4-fs error (device loop5): ext4_free_blocks:6724: comm syz.5.1383: Freeing blocks not in datazone - block = 0, count = 16 [ 251.987249][T10152] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1383: bg 0: block 112: padding at end of block bitmap is not set [ 252.094092][T10152] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 128 with max blocks 64 with error 28 [ 252.130575][T10152] EXT4-fs (loop5): This should not happen!! Data will be lost [ 252.130575][T10152] [ 252.172488][T10152] EXT4-fs (loop5): Total free blocks count 0 [ 252.187692][T10152] EXT4-fs (loop5): Free/Dirty block details [ 252.204475][T10152] EXT4-fs (loop5): free_blocks=0 [ 252.215669][T10152] EXT4-fs (loop5): dirty_blocks=64 [ 252.224169][T10152] EXT4-fs (loop5): Block reservation details [ 252.233564][T10152] EXT4-fs (loop5): i_reserved_data_blocks=4 [ 252.290376][ T7474] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 252.513339][T10185] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.1395'. [ 252.637476][T10187] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1393'. [ 252.837286][T10195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1398'. [ 253.729840][T10198] loop5: detected capacity change from 0 to 32768 [ 253.760007][T10198] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1400 (10198) [ 253.883679][T10198] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 253.935388][T10198] BTRFS info (device loop5): using crc32c checksum algorithm [ 254.165791][T10198] BTRFS info (device loop5): enabling ssd optimizations [ 254.214145][T10198] BTRFS info (device loop5): turning on flush-on-commit [ 254.255781][T10198] BTRFS info (device loop5): enabling free space tree [ 254.295868][T10198] BTRFS info (device loop5): enabling auto defrag [ 254.335949][T10198] BTRFS info (device loop5): use lzo compression, level 1 [ 254.363224][T10198] BTRFS info (device loop5): max_inline set to 4096 [ 254.956361][ T7474] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 255.597718][T10266] netlink: 165240 bytes leftover after parsing attributes in process `syz.2.1420'. [ 255.703990][T10252] loop4: detected capacity change from 0 to 32768 [ 255.803291][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.809835][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.811619][ T9] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 255.889153][ T9] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 255.924449][ T9] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 255.947201][ T9] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 255.966088][T10279] loop5: detected capacity change from 0 to 256 [ 255.972712][ T9] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 256.005831][ T9] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 256.027137][ T9] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 256.043759][ T9] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 256.060616][ T9] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 256.076178][ T9] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 256.201967][ T9] hid-generic 0006:0004:0009.0015: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0 [ 256.418881][T10282] fido_id[10282]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/0006:0004:0009.0015/report_descriptor': No such file or directory [ 256.517774][T10287] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1430'. [ 256.557938][T10287] netlink: 'syz.2.1430': attribute type 7 has an invalid length. [ 256.578493][T10287] netlink: 'syz.2.1430': attribute type 8 has an invalid length. [ 256.632537][T10287] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1430'. [ 256.666787][T10294] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1433'. [ 256.874388][T10305] loop5: detected capacity change from 0 to 7 [ 256.883067][T10305] Dev loop5: unable to read RDB block 7 [ 256.888801][T10305] loop5: AHDI p3 p4 [ 256.895934][T10305] loop5: partition table partially beyond EOD, truncated [ 257.171479][ T5907] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 257.333142][ T5907] usb 4-1: Using ep0 maxpacket: 16 [ 257.349048][ T5907] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 257.359595][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.398300][ T5907] usb 4-1: config 0 descriptor?? [ 257.416032][ T5907] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 257.503308][T10331] loop5: detected capacity change from 0 to 512 [ 257.584017][T10331] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 257.680761][T10331] System zones: 0-2, 18-18, 34-34 [ 258.023034][T10331] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 258.078388][T10331] EXT4-fs (loop5): Remounting filesystem read-only [ 258.085658][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 258.085682][ C1] EXT4-fs (loop5): initial error at time 1773776329: ext4_mb_generate_buddy:1315 [ 258.085705][ C1] EXT4-fs (loop5): last error at time 1773776329: ext4_mb_generate_buddy:1315 [ 258.144127][T10331] EXT4-fs (loop5): 1 truncate cleaned up [ 258.171591][T10331] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.184668][ T13] Quota error (device loop5): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 258.191399][T10331] ext4 filesystem being mounted at /198/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.232767][ T13] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 258.268071][ T13] Quota error (device loop5): write_blk: dquota write failed [ 258.292242][ T13] Quota error (device loop5): remove_free_dqentry: Can't write block (5) with free entries [ 258.327633][ T13] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 258.363225][ T13] Quota error (device loop5): write_blk: dquota write failed [ 258.391897][ T13] Quota error (device loop5): free_dqentry: Can't move quota data block (5) to free list [ 258.428540][ T13] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started [ 258.464357][ T13] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 258.502150][ T13] Quota error (device loop5): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 258.521408][ T13] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 258.592720][ T7474] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.891399][ T5907] gspca_sonixj: i2c_w8 err -71 [ 258.916899][T10373] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.1463'. [ 258.926476][ T5907] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 258.944320][ T5907] usb 4-1: USB disconnect, device number 21 [ 259.489019][T10386] loop4: detected capacity change from 0 to 32768 [ 259.496810][T10386] btrfs: Deprecated parameter 'usebackuproot' [ 259.503173][T10386] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 259.513154][T10386] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1468 (10386) [ 259.534522][T10386] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 259.544840][T10386] BTRFS info (device loop4): using crc32c checksum algorithm [ 259.608533][ T1152] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 259.714416][T10386] BTRFS error (device loop4): failed to load root extent [ 259.722662][T10386] BTRFS warning (device loop4): try to load backup roots slot 1 [ 259.730875][ T58] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 259.767691][T10386] BTRFS warning (device loop4): couldn't read tree root [ 259.774853][T10386] BTRFS warning (device loop4): try to load backup roots slot 2 [ 259.783816][ T13] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 259.819153][T10386] BTRFS warning (device loop4): couldn't read tree root [ 259.826376][T10386] BTRFS warning (device loop4): try to load backup roots slot 3 [ 259.846342][T10386] BTRFS info (device loop4): rebuilding free space tree [ 259.893632][T10386] BTRFS info (device loop4): checking UUID tree [ 259.901774][T10386] BTRFS info (device loop4): enabling ssd optimizations [ 259.908781][T10386] BTRFS info (device loop4): turning on async discard [ 259.915930][T10386] BTRFS info (device loop4): enabling free space tree [ 259.923075][T10386] BTRFS info (device loop4): force clearing of disk cache [ 259.930298][T10386] BTRFS info (device loop4): enabling auto defrag [ 259.936804][T10386] BTRFS info (device loop4): trying to use backup root at mount time [ 259.945233][T10386] BTRFS info (device loop4): use zstd compression, level 3 [ 260.221173][ T5839] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 260.540044][T10426] netlink: 'syz.6.1476': attribute type 13 has an invalid length. [ 260.983081][ T5843] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 261.002113][ T5907] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 261.144663][ T5843] usb 5-1: Using ep0 maxpacket: 16 [ 261.156762][ T5843] usb 5-1: config 0 has an invalid interface number: 41 but max is 0 [ 261.169846][ T5843] usb 5-1: config 0 has no interface number 0 [ 261.176160][ T5907] usb 6-1: Using ep0 maxpacket: 32 [ 261.187148][ T5907] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 261.202744][ T5907] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 261.213932][ T5843] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 261.235263][ T5907] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 261.245178][ T5843] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 261.276454][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 261.296809][ T5843] usb 5-1: config 0 interface 41 has no altsetting 0 [ 261.306226][ T5907] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 261.332484][ T5843] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 261.344016][ T5907] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 261.369554][ T5843] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.400125][ T5843] usb 5-1: Product: syz [ 261.406845][ T5907] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 261.418281][ T5843] usb 5-1: Manufacturer: syz [ 261.426332][ T5843] usb 5-1: SerialNumber: syz [ 261.436497][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.453691][ T5843] usb 5-1: config 0 descriptor?? [ 261.472661][ T5907] usb 6-1: config 0 descriptor?? [ 261.479503][T10436] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 261.490965][T10436] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 261.737496][ T5907] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 261.748114][ T58] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 261.762143][T10436] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 261.782134][ T58] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.789263][T10436] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 261.798959][T10458] overlayfs: failed to clone upperpath [ 261.809043][ T5907] usb 6-1: USB disconnect, device number 10 [ 261.891970][ T5907] usblp0: removed [ 262.239175][T10473] netlink: 212348 bytes leftover after parsing attributes in process `syz.6.1494'. [ 262.291395][ T5907] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 262.375515][ T58] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 262.386550][ T58] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.458337][ T5843] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 262.473897][ T5907] usb 6-1: Using ep0 