last executing test programs: 1m49.689989048s ago: executing program 1 (id=818): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x4, 0x2, 0x5, 0x2000000}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) write$binfmt_aout(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="03040000b500000001008aea0000feffd0ca"], 0xc8) dup3(r1, r0, 0x0) 1m49.418894977s ago: executing program 1 (id=819): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "78cb6e6d9d2574d4"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "dbfb7e8fd0bc6045", "c2fd4b8fefd98c5a337e71ee65ef17dffb5c99de2ac70b0db648ef9bb1614180", "c226eb7f", "2d36e17ddff0b56a"}, 0x26) 1m49.252784776s ago: executing program 1 (id=820): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 1m49.085205167s ago: executing program 1 (id=821): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a09007, 0x0) pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0\x00') 1m48.968671824s ago: executing program 1 (id=824): r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x8) r2 = openat$cgroup(r1, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000340)='cpu.stat\x00', 0x275a, 0x0) read$FUSE(r3, &(0x7f00000003c0)={0x2020}, 0x2020) 1m48.505188122s ago: executing program 1 (id=829): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x35451d7003101a08, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETGROUP(r0, 0x400454ce, 0xee01) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x103900, 0x0) setgroups(0x1, &(0x7f00000000c0)=[0xee01]) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) 1m47.954965079s ago: executing program 32 (id=829): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x35451d7003101a08, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETGROUP(r0, 0x400454ce, 0xee01) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x103900, 0x0) setgroups(0x1, &(0x7f00000000c0)=[0xee01]) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) 56.571605521s ago: executing program 0 (id=1211): r0 = syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fbdbdf25310000000c009900020000004a00000008005200", @ANYRES32=r0, @ANYBLOB="08000300", @ANYRES32=r3, @ANYBLOB="6081602a3a6970c41e2a33659814afa8237440e0f30c29571cc5d2fde231957c"], 0x30}, 0x1, 0x0, 0x0, 0x48000}, 0x8482) 55.341742172s ago: executing program 0 (id=1219): r0 = socket(0x10, 0x80002, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000005400e5012abd7000ffffffff07000000", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r4, @ANYBLOB="01030300ff"], 0x38}, 0x1, 0x0, 0x0, 0x804}, 0x200004d0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 55.260009852s ago: executing program 0 (id=1220): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0xa}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000003, 0x204031, 0xffffffffffffffff, 0xec776000) syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00') io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000000), 0x0) 54.887579155s ago: executing program 0 (id=1223): mkdir(&(0x7f00000000c0)='./file0\x00', 0x48) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x200000000000, 0x0, 0x0, 0x189046, 0x0) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0) mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) 54.720190454s ago: executing program 0 (id=1234): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) io_uring_setup(0x8, &(0x7f0000000040)={0x0, 0x3a31, 0x4000, 0x2, 0x1b}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000140)={0x9}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='%'], 0x50) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00') read$FUSE(r0, &(0x7f0000004100)={0x2020}, 0x2020) 54.15290296s ago: executing program 0 (id=1228): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x1, 0x70bc2c, 0x0, {{@in6=@mcast2, @in=@private=0xa0100fe, 0x0, 0xecdf, 0x0, 0x0, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x32}, @in=@local, {0xfffffffffffffffe, 0xfffffffffffffffc, 0x3, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x9}, {0x1, 0x400800, 0x9, 0x292}, {0x1000}, 0x0, 0x0, 0x2, 0x4, 0x0, 0x2c}}, 0xf0}}, 0x44050) 53.811045365s ago: executing program 33 (id=1228): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x1, 0x70bc2c, 0x0, {{@in6=@mcast2, @in=@private=0xa0100fe, 0x0, 0xecdf, 0x0, 0x0, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x32}, @in=@local, {0xfffffffffffffffe, 0xfffffffffffffffc, 0x3, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x9}, {0x1, 0x400800, 0x9, 0x292}, {0x1000}, 0x0, 0x0, 0x2, 0x4, 0x0, 0x2c}}, 0xf0}}, 0x44050) 9.660770025s ago: executing program 4 (id=1649): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000050000000200000004"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000100000085000000a000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 9.401215976s ago: executing program 4 (id=1653): ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x4000, 0x1000, 0xb, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x2}, {0x0, 0x60000, 0x3, 0x0, 0x0, 0x7, 0xf9, 0x6, 0x0, 0x0, 0x0, 0x42}, {0xeeef0000, 0x6000, 0x13, 0x9, 0x0, 0x0, 0x81, 0x0, 0x4, 0xe, 0x1, 0x3}, {0x8080000, 0x0, 0x4}, {0x7000, 0x1000, 0x3, 0x0, 0x0, 0x80, 0x80, 0x0, 0x0, 0x0, 0x1a}, {0x100000, 0xd000, 0x9, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x84}, {0x4, 0x5000, 0x9, 0x4, 0x3, 0x4, 0x0, 0x0, 0x3}, {0x1, 0x100000, 0x0, 0xf9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, {0xf000}, {0x1, 0xfffe}, 0x0, 0x0, 0x6000, 0x0, 0x4, 0x1, 0x900, [0xfffffffffffffffc, 0x0, 0x0, 0x3]}) r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000000000407d1e9c3100000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\a'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, 0x0, 0x0) write$tun(0xffffffffffffffff, 0x0, 0xffe) 6.208151204s ago: executing program 4 (id=1668): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000540)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x2, {0x0, 0x1, 0x4}, 0x2}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000540)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x1, {0x2, 0x1, 0x4}, 0x2}, 0x18) bind$can_j1939(r2, &(0x7f0000000200)={0x1d, r1, 0x2, {0x0, 0xf0, 0x4}}, 0x18) 5.996960216s ago: executing program 4 (id=1670): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r1, &(0x7f0000000540)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000240)=""/17, 0x11, 0x6, 0x4, 0x9, 0x4, 0xc08}}, 0x120) read$FUSE(r1, &(0x7f0000006b40)={0x2020}, 0x2020) write$UHID_DESTROY(r1, &(0x7f0000000180), 0x4) 5.163543088s ago: executing program 4 (id=1679): socket$nl_sock_diag(0x10, 0x3, 0x4) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, &(0x7f0000000dc0)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000380)=[{0x0}, {0x0}], 0x2}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1}) 4.404030646s ago: executing program 4 (id=1684): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x45) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) readv(r1, &(0x7f0000000140)=[{&(0x7f0000000600)=""/152, 0x98}], 0x1) recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004004}}], 0x1, 0xc000) 2.261356299s ago: executing program 6 (id=1699): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) r1 = timerfd_create(0x0, 0x0) readv(r1, &(0x7f0000000040)=[{0x0}], 0x1) 1.826819086s ago: executing program 5 (id=1701): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r0, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f0000000340)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf9\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xccd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4hi\v\x00\x00\x93\x11\xc1\xd4\xae\x05\x17=\xd6\xbe\x9f\xf5\x90\xeb\a\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xda\xb2\xd9+s\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x\x004]PZ\x9e\xd5Y\xf0L\xa4\xbc\x86\r\x00L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x05\x00\x00\x00\x00\x00\x00\x00\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x01\x04\x00\x00\x00\x00\x00\x00h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2 \xac\x00\x00\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\xbc\x8d\xed\xf3\x98\x96\x84\xd7\xc2\x88\b\xcc6\xa44\xd7\xed\xc1\x8f\xa7K\xc9KeEk\xd1\xb7\xfb\x88\x12\xd0i\xef(\xddUP\xee;Dk\x84\xfcD\xf0\xd6\xe9\x96B!