maxpacket: 32 [ 262.495188][ T5907] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 262.513723][ T5907] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 262.533904][ T5907] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 262.544355][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 262.556095][ T5907] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 262.568196][ T5907] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 262.582256][ T5907] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 262.593106][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.612585][ T5907] usb 6-1: config 0 descriptor?? [ 262.772859][ T58] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 262.793103][ T58] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.837868][ T5907] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 262.912689][ T5843] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 262.940455][ T5843] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71 [ 262.951781][ T5843] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71 [ 262.973198][ T5843] usb 5-1: USB disconnect, device number 14 [ 263.111618][ T58] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 263.147635][ T58] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.435480][T10498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1499'. [ 263.505648][ T5843] usb 6-1: USB disconnect, device number 11 [ 263.540633][ T5843] usblp0: removed [ 263.666718][T10498] macvtap1: entered promiscuous mode [ 263.687450][T10498] erspan0: entered promiscuous mode [ 263.709072][T10498] macvtap1: entered allmulticast mode [ 263.726751][T10498] erspan0: entered allmulticast mode [ 263.828163][T10500] erspan0: left allmulticast mode [ 263.833568][T10500] erspan0: left promiscuous mode [ 263.840194][T10500] macvtap1: left promiscuous mode [ 263.845600][T10500] macvtap1: left allmulticast mode [ 264.318462][T10527] loop3: detected capacity change from 0 to 128 [ 264.350171][T10527] FAT-fs (loop3): Invalid FSINFO signature: 0x41000006, 0x61417272 (sector = 1) [ 264.652432][ T58] bridge_slave_1: left allmulticast mode [ 264.671569][ T58] bridge_slave_1: left promiscuous mode [ 264.692074][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.767966][ T58] bridge_slave_0: left allmulticast mode [ 264.790567][ T58] bridge_slave_0: left promiscuous mode [ 264.812293][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.431004][ T29] audit: type=1326 audit(1773776336.534:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10551 comm="syz.2.1513" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9845f9c799 code=0x0 [ 266.302475][T10559] loop4: detected capacity change from 0 to 1024 [ 266.332528][T10559] EXT4-fs: inline encryption not supported [ 266.439476][T10559] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 266.599022][T10559] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4222: comm syz.4.1516: Allocating blocks 449-513 which overlap fs metadata [ 266.681339][T10559] EXT4-fs (loop4): Remounting filesystem read-only [ 266.759484][T10568] EXT4-fs (loop4): error restoring inline_data for inode -- potential data loss! (inode 15, error -30) [ 266.877128][ T5839] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.052257][T10575] tipc: Failed to remove unknown binding: 66,1,1/0:3679703737/3679703739 [ 267.231412][ T58] hsr_slave_0: left promiscuous mode [ 267.263129][ T58] hsr_slave_1: left promiscuous mode [ 267.279750][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 267.335262][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 267.348802][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 267.368500][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 267.379899][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 267.388329][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 267.397681][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 267.452358][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 267.492290][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 267.552010][ T58] veth1_macvtap: left promiscuous mode [ 267.584624][ T58] veth0_macvtap: left promiscuous mode [ 267.604992][ T58] veth1_vlan: left promiscuous mode [ 267.620758][ T58] veth0_vlan: left promiscuous mode [ 268.803077][ T58] team0 (unregistering): Port device team_slave_1 removed [ 268.874936][ T58] team0 (unregistering): Port device team_slave_0 removed [ 268.971012][T10606] loop4: detected capacity change from 0 to 32768 [ 269.007376][T10606] JBD2: Ignoring recovery information on journal [ 269.073071][T10622] 9pnet_fd: p9_fd_create_unix (10622): problem connecting socket: ./file0: -111 [ 269.124059][ T29] audit: type=1800 audit(1773776340.234:53): pid=10628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1537" name="nullb0" dev="tmpfs" ino=1185 res=0 errno=0 [ 269.157287][T10606] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 269.467369][ T5852] Bluetooth: hci2: command tx timeout [ 270.037963][ T5839] ocfs2: Unmounting device (7,4) on (node local) [ 270.349949][T10586] chnl_net:caif_netlink_parms(): no params data found [ 270.806858][T10586] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.840126][ T58] IPVS: stop unused estimator thread 0... [ 270.847932][T10586] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.876285][T10586] bridge_slave_0: entered allmulticast mode [ 270.909025][T10586] bridge_slave_0: entered promiscuous mode [ 270.944864][T10586] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.969302][T10586] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.998356][T10586] bridge_slave_1: entered allmulticast mode [ 271.028514][T10586] bridge_slave_1: entered promiscuous mode [ 271.035390][T10643] loop5: detected capacity change from 0 to 40427 [ 271.051773][ T29] audit: type=1326 audit(1773776342.164:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10673 comm="syz.6.1545" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5388f9c799 code=0x0 [ 271.079002][T10643] F2FS-fs (loop5): invalid crc value [ 271.088031][ T5843] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 271.202468][T10586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 271.252153][T10586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 271.291455][ T5843] usb 5-1: Using ep0 maxpacket: 32 [ 271.310212][ T5843] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 271.351330][ T5843] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 271.386201][ T5843] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 271.425089][T10586] team0: Port device team_slave_0 added [ 271.434565][T10643] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 271.444039][ T5843] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 271.459190][T10643] F2FS-fs (loop5): Start checkpoint disabled! [ 271.470003][ T5843] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 271.485047][T10586] team0: Port device team_slave_1 added [ 271.502388][T10643] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0 [ 271.513057][ T5843] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.531695][ T5843] usb 5-1: Product: syz [ 271.535975][T10643] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 271.551358][ T5843] usb 5-1: Manufacturer: syz [ 271.554950][ T5852] Bluetooth: hci2: command tx timeout [ 271.563465][ T5843] usb 5-1: SerialNumber: syz [ 271.589627][ C1] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 271.599227][T10586] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 271.627701][T10586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 271.654457][ T5843] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:155.0/input/input13 [ 271.729674][T10688] syz.5.1540: attempt to access beyond end of device [ 271.729674][T10688] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 271.731814][T10586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 271.784986][T10586] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 271.808606][T10586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 271.846597][ T5843] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 271.869750][T10688] syz.5.1540: attempt to access beyond end of device [ 271.869750][T10688] loop5: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 271.869931][ T5843] (id 0x00) [ 271.894512][T10586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 272.042390][ T5843] rc_core: IR keymap rc-imon-pad not found [ 272.048859][ T6271] kworker/u8:11: attempt to access beyond end of device [ 272.048859][ T6271] loop5: rw=2049, sector=45120, nr_sectors = 8 limit=40427 [ 272.069342][ T5843] Registered IR keymap rc-empty [ 272.085035][ T5843] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 272.106635][T10586] hsr_slave_0: entered promiscuous mode [ 272.116874][ T6271] CPU: 0 UID: 0 PID: 6271 Comm: kworker/u8:11 Tainted: G L syzkaller #0 PREEMPT(full) [ 272.116901][ T6271] Tainted: [L]=SOFTLOCKUP [ 272.116907][ T6271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 272.116916][ T6271] Workqueue: writeback wb_workfn (flush-7:5) [ 272.116942][ T6271] Call Trace: [ 272.116948][ T6271] [ 272.116957][ T6271] dump_stack_lvl+0xe8/0x150 [ 272.116982][ T6271] f2fs_handle_critical_error+0x37c/0x540 [ 272.117008][ T6271] f2fs_write_end_io+0x1274/0x1740 [ 272.117049][ T6271] __submit_merged_bio+0x256/0x700 [ 272.117075][ T6271] __submit_merged_write_cond+0x3c9/0x4e0 [ 272.117103][ T6271] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 272.117143][ T6271] f2fs_write_data_pages+0x287e/0x34f0 [ 272.117196][ T6271] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 272.117229][ T6271] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 272.117276][ T6271] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 272.117316][ T6271] ? __lock_acquire+0x6b5/0x2cf0 [ 272.117350][ T6271] ? __pfx_f2fs_inode_chksum_set+0x10/0x10 [ 272.117370][ T6271] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 272.117392][ T6271] do_writepages+0x32e/0x550 [ 272.117418][ T6271] ? reacquire_held_locks+0x104/0x190 [ 272.117433][ T6271] ? writeback_sb_inodes+0x477/0x1a20 [ 272.117458][ T6271] __writeback_single_inode+0x133/0x11a0 [ 272.117478][ T6271] ? do_raw_spin_unlock+0xf5/0x210 [ 272.117501][ T6271] writeback_sb_inodes+0x992/0x1a20 [ 272.117539][ T6271] ? __lock_acquire+0x6b5/0x2cf0 [ 272.117565][ T6271] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 272.117582][ T6271] ? do_raw_spin_lock+0x12b/0x2f0 [ 272.117636][ T6271] ? rcu_is_watching+0x15/0xb0 [ 272.117667][ T6271] wb_writeback+0x456/0xb70 [ 272.117689][ T6271] ? queue_io+0x211/0x4a0 [ 272.117716][ T6271] ? __pfx_wb_writeback+0x10/0x10 [ 272.117732][ T6271] ? do_raw_spin_lock+0x12b/0x2f0 [ 272.117766][ T6271] wb_workfn+0x414/0xf50 [ 272.117784][ T6271] ? look_up_lock_class+0x57/0x110 [ 272.117813][ T6271] ? __pfx_wb_workfn+0x10/0x10 [ 272.117834][ T6271] ? do_raw_spin_lock+0x12b/0x2f0 [ 272.117855][ T6271] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 272.117894][ T6271] ? process_one_work+0x8bb/0x1780 [ 272.117916][ T6271] process_one_work+0x9ab/0x1780 [ 272.117957][ T6271] ? __pfx_process_one_work+0x10/0x10 [ 272.117975][ T6271] ? do_raw_spin_lock+0x12b/0x2f0 [ 272.118009][ T6271] worker_thread+0xba8/0x11e0 [ 272.118036][ T6271] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 272.118054][ T6271] ? __kthread_parkme+0x7a/0x1f0 [ 272.118070][ T6271] ? __kthread_parkme+0x19c/0x1f0 [ 272.118092][ T6271] kthread+0x388/0x470 [ 272.118109][ T6271] ? __pfx_worker_thread+0x10/0x10 [ 272.118123][ T6271] ? __pfx_kthread+0x10/0x10 [ 272.118142][ T6271] ret_from_fork+0x51e/0xb90 [ 272.118165][ T6271] ? __pfx_ret_from_fork+0x10/0x10 [ 272.118184][ T6271] ? __switch_to+0xc7d/0x1450 [ 272.118207][ T6271] ? __pfx_kthread+0x10/0x10 [ 272.118227][ T6271] ret_from_fork_asm+0x1a/0x30 [ 272.118258][ T6271] [ 272.118274][ T6271] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 272.121459][ T5843] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 272.232990][T10586] hsr_slave_1: entered promiscuous mode [ 272.448155][T10586] debugfs: 'hsr0' already exists in 'hsr' [ 272.454105][T10586] Cannot create hsr debugfs directory [ 272.487075][ T5843] imon:send_packet: packet tx failed (-71) [ 272.512388][ T5843] imon 5-1:155.0: remote input dev register failed [ 272.543557][ T5843] imon 5-1:155.0: imon_init_intf0: rc device setup failed [ 273.148611][T10722] bond1: (slave lo): Releasing backup interface [ 273.174647][T10722] bond1: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 273.177123][ T5843] imon 5-1:155.0: unable to initialize intf0, err 0 [ 273.209815][T10722] bridge_slave_0: left allmulticast mode [ 273.229433][ T5843] imon:imon_probe: failed to initialize context! [ 273.233332][T10722] bridge_slave_0: left promiscuous mode [ 273.236027][T10729] tipc: Failed to remove unknown binding: 66,1,1/0:4104111530/4104111532 [ 273.250668][ T5843] imon 5-1:155.0: unable to register, err -19 [ 273.262565][T10722] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.276556][ T5843] usb 5-1: USB disconnect, device number 15 [ 273.329758][T10722] bridge_slave_1: left allmulticast mode [ 273.349654][T10722] bridge_slave_1: left promiscuous mode [ 273.377607][T10722] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.418200][T10722] team0: Port device team_slave_0 removed [ 273.452797][T10722] team0: Port device team_slave_1 removed [ 273.482347][T10722] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 273.525219][T10722] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 273.544281][T10722] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 273.621408][ T5852] Bluetooth: hci2: command tx timeout [ 274.175846][T10586] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 274.196069][T10586] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 274.210161][T10586] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 274.251710][T10586] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 274.353314][ T29] audit: type=1326 audit(1773776345.464:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10739 comm="syz.5.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce0d9c799 code=0x7fc00000 [ 274.619940][T10586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.709333][T10784] overlayfs: failed to clone upperpath [ 274.716079][T10586] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.738768][ T6271] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.745953][ T6271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.764072][ T5862] usb 6-1: new full-speed USB device number 12 using dummy_hcd [ 274.826593][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.833907][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.894047][ T29] audit: type=1800 audit(1773776345.994:56): pid=10789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1572" name="nullb0" dev="tmpfs" ino=670 res=0 errno=0 [ 274.943251][ T5862] usb 6-1: config 0 has an invalid interface number: 88 but max is 0 [ 274.968624][ T5862] usb 6-1: config 0 has no interface number 0 [ 275.018928][ T5862] usb 6-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=49.83 [ 275.046672][ T5862] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.073157][ T5862] usb 6-1: Product: syz [ 275.082997][ T5862] usb 6-1: Manufacturer: syz [ 275.094685][ T5862] usb 6-1: SerialNumber: syz [ 275.118371][ T5862] usb 6-1: config 0 descriptor?? [ 275.207513][T10803] fuse: Bad value for 'fd' [ 275.521913][T10586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.600948][ T5862] gspca_main: ALi m5602-2.14.0 probing 0402:5602 [ 275.625499][ T5862] gspca_m5602: Failed to find a sensor [ 275.638331][ T5862] ALi m5602 6-1:0.88: ALi m5602 webcam failed [ 275.666518][ T5862] usb 6-1: USB disconnect, device number 12 [ 275.702622][ T5852] Bluetooth: hci2: command tx timeout [ 276.052871][T10830] loop4: detected capacity change from 0 to 764 [ 276.188896][T10586] veth0_vlan: entered promiscuous mode [ 276.244945][T10586] veth1_vlan: entered promiscuous mode [ 276.324923][T10830] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 276.356404][T10586] veth0_macvtap: entered promiscuous mode [ 276.376222][T10586] veth1_macvtap: entered promiscuous mode [ 276.447257][T10586] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 276.505974][T10586] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 276.536490][ T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.566181][ T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.604921][ T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.627288][ T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.985391][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.026026][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.140336][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.171516][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.617196][T10875] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 277.625387][T10875] overlayfs: failed to set xattr on upper [ 277.655647][T10875] overlayfs: ...falling back to index=off. [ 277.675832][T10875] overlayfs: ...falling back to uuid=null. [ 277.715039][T10879] loop7: detected capacity change from 0 to 128 [ 277.766616][T10879] zonefs (loop7) ERROR: Not a zoned block device [ 277.832759][T10879] IPv4: Oversized IP packet from 172.20.20.24 [ 277.843339][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 277.850291][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 277.931771][ T5862] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 278.112610][ T5862] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 278.136695][ T5862] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 278.171320][ T5862] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 278.197845][ T5862] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 278.256241][ T5862] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 278.273646][ T5862] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 278.283020][ T5862] usb 6-1: Product: syz [ 278.287240][ T5862] usb 6-1: Manufacturer: syz [ 278.329777][ T5862] cdc_wdm 6-1:1.0: skipping garbage [ 278.335358][ T5862] cdc_wdm 6-1:1.0: skipping garbage [ 278.391982][ T5862] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 278.397960][ T5862] cdc_wdm 6-1:1.0: Unknown control protocol [ 278.590587][ T5862] usb 6-1: USB disconnect, device number 13 [ 278.844066][T10896] netlink: 'syz.2.1600': attribute type 1 has an invalid length. [ 278.900510][T10896] bond0: entered promiscuous mode [ 278.927371][T10896] bond0: entered allmulticast mode [ 278.938767][T10896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 279.092543][T10900] erspan1: entered allmulticast mode [ 279.129567][T10900] bond0: (slave erspan1): making interface the new active one [ 279.185254][T10900] erspan1: entered promiscuous mode [ 279.250978][T10900] bond0: (slave erspan1): Enslaving as an active interface with an up link [ 279.382612][ T5907] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 279.560335][ T5907] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 279.573003][ T5907] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 279.616534][ T5907] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 279.627385][ T5907] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.642118][ T5907] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 279.653215][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 279.661678][ T5907] usb 6-1: Product: syz [ 279.666284][ T5907] usb 6-1: Manufacturer: syz [ 279.676696][ T5907] cdc_wdm 6-1:1.0: skipping garbage [ 279.687576][ T5907] cdc_wdm 6-1:1.0: skipping garbage [ 279.720204][ T5907] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 279.741010][ T5907] cdc_wdm 6-1:1.0: Unknown control protocol [ 280.995942][ T5907] usb 6-1: USB disconnect, device number 14 [ 282.607024][T10964] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1625'. [ 282.690719][T10964] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1625'. [ 282.691805][ T1179] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 282.737455][ T1179] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 282.871169][T10966] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.878990][T10966] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.071095][T10966] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.081391][ T810] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 283.117930][T10966] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.272278][ T810] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 283.321042][ T810] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 283.342767][ T810] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 283.365102][ T810] usb 8-1: Product: syz [ 283.369404][ T810] usb 8-1: Manufacturer: syz [ 283.374748][ T810] usb 8-1: SerialNumber: syz [ 283.456373][ T1179] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.468842][ T1179] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.510501][ T1179] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 283.557151][ T1179] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.585140][ T1179] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 283.638770][ T1179] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.663980][ T810] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 283.678788][ T1179] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 283.693377][T11003] netlink: 'syz.4.1634': attribute type 1 has an invalid length. [ 283.720772][ T1179] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.866004][T11003] 8021q: adding VLAN 0 to HW filter on device bond2 [ 283.944217][T11006] bond2: (slave dummy0): making interface the new active one [ 283.962270][T11006] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 283.984864][ T1179] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 283.996432][ T1179] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.271319][ T810] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 284.421439][ T810] usb 6-1: Using ep0 maxpacket: 32 [ 284.428773][ T810] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 284.440650][ T810] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 284.451732][ T810] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 284.460806][ T810] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.471659][ T810] usb 6-1: config 0 descriptor?? [ 284.485902][ T810] hub 6-1:0.0: USB hub found [ 284.682353][ T810] hub 6-1:0.0: 6 ports detected [ 284.687971][ T810] hub 6-1:0.0: insufficient power available to use all downstream ports [ 285.384714][ C1] usblp0: nonzero write bulk status received: -71 [ 285.393744][ T5927] usb 8-1: USB disconnect, device number 2 [ 285.429384][ T5927] usblp0: removed [ 285.795664][ T810] hub 6-1:0.0: hub_hub_status failed (err = -32) [ 285.809541][ T810] hub 6-1:0.0: config failed, can't get hub status (err -32) [ 285.844786][ T810] usbhid 6-1:0.0: can't add hid device: -32 [ 285.881477][ T810] usbhid 6-1:0.0: probe with driver usbhid failed with error -32 [ 285.961056][T11067] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1660'. [ 286.025988][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 286.026060][ T5848] Bluetooth: hci5: command 0x1003 tx timeout [ 286.614557][T11086] fuse: fd is not a fuse device [ 286.721860][ T6008] usb 6-1: USB disconnect, device number 15 [ 287.576018][T11128] loop7: detected capacity change from 0 to 512 [ 287.592189][T11126] overlayfs: failed to clone upperpath [ 287.681884][ T6008] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 287.699085][T11128] EXT4-fs (loop7): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 287.874774][ T6008] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.952882][ T6008] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 287.980553][ T6008] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 288.007213][ T6008] usb 6-1: Product: syz [ 288.023413][ T6008] usb 6-1: SerialNumber: syz [ 288.170597][T11128] EXT4-fs error (device loop7): ext4_quota_enable:7188: comm syz.7.1683: Bad quota inum: 2, type: 1 [ 288.217103][T11128] EXT4-fs warning (device loop7): ext4_enable_quotas:7236: Failed to enable quota tracking (type=1, err=-117, ino=2). Please run e2fsck to fix. [ 288.287231][T11146] EXT4-fs (loop7): warning: mounting unchecked fs, running e2fsck is recommended [ 288.374401][T11146] EXT4-fs error (device loop7): ext4_quota_enable:7188: comm syz.7.1683: Bad quota inum: 2, type: 1 [ 288.410860][T11146] EXT4-fs warning (device loop7): ext4_enable_quotas:7236: Failed to enable quota tracking (type=1, err=-117, ino=2). Please run e2fsck to fix. [ 288.639504][T10586] EXT4-fs (loop7): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 289.073257][ T6008] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 289.107940][ T6008] cdc_ncm 6-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 289.121771][ T6008] cdc_ncm 6-1:1.0: setting rx_max = 2048 [ 289.361667][ T6007] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 289.409825][ T6008] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 289.522025][ T6008] usb 6-1: USB disconnect, device number 16 [ 289.531624][ T6007] usb 8-1: Using ep0 maxpacket: 16 [ 289.553787][ T6008] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP) [ 289.573639][ T6007] usb 8-1: config 0 has an invalid interface number: 105 but max is 0 [ 289.595795][ T6007] usb 8-1: config 0 has an invalid descriptor of length 229, skipping remainder of the config [ 289.619663][ T6007] usb 8-1: config 0 has no interface number 0 [ 289.647080][ T6007] usb 8-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 289.669680][ T6007] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.688176][ T6007] usb 8-1: Product: syz [ 289.703524][ T6007] usb 8-1: Manufacturer: syz [ 289.708807][ T6007] usb 8-1: SerialNumber: syz [ 289.727889][ T6007] usb 8-1: config 0 descriptor?? [ 289.735817][T11206] overlayfs: failed to clone upperpath [ 289.758046][ T6007] uvcvideo 8-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 289.779906][ T6007] uvcvideo 8-1:0.105: No valid video chain found. [ 289.950551][T10983] usb 8-1: USB disconnect, device number 3 [ 290.631907][ T810] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 290.817507][ T810] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.869015][ T810] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.912328][ T810] usb 6-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 290.946088][ T810] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.007808][ T810] usb 6-1: config 0 descriptor?? [ 291.649736][ T810] hid-led 0003:27B8:01ED.0016: probe with driver hid-led failed with error -71 [ 291.722164][ T810] usb 6-1: USB disconnect, device number 17 [ 293.208889][T11301] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1725'. [ 293.271703][ T810] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 293.304693][T11274] loop5: detected capacity change from 0 to 32768 [ 293.340618][T11274] (syz.5.1717,11274,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 293.390932][T11274] (syz.5.1717,11274,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 293.446807][ T810] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.490105][T11274] JBD2: Ignoring recovery information on journal [ 293.496861][ T810] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 293.496911][ T810] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 293.496930][ T810] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.500910][ T810] usb 5-1: config 0 descriptor?? [ 293.646233][T11274] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 293.782003][ T5852] Bluetooth: hci1: command 0x0406 tx timeout [ 294.062345][T11323] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1728'. [ 294.082694][T11323] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1728'. [ 294.384449][ T810] hid-led 0003:27B8:01ED.0017: probe with driver hid-led failed with error -71 [ 294.450266][ T810] usb 5-1: USB disconnect, device number 16 [ 294.750048][ T7474] ocfs2: Unmounting device (7,5) on (node local) [ 294.969388][T11343] netlink: 180 bytes leftover after parsing attributes in process `syz.6.1737'. [ 294.979721][T11343] netlink: 'syz.6.1737': attribute type 2 has an invalid length. [ 294.990477][T11343] netlink: 'syz.6.1737': attribute type 1 has an invalid length. [ 295.855450][T11366] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1745'. [ 295.869301][T11366] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1745'. [ 295.879731][T11366] netlink: 'syz.6.1745': attribute type 6 has an invalid length. [ 295.912978][ T58] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.922120][T11366] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1745'. [ 295.941017][ T58] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.955176][T11366] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1745'. [ 295.965910][T11366] netlink: 'syz.6.1745': attribute type 6 has an invalid length. [ 295.974396][ T58] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.997282][ T58] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 296.111724][T11372] fuse: Bad value for 'fd' [ 296.168726][T11376] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 296.263470][ T29] audit: type=1800 audit(1773776367.374:57): pid=11380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1751" name="bus" dev="tmpfs" ino=964 res=0 errno=0 [ 296.602275][T11395] loop4: detected capacity change from 0 to 512 [ 296.623720][T11395] EXT4-fs: inline encryption not supported [ 296.645385][T11395] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 296.677341][T11395] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 296.693252][T11395] System zones: 1-12 [ 296.751594][T11395] EXT4-fs (loop4): 1 truncate cleaned up [ 296.807331][T11395] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 297.099817][ T5839] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.257715][T11419] loop7: detected capacity change from 0 to 128 [ 297.307487][T11419] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 297.344228][T11419] ext4 filesystem being mounted at /28/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 297.397323][ T29] audit: type=1326 audit(1773776368.504:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11421 comm="syz.4.1765" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3f9cb9c799 code=0x0 [ 297.449001][T11419] EXT4-fs error (device loop7): dx_make_map:1296: inode #2: block 18: comm syz.7.1767: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 297.524051][T11419] EXT4-fs error (device loop7) in do_split:2027: Corrupt filesystem [ 297.600438][T11437] fuse: Bad value for 'fd' [ 297.703370][T10586] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 297.722318][T11439] 8021q: VLANs not supported on lo [ 297.785427][T10983] IPVS: starting estimator thread 0... [ 297.881504][T11448] IPVS: nq: FWM 3 0x00000003 - no destination available [ 298.011331][T11442] IPVS: using max 35 ests per chain, 84000 per kthread [ 298.512785][ T810] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 298.682922][ T810] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 298.694968][ T810] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 298.706745][ T810] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 298.718327][ T810] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 298.765984][ T810] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 298.788865][ T810] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.809846][ T810] usb 5-1: config 0 descriptor?? [ 298.822019][T11461] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 299.239741][ T810] plantronics 0003:047F:FFFF.0018: reserved main item tag 0xd [ 299.351261][ T810] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 299.628063][T11478] loop5: detected capacity change from 0 to 32768 [ 299.723985][T11478] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 299.748480][T11478] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 299.809149][T11478] gfs2: fsid=syz:syz.0: journal 0 mapped with 9 extents in 0ms [ 299.834929][ T6008] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 299.856784][ T6008] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 299.950752][ T6008] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 93ms [ 299.958803][ T6008] gfs2: fsid=syz:syz.0: jid=0: Done [ 299.965684][T11478] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 300.060020][T11478] gfs2: fsid=syz:syz.0: found 1 quota changes [ 300.141534][ T7474] syz-executor: attempt to access beyond end of device [ 300.141534][ T7474] loop5: rw=8400897, sector=68719479080, nr_sectors = 8 limit=32768 [ 300.156557][ T7474] buffer_io_error: 11 callbacks suppressed [ 300.156573][ T7474] Buffer I/O error on dev loop5, logical block 8589934885, lost async page write [ 300.172797][ T7474] syz-executor: attempt to access beyond end of device [ 300.172797][ T7474] loop5: rw=8400897, sector=68719479336, nr_sectors = 8 limit=32768 [ 300.188608][ T7474] Buffer I/O error on dev loop5, logical block 8589934917, lost async page write [ 300.200109][ T7474] gfs2: fsid=syz:syz.0: fatal: I/O error - block = 8589934885, function = gfs2_ail1_start_one, file = fs/gfs2/log.c, line = 116 [ 300.213569][ T7474] CPU: 1 UID: 0 PID: 7474 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 300.213591][ T7474] Tainted: [L]=SOFTLOCKUP [ 300.213597][ T7474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 300.213604][ T7474] Call Trace: [ 300.213610][ T7474] [ 300.213617][ T7474] dump_stack_lvl+0xe8/0x150 [ 300.213643][ T7474] gfs2_withdraw+0xc3/0x1b0 [ 300.213661][ T7474] gfs2_ail1_flush+0x990/0xfd0 [ 300.213678][ T7474] ? finish_task_switch+0x4da/0xbe0 [ 300.213712][ T7474] ? __pfx_gfs2_ail1_flush+0x10/0x10 [ 300.213742][ T7474] empty_ail1_list+0x1b3/0x330 [ 300.213762][ T7474] ? __pfx_empty_ail1_list+0x10/0x10 [ 300.213817][ T7474] ? do_raw_spin_unlock+0xf5/0x210 [ 300.213842][ T7474] gfs2_log_flush+0x1e20/0x2510 [ 300.213875][ T7474] ? __pfx_gfs2_log_flush+0x10/0x10 [ 300.213898][ T7474] ? call_rcu+0x644/0x890 [ 300.213915][ T7474] ? lockdep_hardirqs_on+0x7a/0x110 [ 300.213938][ T7474] gfs2_kill_sb+0x5c/0x430 [ 300.213960][ T7474] deactivate_locked_super+0xbc/0x130 [ 300.213984][ T7474] cleanup_mnt+0x437/0x4d0 [ 300.214000][ T7474] ? _raw_spin_unlock_irq+0x23/0x50 [ 300.214020][ T7474] task_work_run+0x1d9/0x270 [ 300.214042][ T7474] ? __pfx_task_work_run+0x10/0x10 [ 300.214070][ T7474] exit_to_user_mode_loop+0xed/0x480 [ 300.214089][ T7474] ? rcu_is_watching+0x15/0xb0 [ 300.214108][ T7474] do_syscall_64+0x32d/0xf80 [ 300.214134][ T7474] ? trace_irq_disable+0x3b/0x150 [ 300.214150][ T7474] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.214165][ T7474] ? clear_bhb_loop+0x40/0x90 [ 300.214184][ T7474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.214199][ T7474] RIP: 0033:0x7f0ce0d9d9d7 [ 300.214215][ T7474] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 300.214228][ T7474] RSP: 002b:00007ffe9cebb5f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 300.214244][ T7474] RAX: 0000000000000000 RBX: 00007f0ce0e32050 RCX: 00007f0ce0d9d9d7 [ 300.214254][ T7474] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe9cebb6b0 [ 300.214264][ T7474] RBP: 00007ffe9cebb6b0 R08: 00007ffe9cebc6b0 R09: 00000000ffffffff [ 300.214274][ T7474] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe9cebc740 [ 300.214283][ T7474] R13: 00007f0ce0e32050 R14: 0000000000049435 R15: 00007ffe9cebc780 [ 300.214309][ T7474] [ 300.214315][ T7474] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 300.474595][ T7474] gfs2: fsid=syz:syz.0: gfs2_evict_inode: -5 [ 300.484246][ T7474] gfs2: fsid=syz:syz.0: gfs2_evict_inode: -5 [ 300.515963][ T7474] gfs2: fsid=syz:syz.0: gfs2_evict_inode: -5 [ 300.651379][ T810] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 300.812365][ T810] usb 8-1: Using ep0 maxpacket: 16 [ 300.820285][ T810] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 300.852274][ T810] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 300.873573][ T810] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 300.891287][ T810] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.905683][ T810] usb 8-1: Product: syz [ 300.920514][ T810] usb 8-1: Manufacturer: syz [ 300.925952][ T810] usb 8-1: SerialNumber: syz [ 300.939929][ T810] usb 8-1: config 0 descriptor?? [ 300.953053][ T810] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 300.962921][ T810] em28xx 8-1:0.0: Audio interface 0 found (Vendor Class) [ 301.325124][ T5927] usb 5-1: USB disconnect, device number 17 [ 301.575818][ T810] em28xx 8-1:0.0: unknown em28xx chip ID (0) [ 301.597242][ T810] em28xx 8-1:0.0: Config register raw data: 0x72 [ 301.609258][ T810] em28xx 8-1:0.0: I2S Audio (3 sample rate(s)) [ 301.622016][ T810] em28xx 8-1:0.0: No AC97 audio processor [ 302.211993][ T810] usb 8-1: USB disconnect, device number 4 [ 302.291323][ T5927] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 302.453356][ T5927] usb 5-1: Using ep0 maxpacket: 32 [ 302.460359][ T5927] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 302.469947][ T5927] usb 5-1: config 0 has no interface number 0 [ 302.477608][ T5927] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 302.499352][ T5927] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 302.511165][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.520546][ T5927] usb 5-1: Product: syz [ 302.529373][ T5927] usb 5-1: Manufacturer: syz [ 302.537633][ T5927] usb 5-1: SerialNumber: syz [ 302.557477][ T5927] usb 5-1: config 0 descriptor?? [ 302.578506][ T5927] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 302.592206][ T5927] em28xx 5-1:0.132: Video interface 132 found: [ 302.989850][ T5927] em28xx 5-1:0.132: chip ID is em2874 [ 303.361838][T11600] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1836'. [ 303.395140][T11600] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1836'. [ 303.440168][T11602] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1837'. [ 303.476418][ T35] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 303.485593][T11602] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1837'. [ 303.496433][ T35] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 303.519030][ T35] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 303.529489][ T35] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 303.605463][ T5927] em28xx 5-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 303.632797][ T5927] em28xx 5-1:0.132: board has no eeprom [ 303.704288][ T5927] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 303.713449][ T5927] em28xx 5-1:0.132: analog set to bulk mode. [ 303.719748][T10983] em28xx 5-1:0.132: Registering V4L2 extension [ 303.855581][ T810] usb 5-1: USB disconnect, device number 18 [ 303.862781][T10983] em28xx 5-1:0.132: failed to trigger read from i2c address 0x4a (error=-5) [ 303.876828][ T810] em28xx 5-1:0.132: Disconnecting em28xx [ 303.964171][T10983] usb 5-1: Decoder not found [ 303.970110][T10983] em28xx 5-1:0.132: failed to create media graph [ 303.977285][T10983] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 304.008628][T10983] em28xx 5-1:0.132: Remote control support is not available for this card. [ 304.018086][ T810] em28xx 5-1:0.132: Closing input extension [ 304.080530][ T810] em28xx 5-1:0.132: Freeing device [ 304.161630][ T6007] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 304.321358][ T6007] usb 8-1: Using ep0 maxpacket: 16 [ 304.328211][ T6007] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 304.339548][ T6007] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 304.352802][ T6007] usb 8-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 304.363389][ T6007] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.374305][ T6007] usb 8-1: config 0 descriptor?? [ 304.824550][ T6007] hid_parser_main: 7 callbacks suppressed [ 304.824570][ T6007] pantherlord 0003:0810:0002.0019: unknown main item tag 0x0 [ 304.838175][ T6007] pantherlord 0003:0810:0002.0019: unknown main item tag 0x0 [ 304.847975][ T6007] pantherlord 0003:0810:0002.0019: unknown main item tag 0x0 [ 304.856462][ T6007] pantherlord 0003:0810:0002.0019: unknown main item tag 0x0 [ 304.864300][ T6007] pantherlord 0003:0810:0002.0019: unknown main item tag 0x0 [ 304.872986][ T6007] pantherlord 0003:0810:0002.0019: unknown main item tag 0x0 [ 304.880501][ T6007] pantherlord 0003:0810:0002.0019: unknown main item tag 0x0 [ 304.889023][ T6007] pantherlord 0003:0810:0002.0019: unknown main item tag 0x0 [ 304.897150][ T6007] pantherlord 0003:0810:0002.0019: unknown main item tag 0x0 [ 304.905992][ T6007] pantherlord 0003:0810:0002.0019: unknown main item tag 0x0 [ 304.924248][ T6007] pantherlord 0003:0810:0002.0019: hidraw0: USB HID v0.08 Device [HID 0810:0002] on usb-dummy_hcd.7-1/input0 [ 304.942329][ T6007] pantherlord 0003:0810:0002.0019: no output reports found [ 305.025982][ T810] usb 8-1: USB disconnect, device number 5 [ 305.560134][ T6008] gfs2: fsid=syz:syz.0: file system withdrawn [ 306.089366][T11664] loop4: detected capacity change from 0 to 40427 [ 306.113853][T11664] F2FS-fs (loop4): invalid crc value [ 306.293300][T11664] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 306.303805][T11664] F2FS-fs (loop4): Start checkpoint disabled! [ 306.319148][T11664] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0 [ 306.327530][T11664] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 306.455904][T11693] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1872'. [ 306.547975][T11693] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1872'. [ 306.999383][ T35] kworker/u8:2: attempt to access beyond end of device [ 306.999383][ T35] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 307.052546][ T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 307.052572][ T35] Tainted: [L]=SOFTLOCKUP [ 307.052577][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 307.052587][ T35] Workqueue: writeback wb_workfn (flush-7:4) [ 307.052616][ T35] Call Trace: [ 307.052626][ T35] [ 307.052634][ T35] dump_stack_lvl+0xe8/0x150 [ 307.052659][ T35] f2fs_handle_critical_error+0x37c/0x540 [ 307.052681][ T35] f2fs_write_end_io+0x1274/0x1740 [ 307.052721][ T35] __submit_merged_bio+0x256/0x700 [ 307.052747][ T35] __submit_merged_write_cond+0x3c9/0x4e0 [ 307.052774][ T35] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 307.052813][ T35] f2fs_write_data_pages+0x287e/0x34f0 [ 307.052866][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 307.052956][ T35] ? __lock_acquire+0x6b5/0x2cf0 [ 307.052995][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 307.053017][ T35] do_writepages+0x32e/0x550 [ 307.053042][ T35] ? reacquire_held_locks+0x104/0x190 [ 307.053057][ T35] ? writeback_sb_inodes+0x477/0x1a20 [ 307.053083][ T35] __writeback_single_inode+0x133/0x11a0 [ 307.053103][ T35] ? do_raw_spin_unlock+0xf5/0x210 [ 307.053134][ T35] writeback_sb_inodes+0x992/0x1a20 [ 307.053180][ T35] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 307.053200][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 307.053249][ T35] ? rcu_is_watching+0x15/0xb0 [ 307.053271][ T35] wb_writeback+0x456/0xb70 [ 307.053293][ T35] ? queue_io+0x211/0x4a0 [ 307.053318][ T35] ? __pfx_wb_writeback+0x10/0x10 [ 307.053335][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 307.053368][ T35] wb_workfn+0x414/0xf50 [ 307.053386][ T35] ? look_up_lock_class+0x57/0x110 [ 307.053417][ T35] ? __pfx_wb_workfn+0x10/0x10 [ 307.053438][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 307.053458][ T35] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 307.053496][ T35] ? process_one_work+0x8bb/0x1780 [ 307.053516][ T35] process_one_work+0x9ab/0x1780 [ 307.053558][ T35] ? __pfx_process_one_work+0x10/0x10 [ 307.053577][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 307.053610][ T35] worker_thread+0xba8/0x11e0 [ 307.053649][ T35] kthread+0x388/0x470 [ 307.053668][ T35] ? __pfx_worker_thread+0x10/0x10 [ 307.053681][ T35] ? __pfx_kthread+0x10/0x10 [ 307.053701][ T35] ret_from_fork+0x51e/0xb90 [ 307.053724][ T35] ? __pfx_ret_from_fork+0x10/0x10 [ 307.053743][ T35] ? __switch_to+0xc7d/0x1450 [ 307.053766][ T35] ? __pfx_kthread+0x10/0x10 [ 307.053786][ T35] ret_from_fork_asm+0x1a/0x30 [ 307.053817][ T35] [ 307.060055][ T35] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 307.324382][ T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 307.324409][ T35] Tainted: [L]=SOFTLOCKUP [ 307.324414][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 307.324422][ T35] Workqueue: writeback wb_workfn (flush-7:4) [ 307.324446][ T35] Call Trace: [ 307.324452][ T35] [ 307.324459][ T35] dump_stack_lvl+0xe8/0x150 [ 307.324484][ T35] f2fs_handle_critical_error+0x37c/0x540 [ 307.324509][ T35] f2fs_write_end_io+0x1274/0x1740 [ 307.324547][ T35] __submit_merged_bio+0x256/0x700 [ 307.324571][ T35] __submit_merged_write_cond+0x3c9/0x4e0 [ 307.324599][ T35] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 307.324642][ T35] f2fs_write_data_pages+0x287e/0x34f0 [ 307.324689][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 307.324765][ T35] ? __lock_acquire+0x6b5/0x2cf0 [ 307.324802][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 307.324819][ T35] do_writepages+0x32e/0x550 [ 307.324841][ T35] ? reacquire_held_locks+0x104/0x190 [ 307.324854][ T35] ? writeback_sb_inodes+0x477/0x1a20 [ 307.324874][ T35] __writeback_single_inode+0x133/0x11a0 [ 307.324890][ T35] ? do_raw_spin_unlock+0xf5/0x210 [ 307.324916][ T35] writeback_sb_inodes+0x992/0x1a20 [ 307.324954][ T35] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 307.324968][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 307.325017][ T35] ? rcu_is_watching+0x15/0xb0 [ 307.325038][ T35] wb_writeback+0x456/0xb70 [ 307.325055][ T35] ? queue_io+0x211/0x4a0 [ 307.325077][ T35] ? __pfx_wb_writeback+0x10/0x10 [ 307.325090][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 307.325117][ T35] wb_workfn+0x414/0xf50 [ 307.325131][ T35] ? look_up_lock_class+0x57/0x110 [ 307.325157][ T35] ? __pfx_wb_workfn+0x10/0x10 [ 307.325172][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 307.325189][ T35] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 307.325221][ T35] ? process_one_work+0x8bb/0x1780 [ 307.325237][ T35] process_one_work+0x9ab/0x1780 [ 307.325271][ T35] ? __pfx_process_one_work+0x10/0x10 [ 307.325286][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 307.325313][ T35] worker_thread+0xba8/0x11e0 [ 307.325346][ T35] kthread+0x388/0x470 [ 307.325360][ T35] ? __pfx_worker_thread+0x10/0x10 [ 307.325370][ T35] ? __pfx_kthread+0x10/0x10 [ 307.325385][ T35] ret_from_fork+0x51e/0xb90 [ 307.325409][ T35] ? __pfx_ret_from_fork+0x10/0x10 [ 307.325426][ T35] ? __switch_to+0xc7d/0x1450 [ 307.325449][ T35] ? __pfx_kthread+0x10/0x10 [ 307.325464][ T35] ret_from_fork_asm+0x1a/0x30 [ 307.325490][ T35] [ 307.325688][T11707] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1878'. [ 307.325696][ T35] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 307.342307][T11707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1878'. [ 307.821020][T11717] fuse: fd is not a fuse device [ 308.092835][T11727] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1885'. [ 308.216373][T11729] loop7: detected capacity change from 0 to 4096 [ 308.294888][T11729] EXT4-fs (loop7): Test dummy encryption mode enabled [ 308.347530][T11729] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0103] [ 308.418964][T11729] System zones: 0-5 [ 308.470868][T11729] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 308.685557][T10586] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 308.931567][ T6007] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 309.103367][ T6007] usb 6-1: Using ep0 maxpacket: 32 [ 309.134588][ T6007] usb 6-1: config 0 has an invalid interface number: 85 but max is 0 [ 309.155182][ T6007] usb 6-1: config 0 has no interface number 0 [ 309.173192][ T6007] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 309.217349][ T6007] usb 6-1: config 0 interface 85 has no altsetting 0 [ 309.239998][ T6007] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 309.266636][ T6007] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.299362][ T6007] usb 6-1: Product: syz [ 309.304637][ T6007] usb 6-1: Manufacturer: syz [ 309.321265][ T6007] usb 6-1: SerialNumber: syz [ 309.328468][ T6007] usb 6-1: config 0 descriptor?? [ 309.344182][T11773] fuse: fd is not a fuse device [ 309.745532][T11787] netlink: 'syz.7.1905': attribute type 13 has an invalid length. [ 309.972277][ T6007] appletouch 6-1:0.85: Geyser mode initialized. [ 310.005568][ T6007] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input16 [ 310.140551][T11799] sock: sock_set_timeout: `syz.4.1907' (pid 11799) tries to set negative timeout [ 310.183392][ T810] usb 6-1: USB disconnect, device number 18 [ 310.339254][ T810] appletouch 6-1:0.85: input: appletouch disconnected [ 311.285856][T11817] loop7: detected capacity change from 0 to 40427 [ 311.302360][T11817] f2fs: Bad value for 'resgid' [ 311.307427][T11817] f2fs: Bad value for 'resgid' [ 311.440589][T11836] batadv_slave_1: entered promiscuous mode [ 311.478341][T11836] syz_tun: entered promiscuous mode [ 311.497338][T11835] syz_tun: left promiscuous mode [ 311.506939][T11835] batadv_slave_1: left promiscuous mode [ 311.551354][ T810] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 311.594289][T11840] overlay: filesystem on ./file1 not supported [ 311.728097][ T810] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 311.749089][ T810] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 311.774640][ T810] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 311.787013][ T810] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 311.797407][ T810] usb 8-1: SerialNumber: syz [ 312.069097][ T810] usb 8-1: 0:2 : does not exist [ 312.232545][ T810] usb 8-1: USB disconnect, device number 6 [ 312.380792][T11868] loop5: detected capacity change from 0 to 1024 [ 313.025023][T11885] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.032796][T11885] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.861171][T11885] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 313.947732][T11885] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.398730][ T58] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.433805][ T58] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.569341][ T58] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.583224][T11920] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.1952'. [ 314.609318][ T58] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.845405][T11927] netlink: 'syz.4.1954': attribute type 1 has an invalid length. [ 314.850350][T11926] netlink: 344 bytes leftover after parsing attributes in process `syz.2.1953'. [ 314.854336][T11927] netlink: 'syz.4.1954': attribute type 4 has an invalid length. [ 314.881599][T11927] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1954'. [ 315.526031][T11953] loop5: detected capacity change from 0 to 128 [ 315.554257][T11953] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 315.580532][ T29] audit: type=1326 audit(1773776386.684:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11954 comm="syz.6.1967" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5388f9c799 code=0x0 [ 315.599479][T11953] hpfs: filesystem error: improperly stopped [ 315.625745][T11953] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 315.639100][T11953] hpfs: You really don't want any checks? You are crazy... [ 315.647772][T11953] hpfs: Code page index out of array [ 315.654067][T11953] hpfs: code page support is disabled [ 315.659602][T11953] hpfs: hpfs_map_4sectors(): unaligned read [ 315.665878][T11953] hpfs: hpfs_map_4sectors(): unaligned read [ 315.672258][T11953] hpfs: filesystem error: unable to find root dir [ 315.705321][T11960] loop4: detected capacity change from 0 to 128 [ 315.753080][T11960] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 315.802089][T11960] ext4 filesystem being mounted at /348/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 315.884785][T11960] fscrypt: AES-128-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 316.068445][T11960] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-lib)" [ 316.118288][T11978] loop7: detected capacity change from 0 to 64 [ 316.163527][ T5839] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 316.348409][ T29] audit: type=1804 audit(1773776387.454:60): pid=11978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.1975" name="/newroot/54/bus/file1" dev="loop7" ino=22 res=1 errno=0 [ 316.405437][T11988] xt_hashlimit: size too large, truncated to 1048576 [ 316.703886][ T809] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 316.861291][ T809] usb 8-1: Using ep0 maxpacket: 8 [ 316.872954][ T809] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 316.889633][ T809] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 316.905513][ T809] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x69, changing to 0x9 [ 316.919295][ T809] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x9 has invalid maxpacket 12645, setting to 64 [ 316.938816][ T809] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 316.986311][ T809] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.062876][ T809] hub 8-1:1.0: bad descriptor, ignoring hub [ 317.081558][ T809] hub 8-1:1.0: probe with driver hub failed with error -5 [ 317.106009][ T809] cdc_wdm 8-1:1.0: skipping garbage [ 317.115836][ T809] cdc_wdm 8-1:1.0: skipping garbage [ 317.122728][ T809] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 317.231031][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.235061][T12017] overlayfs: failed to clone upperpath [ 317.255421][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.381696][ T809] usb 8-1: USB disconnect, device number 7 [ 317.613811][T12028] kvm: kvm [12027]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x2000000 [ 318.990997][T12071] lo: Caught tx_queue_len zero misconfig [ 319.043438][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 319.056664][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 319.080471][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 319.102477][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 319.139745][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 319.319073][T12082] ipvlan2: entered promiscuous mode [ 319.324705][T12082] ipvlan2: entered allmulticast mode [ 319.330030][T12082] gretap0: entered allmulticast mode [ 319.337975][T12082] team0: Device ipvlan2 failed to register rx_handler [ 319.434350][T12084] syzkaller1: entered promiscuous mode [ 319.449291][T12084] syzkaller1: entered allmulticast mode [ 320.095223][ T1152] bridge_slave_1: left allmulticast mode [ 320.108302][ T1152] bridge_slave_1: left promiscuous mode [ 320.132320][ T1152] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.154211][ T1152] bridge_slave_0: left allmulticast mode [ 320.168228][ T1152] bridge_slave_0: left promiscuous mode [ 320.188464][ T1152] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.511762][ T1152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 320.524903][ T1152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 320.534370][ T1152] bond0 (unregistering): Released all slaves [ 320.572931][T12074] chnl_net:caif_netlink_parms(): no params data found [ 320.936129][ T810] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 321.020220][T12074] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.069135][T12074] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.096370][T12074] bridge_slave_0: entered allmulticast mode [ 321.110087][T12074] bridge_slave_0: entered promiscuous mode [ 321.116590][ T810] usb 5-1: Using ep0 maxpacket: 16 [ 321.124068][ T810] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 321.143928][ T810] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 321.180967][T12074] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.197503][T12074] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.208664][ T810] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 321.221560][ T5852] Bluetooth: hci2: command tx timeout [ 321.242395][T12074] bridge_slave_1: entered allmulticast mode [ 321.249657][ T810] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 321.264770][T12074] bridge_slave_1: entered promiscuous mode [ 321.272445][ T810] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 321.292816][ T810] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 321.303040][ T810] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 321.312089][ T810] usb 5-1: Manufacturer: syz [ 321.328981][ T810] usb 5-1: config 0 descriptor?? [ 321.419493][ T1152] hsr_slave_0: left promiscuous mode [ 321.435316][ T1152] hsr_slave_1: left promiscuous mode [ 321.452324][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 321.470980][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 321.641482][ T810] rc_core: IR keymap rc-hauppauge not found [ 321.647566][ T810] Registered IR keymap rc-empty [ 321.653804][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 321.681803][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 321.705831][ T810] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 321.727858][ T810] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input17 [ 321.774627][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 321.820582][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 321.853007][ T5927] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 321.861005][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 321.901547][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 321.911541][ T1152] team0 (unregistering): Port device team_slave_1 removed [ 321.936786][ T1152] team0 (unregistering): Port device team_slave_0 removed [ 321.944747][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 321.971719][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 322.001333][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 322.031270][ T5927] usb 6-1: Using ep0 maxpacket: 32 [ 322.036568][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 322.049510][ T5927] usb 6-1: config 0 has an invalid interface number: 188 but max is 0 [ 322.068041][ T5927] usb 6-1: config 0 has no interface number 0 [ 322.078256][ T5927] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 322.091505][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 322.111305][ T5927] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 322.126135][ T810] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 322.133713][ T5927] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.151318][ T5927] usb 6-1: Product: syz [ 322.167397][ T5927] usb 6-1: Manufacturer: syz [ 322.182812][ T5927] usb 6-1: SerialNumber: syz [ 322.188287][ T810] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 322.207743][ T5927] usb 6-1: config 0 descriptor?? [ 322.216688][ T810] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 322.228742][T12155] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 322.272738][ T810] usb 5-1: USB disconnect, device number 19 [ 322.473766][T12155] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 322.570484][T12074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 322.619486][T12074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 322.854439][T12074] team0: Port device team_slave_0 added [ 322.890905][T12074] team0: Port device team_slave_1 added [ 323.021655][ T810] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 323.026606][T12074] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 323.091346][T12074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 323.139446][T12074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 323.181369][ T810] usb 5-1: Using ep0 maxpacket: 16 [ 323.189876][T12074] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 323.207640][ T810] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 323.227745][T12074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 323.241327][ T810] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 323.308564][T12074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 323.311832][ T5852] Bluetooth: hci2: command tx timeout [ 323.329044][ T810] usb 5-1: config 0 interface 0 has no altsetting 0 [ 323.346231][ T810] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 323.366446][ T810] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.379487][ T810] usb 5-1: config 0 descriptor?? [ 323.643667][T12074] hsr_slave_0: entered promiscuous mode [ 323.662474][T12074] hsr_slave_1: entered promiscuous mode [ 323.682402][T12074] debugfs: 'hsr0' already exists in 'hsr' [ 323.688234][T12074] Cannot create hsr debugfs directory [ 323.731736][ T5927] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 323.753683][ T5927] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 323.812304][ T5927] asix 6-1:0.188: probe with driver asix failed with error -71 [ 323.855368][ T5927] usb 6-1: USB disconnect, device number 19 [ 324.052228][ T810] usb 5-1: USB disconnect, device number 20 [ 324.338766][T12223] tipc: Enabling of bearer rejected, failed to enable media [ 324.618337][T12238] xt_hashlimit: size too large, truncated to 1048576 [ 324.850670][T12251] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2063'. [ 325.044177][T12260] loop4: detected capacity change from 0 to 128 [ 325.330016][T12271] fuse: Bad value for 'fd' [ 325.338312][T12265] kvm: Disabled LAPIC found during irq injection [ 325.381394][ T5852] Bluetooth: hci2: command tx timeout [ 325.414541][T12074] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 325.466585][T12074] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 325.538807][T12074] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 325.595519][T12074] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 325.937830][T12074] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.056256][T12074] 8021q: adding VLAN 0 to HW filter on device team0 [ 326.122594][ T1179] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.129890][ T1179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.197166][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.204499][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 327.090576][T12074] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 327.471361][ T5852] Bluetooth: hci2: command tx timeout [ 327.672298][ T810] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 327.843779][ T810] usb 5-1: Using ep0 maxpacket: 8 [ 327.868535][ T810] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 327.894262][ T810] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 327.944408][ T810] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 327.996817][ T810] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 328.043983][ T810] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 328.084268][ T810] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 328.112444][T12074] veth0_vlan: entered promiscuous mode [ 328.124441][ T810] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 328.162419][T12074] veth1_vlan: entered promiscuous mode [ 328.166791][ T810] usb 5-1: config 168 interface 0 has no altsetting 0 [ 328.204565][ T810] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 328.224145][ T810] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 328.257373][ T810] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 328.286952][ T810] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 328.319331][ T810] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 328.333356][ T810] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 328.347994][ T810] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 328.387453][ T810] usb 5-1: config 168 interface 0 has no altsetting 0 [ 328.402509][ T810] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 328.410161][ T810] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 328.425285][T12074] veth0_macvtap: entered promiscuous mode [ 328.439766][ T810] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 328.480310][ T810] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 328.499837][T12074] veth1_macvtap: entered promiscuous mode [ 328.527367][ T810] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 328.558401][ T810] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 328.606739][ T810] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 328.621098][T12074] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 328.654989][T12074] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 328.674702][ T810] usb 5-1: config 168 interface 0 has no altsetting 0 [ 328.705374][ T810] usb 5-1: string descriptor 0 read error: -22 [ 328.715570][ T810] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 328.726120][ T1152] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.735763][ T1152] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.748507][ T810] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.764386][ T1152] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.782785][ T810] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 328.798183][ T1152] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.036818][T12361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 329.049938][T12361] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 329.090478][ T6271] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 329.118125][ T6271] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 329.138179][T12400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 329.177829][T12400] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 329.207577][ T6271] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 329.223946][ T6271] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 329.297008][ T5927] usb 5-1: USB disconnect, device number 21 [ 331.051382][ T5862] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 331.231362][ T5862] usb 5-1: Using ep0 maxpacket: 16 [ 331.260625][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 331.292321][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 331.322251][ T5862] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 331.348860][ T5862] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 331.368806][ T5862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.395524][ T5862] usb 5-1: config 0 descriptor?? [ 331.820091][T12460] netlink: 212340 bytes leftover after parsing attributes in process `syz.5.2129'. [ 331.832848][T12461] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 331.848143][T12460] netlink: Unknown conntrack attr (type=47, max=9) [ 331.864097][ T5862] hid_parser_main: 28 callbacks suppressed [ 331.864120][ T5862] shield 0003:0955:7214.001B: unknown main item tag 0x0 [ 331.886580][ T5862] shield 0003:0955:7214.001B: unknown main item