\x8c\xb8\xc6\'~\x99\x1d2\xdb\xfd=\xa7\x86\x06\x03\xc6Y\xc6\x87\xd13\xd0Y\x90\xe9*~$jQ\xb9\x84\xec\xe9{\xa8%}/\xcaP\xb1a\xa6\xd9\xb2\xe9\xa7\x1b\x00\xb8\x9d\xb0\x01\x00\x00\x00\x00\xaa\xa9\vE\xd0Q\xcd/#%J\x0f\x97\x96\xa0\xeeb\xe2R\xf5\x16\x1f\xe554q\xbdp\x0f)\x99\xec\xe4\xf9~\x91\x00[B$p\xeb\xa0V\xc5\xdakn\xc0l:\xbc\xea\x92\x03i\x7f\x1c\xaf\x06\t\xda\xff\xb8\xf1\xc9\xd7\xc3\xfaN\xeel 40XJ\xe1\xe4Hv=\x81\xdaZ\xd6\aT\x86\xf5\x13+\xa9\x14x\xe7\x19?\xa9#2\xba\x7f1\xf2\xb8$\xa2\xb5*\xef\xd3\x8d\xe4Q\xe6C\xb3AU\xcb\xae\xdcN\xb7Mp\xc8\x04]\x84\x7f\x19\xd3#\x8b@\x9d\x1a\xc5\xc8n^e\xeak\xea9\x15\x9b\x1d\xb7\xe8\xca\xac;\n\\\xa9{B&uO\xb6\xd8\xa6\xb8\xfaA\x1f\xfb\xdcm)}q\x17\x7f\x86b\x1bq\xcb\x81\r\xc2\bb\xd9\xc7t\x88Y\f/\x0f_\x0e\xae\x92\x91\xf8B{\x16\x8a\xa7\xed\x01\x0f\n\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\xf5\xe9\xda\xdc\xc6W\"\x10\x80\xc5\x00\x02\x97\x14\x91K\b\t3]\xa1\x99J\xbd\x03v\x85\x01\xf7k\x10\xf2a\xf5\xad\xb2\x8a\x85\xca/|1\xef\x03;e0\xc2\xff\xf6\xb0~\xf0\x8a-\xb1+\xc64\xd1\xe1\xbc\xeb:\x06&\x01\x0e7\x93`\x98\xa7\xc9\xc2^\x8b\xbd4\"\xd7\xe3\x7f\x00\xfc\xbd +\x9a\xf6\xda\x94*F\xcd\xd0\xd5.\x02\xc0\xce\xcd\xa6\xfd\xdf(#!ST|#n&\xaao\x0f*3\xdf,\xae\xe4\xf5\'\xf3\x1c\a\x05\xbae\x1cdZ\x18\x0f>L}\xb3\r_\x96\xca[aT^\xc5;\xaa\xf5ki\xdc\xaf 8\xd6$\xd4DM\xc1\x1a\x19PK|\xec\xa2A<\xcd\x15\x9dD\x90\xe8dKj=!\xd8\x18\xe0v\xe5Ha\xba\xe0?HC\xc8\x04\x13`(\n\xa3r\x87Z\xa0\xe20\a\x90b>\xd02\xa8\x94f\xd7\'\xc77\xc8\xb1x\x9e\xa5\xa54\x93^\xb7\x1f\\\xa6\xb1\xdb\xc6\xe1\xf5\xf03\xea\xc3D\xe7\xfa\xce\xd3\xcf\xef\x02r\'\x90\xb3AZ\x1e0\x89V\xcf9\xad\xf0\x90\xe5Tqk\x9e\x11\x80\x81l\b\xf9s\x0fqw\fx\x17\x11x*', 0x2) socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f00000000c0)={0x806, 0x0, 0x4, 0x7}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000520001000000000000000000020000000c00", @ANYRES16=r1], 0x20}}, 0x0) 1.608799311s ago: executing program 5 (id=1702): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000003000)=@abs={0x1, 0x0, 0x4e21}, 0x6e) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000003000)=@abs={0x1, 0x0, 0x4e20}, 0x6e) 1.456745717s ago: executing program 5 (id=1705): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000100)=""/54, 0x36) getdents64(r2, 0xfffffffffffffffe, 0xff80) 1.416424508s ago: executing program 3 (id=1706): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000000c0)={0x0, 0x1, 0x0, &(0x7f00000002c0)=""/70, 0x0, 0xfec00000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000200)=""/85, 0x0, 0x60000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400)={0x2, 0x0, [{0x5000, 0xa3, &(0x7f0000000100)=""/163}, {0x70000, 0x53, &(0x7f0000000340)=""/83}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0xfffffffe) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af04, &(0x7f00000003c0)={0x1}) 1.288953494s ago: executing program 3 (id=1707): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1, 0x8}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {}, {0x10, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x8, 0x2, [@TCA_FLOW_EMATCHES={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048084}, 0x2008c010) 1.280700646s ago: executing program 5 (id=1708): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) r2 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfe33) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000140)={0xa8, 0x0, 0x1}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f000000f000/0x2000)=nil}) 1.157057439s ago: executing program 6 (id=1710): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000240)=0x8, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0xfffd, 0x4, @empty, 0x40000}, 0x1c) sendto$inet6(r0, &(0x7f0000000200)="3b651e0eba74c3a6ce", 0x9, 0x24000000, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x99bcb88da02606f2, 0x0, 0x46) 1.072898728s ago: executing program 5 (id=1711): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f00000002c0)={0x0, 'syzkaller0\x00', {0x1}, 0xb5}) r2 = socket$netlink(0x10, 0x3, 0x0) preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/180, 0xb4}], 0x1, 0x9, 0x7) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) 1.020552236s ago: executing program 3 (id=1712): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x500, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000010880)=@vmx={0x0, 0x0, 0x2080, {0x50000, 0x80a0000, {}, 0x0, 0x6}, {"2e2079092c32f3bae1836dd52c5050209e1268f20c6ca0149f4980a994eb4cdae1c82401089fedb5feb01bf1618cc0f10fd15a7fa0536abbefc8d66e30bdefeeedc0ad7004dc44a1a0769937eb651f1ce36827d1838778d6431593fa4935010083a62096666b3d174470aab0efdbd6246d5ad77c7bc23009bed023ecc12fd6c26ab3cb0be2a53963ad26a19b4238dd068dc2a2b7944c853d0c02598380d19db21ec9ba61b76c49de1b7781d957f064ab2033b4ba6c689be8dcad60a2207b483244325ea1752755e3b07b2291006108dc47918ba087119dbcf2db0aa1fd4789c53eb58236961fdb1b5df5f64975b547f82e0bb8109ea1d110c588f8b7aad3880e1b82d656c046438b64ff799eb066527709fdef1cbfeb2822ef9cdddf7f157fba56ec6c7831a01a5e4bbfc3a8713f0f31d44801bc2c9ce7110d49b4c596b9b5697f6f085f3a1d37ea03d730bd2683dabf120d3a800c64efac14d347a06d1cad337022708221880ef4a14ed7c291b0dc9ce446d8b2fd7bba434e6caaaeb5ebbdf7540e388a3122e2be27b417dd230537ebecc37e830a889fd7809badf4a5d3c8dc472b6b16d1a6dcd0e78583d371549af555bac0f7b1b9d0453e60b52fc7f294fbfb8a2828fbba5dce331e5fbb7dec6daff4ccf0e83947f49039ea3b334fcbf16dab59d8a0038c8a1ab18ff5f0f63c10da219e9216395a9c08aa37bb105ba8a0eebb46d44ec87d8e7e3ab24e239ee991c91f237124e34f2f90d9e51632949c2eddae22317772bc1902fb299fa9dcb5e2c04ac3a733a35f5570474506ce17c86b4db481e3df5ca9806024a8b964fefb1d60e1ba108ee0558d6bb57734fa80f38309e08c1667b3001fd03082a974f0be3d4c45d9147deec19cad3e22f86baede8bbe650947e151ea31b9f36a5d0b3a75dcccc8ae8ed9dd9bded186fd22479b13f324ac9934835f4f29404e1ad3985ac4f0ab446ffdef9e497d1fe67b7fcd0973551e9b76512762efd015b5e910a40a9e170155d206a4ea2bc31c9f570a20eb53aed863c0d7d28d73aba1b7da867d6b2dd27f304e106ced89c9961d0a1376c194ef2fa3db004a828238b77f2c101300c053c0216f0040b663656a2c9a556f9fe61bd6fb7dc4e64c3933df0bfb7616939d78766f39c3b88910790cde05cb9df0667b2076cdfa3d537f7ab3653e8e7b845ec099596c9182802eb946e81d5f6337870938e2b811d0d423e1f16a2f15e460d36b8d06cfa9d552db220f6c0d61288a70789338b252451d0920e76d01cb6aaabd105f0766c6747d39fc3f03a730f4c5f0df5c3bd10dc8f61485e2a9b7ba49ca76d30531e71a41e84ffc3e1496ba41b508f861cdb5f11e77ac3e1f6ebd3d117de60f396474284ea21d321f825f97c690c7956b108e5c38c6cde9ebd0b6352d25223f9a9ce243e15b2c4a2b3d64cf2b51330a1aaa9b65e113ca59b01ba1de84ca5c8945e964d3b20453c77718355bd70695bb4f4b4a98fcfb143299888b56d25b0d9610a2eb65fe2e40c96cc9462ec6e2840a24cf48dac644132b2a9cd3f6c1da01409dbf08e33398ef8825ea214eea24244c7cdf2dbb59ff0eadf4f83641fe4dc850285b54dcf41f04b3bad68061aa808eb11ab037471b926cde1d380cb73dde6c30c357dfe6f5a47279672c73d0e232150bc4e0eb45231dfd9921e7bc0b2fefe250c1174b5fee1e837f3b59ddb13b3d4e7fb392484ecd41071f2cc0bd0aaafff2543e3ae233e0e0145a7c416629ebef09a57543ac557a39d4d72589e06bd23c6c945e1a9f6839d4a59f70e9f3fdd0411947eb34d065a331856d994610fc2aef41de4f89a88b032b90e9402c9b6ee8f8207b25bb3b8b36a1d5697d6028da65761d97112252ee8327bf30d1f092ac41250ae5f9d079bef371dae280474fc49af4b5033b73e0b4c8500ea94935af49b755c930e479bf5366b6d1a70751fa344faa77e56eebe06e72bd6579d98e4da6e0e5689f4ba6203b282e52e3bfb64d97f448f905215373f0d02c0b78bc2303aaa8a45a8ca690511d3a751f25dfa5bbef5441f3af6431716dc651d744823f472043b6f91a3379281c3411ff75ea6a6fc2110ea8db86823b1ea1a963168c3a21e6941a78868df08c2850e900fbc87d0dd1d4a9ff68acdb0920d2b43613dacdbad430c21bc8d02f28685f4e5a874827a43dc847141f78d34e124df22dc3812f0051b233e8a3ac057bc602b069af58fe69acecce085ae099e4892e53d4f4ecdcf7ef6a2d0c89a8a07f8bb55011aa008825c0d26364a481db145b1920bc0620e5177b15cdfecfaed7d8c1c792a9bfc5ea14341414df0e1a484c7157b97d48bf3dacd23ae565c731b983dc6986effe0264e51f01ed7b7941370c1f6a69f7bfad06e5147a78521ed4692e3a35e35736149019c585a9e4f74caf7484b52afd451000f4a513798e6f8f92eccb6cd4fecb3cb880456e0c06227688561d3c38c5ba4b6acb1a43a0bfc28cbec957b10d88814f99f25fc5004a3bdd6dd782ccc36368283b4def03eab4c44997212c3ed04e57fb97d8e9c41313dde01c8f1686e3cd95e125d9df7a16c6c8b1c1211c5355125a833e39aa50a48726dd8e385ba7160be5f1bf28559cf5747d9d8cee5fc3022afa7ecc47ca2bd6c16aa34708b95f5bef8293f485f602ebaa50d85241b88c9f8d554c30e1426a57ac4d595662dced577ceaeb6059fc2c348f04ca55d382132d23faa8e8171248587c77e984a8070428b6c1ee951026450bd3754abbf5ff90444c7807fdca7f082f7c8e91b51df78a438da06cc4d9d11b4fd9c8700c02da3b86d105960a35434f8b5ffd5a70005e88d24ed75a8a5e612ad7ab52c996c37f4b8f1c85719902c0623da5e01600ae9983bc8644a552439a031f8df1cc2e8b11f8ece9420de42ba231f69918f5bb05e77e1514d09642b71c9fbe2d47560838c3288658b70051e8eaee23f24c4aeddfc3c6b76c9f95a525cec5