tag 0x0 [ 331.894208][ T5862] shield 0003:0955:7214.001B: unknown main item tag 0x0 [ 331.924180][ T5862] shield 0003:0955:7214.001B: unknown main item tag 0x0 [ 331.954527][ T5862] shield 0003:0955:7214.001B: unknown main item tag 0x0 [ 332.005073][ T5862] input: HID 0955:7214 Haptics as /devices/virtual/input/input18 [ 332.058033][T12449] random: crng reseeded on system resumption [ 332.077813][T12463] loop5: detected capacity change from 0 to 512 [ 332.300625][T12463] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2131: invalid indirect mapped block 256 (level 2) [ 332.344002][T12463] loop5: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 332.354299][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 332.370017][ C1] EXT4-fs (loop5): initial error at time 1773776403: ext4_free_branches:1023: inode 11 [ 332.379739][ C1] EXT4-fs (loop5): last error at time 1773776403: ext4_free_branches:1023: inode 11 [ 332.394703][T12463] EXT4-fs (loop5): 2 truncates cleaned up [ 332.486031][T12463] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 332.561016][ T29] audit: type=1800 audit(1773776403.664:61): pid=12463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2131" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 332.590606][T12463] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.2131: bg 0: block 5: invalid block bitmap [ 332.625001][T12463] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 28 [ 332.637317][T12463] EXT4-fs (loop5): This should not happen!! Data will be lost [ 332.637317][T12463] [ 332.647942][T12463] EXT4-fs (loop5): Total free blocks count 0 [ 332.654087][T12463] EXT4-fs (loop5): Free/Dirty block details [ 332.660025][T12463] EXT4-fs (loop5): free_blocks=0 [ 332.665224][T12463] EXT4-fs (loop5): dirty_blocks=4 [ 332.670270][T12463] EXT4-fs (loop5): Block reservation details [ 332.676310][T12463] EXT4-fs (loop5): i_reserved_data_blocks=4 [ 332.777311][ T5862] shield 0003:0955:7214.001B: Registered Thunderstrike controller [ 332.803068][ T5862] shield 0003:0955:7214.001B: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 332.844127][ T7474] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.925802][ T5862] usb 5-1: USB disconnect, device number 22 [ 332.943642][ T810] shield 0003:0955:7214.001B: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 333.045601][ T810] shield 0003:0955:7214.001B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 333.095189][ T810] shield 0003:0955:7214.001B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 333.126096][ T810] shield 0003:0955:7214.001B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 333.330586][T12488] lo speed is unknown, defaulting to 1000 [ 333.349878][T12488] lo speed is unknown, defaulting to 1000 [ 333.384396][T12488] lo speed is unknown, defaulting to 1000 [ 333.910094][T12488] infiniband sqz0: set down [ 333.933164][T12488] infiniband sqz0: added lo [ 333.980986][ T810] lo speed is unknown, defaulting to 1000 [ 334.142150][T12488] smbdirect: ib_dev[sqz0]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000 [ 334.242544][T12488] smbdirect: ib_dev[sqz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32 [ 334.256663][T12501] ipvlan2: entered promiscuous mode [ 334.267130][T12501] ipvlan2: entered allmulticast mode [ 334.277277][T12501] gretap0: entered allmulticast mode [ 334.288129][T12501] team0: Device ipvlan2 failed to register rx_handler [ 334.325839][T12488] smbdirect: ib_dev[sqz0]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005 [ 334.382738][T12504] loop4: detected capacity change from 0 to 256 [ 334.444155][T12504] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x1d73664b, utbl_chksum : 0xe619d30d) [ 334.624946][T12488] RDS/IB: sqz0: added [ 334.664520][T12488] smc: adding ib device sqz0 with port count 1 [ 334.679797][T12488] smc: ib device sqz0 port 1 has no pnetid [ 334.698953][ T5862] lo speed is unknown, defaulting to 1000 [ 334.912289][T12488] lo speed is unknown, defaulting to 1000 [ 334.993898][ T6008] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 335.154788][ T6008] usb 5-1: Using ep0 maxpacket: 32 [ 335.170843][ T6008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 335.203504][ T6008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 335.221653][ T6008] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 335.268928][ T6008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.291335][ T6008] usb 5-1: config 0 descriptor?? [ 335.328387][ T6008] hub 5-1:0.0: USB hub found [ 335.521422][ T6008] hub 5-1:0.0: 1 port detected [ 335.890071][T12488] lo speed is unknown, defaulting to 1000 [ 336.163724][ T6008] hub 5-1:0.0: activate --> -90 [ 336.390786][T12575] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2159'. [ 336.582630][T12488] lo speed is unknown, defaulting to 1000 [ 336.778624][ T809] usb 5-1: USB disconnect, device number 23 [ 336.788130][ T6008] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 336.835019][ T6008] usb 5-1-port1: attempt power cycle [ 336.995679][T12488] lo speed is unknown, defaulting to 1000 [ 337.142910][T12599] xt_connbytes: Forcing CT accounting to be enabled [ 337.632576][T12606] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI [ 337.644513][T12606] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 337.652943][T12606] CPU: 1 UID: 0 PID: 12606 Comm: syz.4.2170 Tainted: G L syzkaller #0 PREEMPT(full) [ 337.663977][T12606] Tainted: [L]=SOFTLOCKUP [ 337.664389][T12488] lo speed is unknown, defaulting to 1000 [ 337.668295][T12606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 337.668308][T12606] RIP: 0010:do_dentry_open+0xaf/0x14e0 [ 337.668333][T12606] Code: 44 24 28 80 3c 28 00 74 08 4c 89 ff e8 ba 5b ef ff 4c 89 7c 24 20 4d 89 27 4d 8d 7c 24 30 4c 89 f8 48 c1 e8 03 48 89 44 24 58 <80> 3c 28 00 74 08 4c 89 ff e8 a3 5a ef ff 4c 89 7c 24 60 4d 8b 3f [ 337.668348][T12606] RSP: 0018:ffffc90005e1f638 EFLAGS: 00010206 [ 337.715382][T12606] RAX: 0000000000000006 RBX: ffff8880543687e0 RCX: 0000000000000000 [ 337.723363][T12606] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000ffffffff [ 337.731454][T12606] RBP: dffffc0000000000 R08: ffff8880574a33d3 R09: 1ffff1100ae9467a [ 337.739423][T12606] R10: dffffc0000000000 R11: ffffed100ae9467b R12: 0000000000000000 [ 337.747383][T12606] R13: 1ffff1100a86d10d R14: ffff888054368868 R15: 0000000000000030 [ 337.755343][T12606] FS: 00007f3f9da786c0(0000) GS:ffff888125535000(0000) knlGS:0000000000000000 [ 337.764261][T12606] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 337.770837][T12606] CR2: 00007ff3c5ba1368 CR3: 000000004ce8c000 CR4: 00000000003526f0 [ 337.778799][T12606] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 337.786756][T12606] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 337.794716][T12606] Call Trace: [ 337.797987][T12606] [ 337.800906][T12606] ? vfs_open+0x31/0x340 [ 337.805145][T12606] vfs_open+0x3b/0x340 [ 337.809201][T12606] ? backing_file_open_user_path+0x12/0x50 [ 337.815005][T12606] backing_file_open_user_path+0x24/0x50 [ 337.820623][T12606] backing_tmpfile_open+0x9b/0xf0 [ 337.825643][T12606] ovl_tmpfile+0x400/0x810 [ 337.830076][T12606] ? __pfx_ovl_tmpfile+0x10/0x10 [ 337.835006][T12606] ? _raw_spin_unlock+0x28/0x50 [ 337.839851][T12606] ? d_alloc+0x144/0x190 [ 337.844109][T12606] ? mode_strip_sgid+0x6a/0x1b0 [ 337.848946][T12606] vfs_tmpfile+0x3ff/0x890 [ 337.853352][T12606] do_tmpfile+0xd3/0x240 [ 337.857584][T12606] path_openat+0x300d/0x3860 [ 337.862155][T12606] ? arch_stack_walk+0xfb/0x150 [ 337.866994][T12606] ? do_getname+0x2e/0x250 [ 337.871397][T12606] ? stack_trace_save+0xa9/0x100 [ 337.876329][T12606] ? __pfx_stack_trace_save+0x10/0x10 [ 337.881688][T12606] ? do_getname+0x2e/0x250 [ 337.886102][T12606] ? stack_depot_save_flags+0x33/0x810 [ 337.891552][T12606] ? kasan_save_track+0x3e/0x80 [ 337.896480][T12606] ? __kasan_slab_alloc+0x6c/0x80 [ 337.901573][T12606] ? __pfx_path_openat+0x10/0x10 [ 337.906577][T12606] ? __x64_sys_openat+0x138/0x170 [ 337.911592][T12606] ? do_syscall_64+0x14d/0xf80 [ 337.916342][T12606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.922481][T12606] ? __lock_acquire+0x6b5/0x2cf0 [ 337.927422][T12606] do_file_open+0x23e/0x4a0 [ 337.931914][T12606] ? __pfx_do_file_open+0x10/0x10 [ 337.936926][T12606] ? _raw_spin_unlock+0x28/0x50 [ 337.941848][T12606] ? alloc_fd+0x64b/0x6c0 [ 337.946192][T12606] do_sys_openat2+0x113/0x200 [ 337.950862][T12606] ? __se_sys_futex+0x3a8/0x450 [ 337.955701][T12606] ? __pfx_do_sys_openat2+0x10/0x10 [ 337.960892][T12606] ? rcu_is_watching+0x15/0xb0 [ 337.965638][T12606] __x64_sys_openat+0x138/0x170 [ 337.970493][T12606] do_syscall_64+0x14d/0xf80 [ 337.975087][T12606] ? trace_irq_disable+0x3b/0x150 [ 337.980118][T12606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.986176][T12606] ? clear_bhb_loop+0x40/0x90 [ 337.990838][T12606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.996715][T12606] RIP: 0033:0x7f3f9cb9c799 [ 338.001123][T12606] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 338.020722][T12606] RSP: 002b:00007f3f9da78028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 338.029130][T12606] RAX: ffffffffffffffda RBX: 00007f3f9ce15fa0 RCX: 00007f3f9cb9c799 [ 338.037090][T12606] RDX: 000000000049c002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 338.045305][T12606] RBP: 00007f3f9cc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 338.053259][T12606] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 338.061211][T12606] R13: 00007f3f9ce16038 R14: 00007f3f9ce15fa0 R15: 00007fffe0576cc8 [ 338.069173][T12606] [ 338.072201][T12606] Modules linked in: [ 338.078334][T12606] ---[ end trace 0000000000000000 ]--- [ 338.127845][T12606] RIP: 0010:do_dentry_open+0xaf/0x14e0 [ 338.139070][T12488] lo speed is unknown, defaulting to 1000 [ 338.150570][T12606] Code: 44 24 28 80 3c 28 00 74 08 4c 89 ff e8 ba 5b ef ff 4c 89 7c 24 20 4d 89 27 4d 8d 7c 24 30 4c 89 f8 48 c1 e8 03 48 89 44 24 58 <80> 3c 28 00 74 08 4c 89 ff e8 a3 5a ef ff 4c 89 7c 24 60 4d 8b 3f [ 338.231259][T12606] RSP: 0018:ffffc90005e1f638 EFLAGS: 00010206 [ 338.242989][T12606] RAX: 0000000000000006 RBX: ffff8880543687e0 RCX: 0000000000000000 [ 338.285710][T12606] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000ffffffff [ 338.319636][T12606] RBP: dffffc0000000000 R08: ffff8880574a33d3 R09: 1ffff1100ae9467a [ 338.329626][T12488] lo speed is unknown, defaulting to 1000 [ 338.337255][T12606] R10: dffffc0000000000 R11: ffffed100ae9467b R12: 0000000000000000 [ 338.357590][T12606] R13: 1ffff1100a86d10d R14: ffff888054368868 R15: 0000000000000030 [ 338.375298][T12606] FS: 00007f3f9da786c0(0000) GS:ffff888125535000(0000) knlGS:0000000000000000 [ 338.394785][T12606] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 338.408506][T12606] CR2: 00007ff3c5ad37d0 CR3: 000000004ce8c000 CR4: 00000000003526f0 [ 338.426102][T12606] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 338.445742][T12606] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 338.462907][T12606] Kernel panic - not syncing: Fatal exception [ 338.469291][T12606] Kernel Offset: disabled [ 338.473697][T12606] Rebooting in 86400 seconds..