c92b15176ab68845a712d363fe90fcfe9c5e2058a7acc113f91605c738a1788d479f919acbaf6707b9e237aa38314d3d170a232327658fabba620e854c82947553fa5952d41d658c5707d4e9540d46cb348e6f9eafdf01d5e8220fd7a0d8813f55e12417680f5e5715d2b7491456e289aab055515e160f204d4b6c5d1f78e04d07ff2a656977e4893403528b80f8eee5fa5df411bc7e5a94b8cf914243dc6f28b55291b6de4d69e478d0503c3faa604fa650ec8ad5b52ee9434fc98b56ad7c38b55b7a49453ae47ddbf39bd5bf18c843e817daa041b3413bf531f94302893e1bc06629aae28672bc7de1508916872528a6e0a3d0ad2675fbed41a322cc6c2c8aaee57e0a144490d04e39bb388705eacf0f050883eeed834ba80f3b0fb1ee93e6b260a7b87ad4ea916250129ca022658ba1247fad29e1364ad44fc45d8317ab6403dfbce44543b8e5be14e64dbff7d338fd79d8e78b30c47b973df99311aaaa3b3fb12cfb8c0ea20400e3a0dc1f6a035801c0846c20216fb9469766abce0a58cd34fb89a89317a2aeada3979d3f61e337fa555981c746643c051feeb3e57c242375fe284ae43f9288b7b3777a5a5525c7a52d3c155fe551919b39bfe64d66ef6b221b9aa77fd5467235bc56c756d5b6acb543ec2f673cc5270a7c5f5fae9033171db188e6a31beec80dfac8047846d9ca7bbdc199ab400f440b543cdbe877b2fcd3f9a93a942c72041772b23c248cce69308ffc7eb9aec84d5793df0e7c21090a5c01d2370e00e57034eb1d1f3a53208a80cb5663bd625200a532e75453bcc223b9e87b88e6ed09bda28c4f15466d06ce57502aa9c4080970515da98c728dbc9c641290439e13756c8e6aa0f8230da8469a5f0ad3a84e229c1a05aad97d97f74bf8925a4f1c8729289c7e419edc1c4770d8571eb00d22c25d11bc28e41fd3d6363153a82e9f2cd2bb44da0843c02b4859b1e49cd729e5147aaac78b1752dc957aa9ca44a525bd3d66645283d33c30ef9a1b786df9be8ff593bea21976403623bdabe0a856a64cc5fa2b5c07e0579d762d7511c24564feafa7979f3d0be1e86e8f1c0c74a0e6142587145c917c8548c6584dc0837fefc215b653e1fe08eaa1c584c4aad941b99d2ba341f2689e264564f22136a113eb4f3bdba12e2f1fa9796fe0f1a97638e9301fd0e1f6bcfddc79e469045cb929af5ce8f7fe46ae1b8172f8b4b4d55a3fee55d958a90d9531915c5dcca16d957f30225f1e7cc97a52e7b7f45aa7421885a893df84ed2ca14bfce323986f7840843152d2fd7860dcc4b688814b4f943c64f3c5078071f709e8dcf30cd4b0093b335e64a86af83d6d1aed6a67870adee029e5ccea155d4ba3ab825634963a2d3664c7947784fecbfe52de95fe2495a4200010603ea337553f59d7246d1d120562709c0b88cb191910ec5d7cc0eb2c9e5ba784f686675b0e19976106b014bc5921d38637a6c0c1d342dee275b4e974e767035435344b72aaa954dea04e7ac8b1da407d7fc5351fa052172f5a5c82a3aa1d442ed91748d56a32a7658243ea9eb2422179f8742a241ed2a4758e76b862ad964d5522600069b183d3a750db2844b05413edb6a331eb881b11529b66bacd73a4a47f1692940a99e8b4a507427426fea5d6e7fb9385b7d481f508be07dc81eb0127713b107589c8762232bd57d89b7a3d006dfd3659dd1b847b76999070e6414dd946d4d036d59935912795b101e715b189780868041a0825214379a12d29957d52ecf0bd1402406adb6e2506d67cb4552d23d2be4f5f603a5f2cae5b9f70ba33019d6fc7cda6225cd017a5d572d0c975858d9971302ee7266c73f78159de01fe4691c39e0b1344a77f0ed20fd061e1e025924ac9f2ed8c21ea8a025dfa5a7007818c4379f0922780a9b4a587d29366f08242dd81aee71376138fd41260f6125229369e7f8987b69a57ed3ce7c478e52d860f6bd8b4e267ba6e746cd4a0d31df20eb1195ae42354264256b78d88f06f868ff3baf134c239b9912d14e7331d9c368e0606cb757c73d25e6fed270b393a14b0835a320fbb38e3f8942a720badf6b92c564656df66734d16d7d36531dd7cc07efca6f24c004feb1c481cf05944ff9a5a1d578c5531bc542104661211a56a1aaea5beed3575de042163ef71556ab81949f32b532f476848165239820ba9abed916645dac00b133c4a3b7f2cdf50b1f35b5177aecf7bd192a8c2a88dbc861566c6db09479cd6119685150cf6a57481e2f186d1ed00482ce5f90ef81f70ffbce1a48d150f9209a213de267591b371ef0d7579c844dcbd01aad71a40e9ceb918e6d861dc5f405dc9947ccca1265babe0e881bb44b74b5f8bbc990ec2e79d51ae5e6f8d764f7a85766b559cb33a31330eb3b5690a03c79ef5e01f1470ff85e560bdaf877a31f0944e1848ece5a589b9d0886ad3e45a9cc03f0b8b497052b6bc020aa6e3f977416882859fb13e8d33a582203f948f3afde6e90491248a911657e9d68255b0dd432ab3b15cdf0b4394fda6918be9b53377fdeb0137debbc70dd0a8b986472984314bcce3beafe2a9694cf6853466367caf5940a564e0ed8114f5023b6b63ba7cc9d8a0f2d52264d5b752046852b6981d4add41ec04ab1be3725acaaf05c344214d61838c12a76998902a32be7e1354e3b5b466732b83fbe7617de7749a0eeaf973c3e36d1ecf9c99c8d0b85e789cffe772850449a34edc71873d8c067bcc8537a4d78075469b6cbc410e582febb30666e1a1062020fb2486ce972390f692eab9ebda150870f426d0f598388af3", "b8a62ea60584d4a91e6fe65697d6ab993c047aad7ff81e1026d3ae11bbc03dde9b958fc5dc573fc67ea22c1213fa86c4fd36a07b31a60cbeafb38e78dc8921265ab7fc11204a06177ccf115715e51cc4efafe1e4956150c7750389d510cc9d09eba498e2bb92151487e50d7482da59837dff445dee80d046c5148f5c58c3f010ad852dc2f73c35767b216cb20d11a4ce9228e16250f41c714e2b7313a331177469b5aa9ade4b2a75413c18c424c4ed14eec9f0b1afabb0db37137042c611bdba7545558c30c75c5820dd367e3a81e39cbe841b895eb04581e6091f7d8c4dba8680d1bd79843fbadcbcfeeffcbd00c2997084b5e446958cd8f7bda49909bed7c676ec85ec23b0ddf58a0d7e11ebd0ad4861823bab73a7aa2f55fe586812dc8df6f8c8c014bc42e0bb61d4311e9e310fb7631101e561909170fa8c56e17b1efe4d63f216bf90a2a592a30f703eff57ba11bba9d044fe06f090d14d577c2af940b8852fba6d2d06b40784780e30b80944de726d2a3894f91f49ba09064c091114566a6603d6827811e79eaeea11b208a0343a613689a1037fc97322b2f89cc3451bcc7e2a19410cbc2a41f7e5f95acdb548c03599684ac1f594c238c14d2a5b409d6e2f6e54919d2cc4d0394edba6818d869316382baf959c14ab24458934d29e2d79ff7120347994b8dbb0b92541d16e07e7035dcf21eed74b07eebd6e1011e4784ed6f8e167417cee55de323fa7f4b84a8a5a5aa3bbbf4aa5c5426cf6adebb820cd65cbdff94f18326ce204d435971331ce793e07af28ff22c9ba041dd1a598f159693221e086165f081d1d4c7465d8e92878fa87b4b6739b2adc9a648c075b73b8e94fd6c8d2b00e00b8a3ef52d6927cbc00dd3a664c16dada3289c9f0f5e7df7401320790d3c09debe61b1a478fd5128c0ae1357c8e37c09a2c27c69ad32ffbec367257d4a81bfc988579c7ddb88835cbae63c07a91d3312ecbccf5c5f7d7a1ed591754fb5fd67c7acfac432784debe9db38d5cd562e4f1d85f96a69e97913b0bc0d82f67e40b183517d7539ad9a031565b62c21451ebe2e34fc35d565945d7bc919e3c1a4c64188720b3e132fe26d2413f87a88c171db401c521f95065ae2d8fe0e68b6a18176a83fcc1a678918877a5e8ee2a903ed1ff3c8c609121ef1d94038bf3c2466a05bc20b8b7c11d943e08750f4d78b76d5e0e1dacb6260b4c2c4fd6ad651d3892acfea8a9ed85353a4fbcf5f494c37d7302050c5821b5cbdfcd8b457d14997d460778ae0c5127fb00ad4bf176e794972243ba2a42c8973945dd3804a3ca71d72120dbd00b6a271d55e5eaa4bc7a705dc439ec49f001a4c11e710d64861b90c62f9857aa3cfc84ff0ad6490f1891ab4e1aa99086801bb5553cda4924a0890fd5e64a82a0c27148af3fcbcb9c424a7a32e6ae7e3ae80f7316dff46cb08074a3ced07b2cd9c8481e2a0ca1060d56fae8fd0fe02650486dde3c739c9401b0941945b9dceded4fa0c87adeec4243c80b9520072dc28fc985f67917be0277160823a424f7adb0f5b2a16290f60598605a15b11eb50daadd27c7d2010d8ddf6ef0b4ba335bb3ed4fec5e1ac396b6a9315121dd82387241159f9b71ee5b1c21c1d38e1296a66fe8112c564ddf109b058384c3c27d68d032b32923cd94f107b42397c71aae824bd8478e3dfc112f05b1ff2b7e284bbc4bb76a70f72e79c89ed4f49243430dd239a4ecdf537a539a2e0e42c082dddc09738a3306ed7ae7ea4b4b421f227f0fb89577a29a63452b4e665306d6059e0da7e5aec8890b1cde3ab7020f991e224de24603b4afed2c9f15c01a1340ef35a102a9f8a6be0e1502ae8f5f25aaf548d38c5bf5fd8c94621b3139478e0d697b29aab44d84f53f5f0b1af8021bf7727a2b1f62da661c1fcf1948155dd9d91c758f07dafc745209faa868b397369c756115373c2d5ebf59c6f8d44fcc67177dccd7e85c790e493dc4c9f1269690bcbc3af4edbb6e02bc182cf965000410eb63cde495e2fb48a24e466a731326f846cb2ec8398989e97447b80b9c6716029c4e3579bc9ff88f6e9a89286006b3161d6310d54965f4a5f0a6317d35be9269b70fb74513df92c6a2ab3247dfdfab22db3ec9e455b880db5b02ed2832dbc132d7b644c2c9e3d74039d3a92264520a1d78ad26bee877f018efa76102c9df737c80f6e35c3a2b370458700b9dac794636a4071ecdf9ace6f42abd18ec4bbda7f1d0f910f16412db11b3e2d13c6456dad09de350c6ac4b77becda47f2ad7b73a4c952a5928aa5a4aeada33ffc486f896d27ca7edf1bce0a345927d169cae7509911f9a84423b88859a3cfbcc628cd5ff60805c36a8c4d5ac1ad6c31bb00c34eea226ddc367b77c84f3f8352feafbdc170d348f88c49246d7aeea05de3c700c74810ef7eae3d5e467b0b14649c5987bd506b75682902ca9efe5ee895e20df0a370437fae648478a7b944061948d9a577f65f7caa65db4fbf1bf1cef8b43e3e56330e69ebb32b5876baafe2896de2fe6ff59faf165c60ea22a667d36e5d8281551359ca1f9e30a9fe261101e2029a09ed306c0c304b596df181758d3c4a6cbbbbb07b981e3284183e0ece1a5a4023797ffc6135008c887dbb57674f80d1fa3b85cb0d53bf0f7ab5a1300cae983b9e2d9c6d46bb8783c6fad0efad706d21484a10bd7c2b249ef9bb4876153a87fc42b0e9ab487686d109d3086122f9e17fe9cd4630dc9fc86e15d125aa15936cf35a80e50e615a008e3c991e3a113c74f780059b6f029a91e8f9f8eba2ab7e5ae47f0074210f66f0d21200342260a773f1d1465e2ec84832d6aeda6b83822b2534f47769af4c071eed304b58c37ac6c5afa8d9e686bc9c4ae3c3fb043940d625aff5709dea9fc1467f5bb3f71e0f2b734324545e99ba82f6b216607319900065f45dedb2b6f99ad764249ff45d208429c56e733078a167709179528a5bbc28a1aa48677dd9745826638e0c25f3beececdd7def9c9d67d5712d2ab5e1cef4a1d1b7172aed5d55efcfad86f9b7303a82bec4d99565647cb4e15b267a6b2666be3a37f8ecad8afdee080439c81a8b11f6c94cb81d3ff6bae975ad223794139f500db7c5476a401f01ac2322cd4d12746d861a6ede35be6106ec9b33e147cbdd4138bd670962c3398179bda7042d34ca8cd815cbcfa9862aa7ab248aaa69d7e22d7d9ccf314c56349ba2cf24099c08ffc3d625f843618c0d184d8a65089a9856ddc5756d6a5ab9cfb51894082175f2e99ec9fcb0bcb8beca1e6f83dd923f022263b7ccdae1a4ca0f22ac098cb55ec1f225f263e4f16e062697ff5becdc49385339ccf36ad6798fe55bcd5be1287e7c1ab4dcefe89e9a7c43601b41bc04c6c5e6484adfcbede52c4c8e21e2174d6c599252ff64487c4e3717658e0057851fd8321c8558deb6d5c170bcf04ab9180bd0a39308a6f3a4ad19131c208c1c67c6d8a56c46ecc62819912bbb760e1add9efb63202207f34b1277a3de0116d8d40d59b11ca924380b3b7c69f89aa38604c0f53c3a72710777c6deee5e207368ff7a427f42791ad6b57ae20ca188b507930b8cc1d39d575a057218f60d09c89059a3b19c5cb730b6ed51c2d61da68a238332abc4cbc5458b08c96d5461ae028cf3c42161347338fd24ddc815cae0818401b49fb99665990329107d1232095ae3e848e0ed175ae6db4ea0ba1d35853fa7459fb40f28e965dd515d362c303f8146f561bf524054d25086793a3d89df6705b312c5e1598b7f242a77afbf333048429a56fc5a08475d41fb2337c1eed9a2904bd2305c5bd1f3dc0f2f8728e14e699d3373b809554d510e617e1161397fbe98326b85c59249b4dc52c57166ace890c40c9c83ad34e74932d0986867638b9800900437dc7fd172c99d7fb8214b53c12de13b27a376726b6da4f2c4ccf6525a3b738a9c49389f313806ac35db724eaafc9bb69adcdf9b52aec445812a92203c85dd6c182f2267260eec9bc2d9c2a8da6b6b4f0ffd0d892c5efdcc02eede1f5516ba389eae495a4f0896bb087fc0ef7b2bedd9a6bd273324ca5f7f4518b4f13d648fe138a4c34d533a3cdaadd25acfea3831ddf681c4ae56d0281b2ceb34d447b2cce84b5e2c3d158f19354358ad0dacf934c53539a9166650d8f476c26b4cbcfda16c59224c6c2c4ebff159dfc14ab67ed984357a295f4cca559f14d2f64d3f921bbf9e6ce64525efa8ddb1817c8b3bb36f0841ce00621592b18f020f988f0fee20563ed69ca92fc57117bfcde573d31d1078465461c8b0399f6ee06511960ce939c1eecabc1d66000ace05d0ed726ec2025c3ff88025555941a7c7e1418069888b9729cb0ed78e9db13bf96f3ba9090093371d34c8569f214a5905bb64762eef3c608b4a6f8e809415ccba511f41784480fca7e1276430f47388b7a9f875e71e277aab8a5a8e9d3a4c687552127d918708318d856bf3f4308c0fb0cb88e4e37d7adda2c2570a295fa9956f9e8947513b86fe498fc1653a3a6ce14b0e492e91aebdd47edb9f42298f615606a8dbb62095468249707d33477aff7a0e9f54f0f1fc1e9d835e539f2c9e278bbb5502879424f3cb11dec1b895ac68e31b4b50e390eed634f99b598f96300a513e453fd0d1aa452ca0372de9eb1ae8b8e9aea788042eef50d4a2365594bf691697d1b38b33405ce1cb34180d1bd78e2c3f4f409c1aa12d8811c24234f1b81ec31e64d9d24466250f346ea2580a5f3619a35cfac3b9a914cb039d163b103c90f28a410f35a4101a6403f1bccaec3596ea99a0a3698cebcf1d35e070589c4790b96439f8a37282d4c2577b15ad2d517fcd8307724f036ee32050afec8202e0cc4ed9736463505ebc7adaa04b7369172bac844dadde5e0b74159c92da106dd0e565510bfdc44a8f886481961ec41c790eb66ecbaa091aa0867f371cbdd06d84459d4c695f4f3923da051f580cba6f54a95466f0295a3a510d4f193e1bd737bed1ac3bb8590ddcd5b40b6ea2b1bfd07f3471239981fcde73069e4efca35a38ab1c4288aaf95e06dda324cafdf1732fea5e7de98e1ee31d4f0feb5ea1793dfcc4b54fadbbda7c5f79b97f56223457c7b34720c2a6f3e9c064bc53e5c107c21d8b76e5e788d0ddd0da116b2f6555c674bfab7157abd71c1edde2092ec01f22cae6f3acbb7723123b9f47ff15c615d5b1edef68aaa5ba522bfe29fe8d6652a44ade9d793cbeb08b5f96a6005519068ba34d39c20a4df993428cbf47c53a2edc177ee3d60d938f2622ef081bf6c3f71b14e169ad1f5981e4d271fa23eedc14abfe58e1740871493b9022e203f49310b200f993f668c55e42bca4018cc76662360a18ea18e2f0477a85b15f56ceea93561194902caa74d6eaac8aaa22e70de4db4f41c53b29ff5fb2921505500ecc3ffac528152ad1dd9beb5a256b36832e8d2e11577609d2fc05a318110a11ca106a1eea55a7d08b0e9f7b6b25aeb30aafa1da87d2147565f277c58405916c9b03baf2dd064450948f00d4fcc02ae60d55bafa85ddc633431b270a5c6bbfad3d36cd2b0a491332fc0c133dc3692759c157fb179dd0a0fddd7487fec8510d5e5d2fce5d0370e830d627826a246461a9ad7b5426c8444fc41319739db36ce0c34971f51b11be698d76a10d1c11f1fc4e0c772c9352b59acde707fcf467a73451af0489320d7e26748b8ac04caa835342b3d1151392dd387d79cd38ae91792edc2d12e9cb5d35b57e5690de9585f9c6ebe9a90b01370709f138a839216a34ef3bc8f5d201544df82"}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.0072911s ago: executing program 2 (id=1713): socket$inet6(0xa, 0x1, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b8000000190001000000000000000000e000000200000000000000000000000000000000000000000000ffff6401010080000000000000000a000000870000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000040fbffffffffffffff03000000000000000000000000000000000000000000000200000000000000000008"], 0xb8}}, 0x2c000010) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd2d, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x1200000, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10) 891.865266ms ago: executing program 3 (id=1714): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x200}], 0x18}, 0x28000054) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000006c0)=""/21, 0x15}, {&(0x7f0000000840)=""/127, 0x7f}, {&(0x7f0000000600)=""/134, 0x86}, {&(0x7f0000000480)=""/21, 0x15}, {&(0x7f0000000500)=""/217, 0xd9}], 0x5}, 0x4}], 0x2, 0x60, 0x0) 886.596297ms ago: executing program 2 (id=1715): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x0, 0x2}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x1, 0x1}, 0x10) sendmsg$tipc(r1, &(0x7f0000000180)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x2, {{0x0, 0x4}}}, 0x10, 0x0}, 0x0) 864.792022ms ago: executing program 6 (id=1716): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f0000000440), &(0x7f0000000040)=@udp=r0}, 0x20) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21) syz_emit_ethernet(0x32, &(0x7f0000000180)={@local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0xe, 0x24, 0x65, 0x0, 0x3, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty=0xe0000001}, {0x4e20, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x6, 0x100}}}}}}}, 0x0) 733.087313ms ago: executing program 3 (id=1717): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000), 0x1c000, 0x800, 0x2de}, 0x1c) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) 698.873657ms ago: executing program 5 (id=1718): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000004280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001740)=""/19, 0x13}, 0x9}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004240)}, 0xafab}], 0x2, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x5, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 683.57602ms ago: executing program 2 (id=1719): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0x200) openat(0xffffffffffffff9c, &(0x7f0000001740)='.\x00', 0x515001, 0x488) 631.447817ms ago: executing program 6 (id=1720): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r1 = eventfd2(0xf, 0x800) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x1, r1}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 503.643148ms ago: executing program 2 (id=1721): r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x2) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000003c0)="c4ec", 0x2}], 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES64=r1], 0x18, 0x24048001}}], 0x1, 0x44080) accept4(r0, 0x0, 0x0, 0x80800) 379.231607ms ago: executing program 2 (id=1722): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x100000b3, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x31) setuid(0xee01) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r1, &(0x7f0000001240)={0xa, 0x4e20, 0x6, @ipv4={'\x00', '\xff\xff', @empty}, 0xffff}, 0x1c) 369.239169ms ago: executing program 6 (id=1723): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @loopback}, 0x2, 0x4}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r2, 0x8004745a, &(0x7f0000005280)) 251.97734ms ago: executing program 2 (id=1724): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x30) 57.091644ms ago: executing program 6 (id=1725): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') open(&(0x7f00000000c0)='.\x00', 0xd5b203, 0x8) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r0, 0xffffffffffffffff, 0x200000000000000) 0s ago: executing program 3 (id=1726): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000680)='./file0\x00', 0x2148c5, &(0x7f00000002c0)={[{@utf8no}, {@fat=@umask={'umask', 0x3d, 0x8}}, {@shortname_mixed}, {@utf8}, {@uni_xlateno}, {@fat=@nfs_nostale_ro}, {@fat=@quiet}, {@uni_xlate}, {@shortname_mixed}, {@fat=@errors_continue}, {@shortname_lower}, {@shortname_lower}, {@rodir}, {@utf8}]}, 0x0, 0x2c4, &(0x7f0000000a40)="$eJzs3UFr02AYwPFn7dZ2HVt7GIKC+KAXvYStfoIiG4gFZVvFeRAyl2ppbEZTKxVxu3n1E/gBht48Kah32cWbd/Gyi+BlB7WyNLFdF7FVttTt/4ORd++bp3nT9015Etpk+8bTe5WSa5TMusRSKjGRDdkRye6WfCP+MuaVE9JtQy5MfP14enH55pV8oTC3oDqfX7qYU9WpM28ePHp+9l194vrLqddJ2cre2v6S+7R1Yuvk9o+l4NUdEVNXHKdurtiWrpbdiqF6zbZM19Jy1bVqde1qL9nO2lpTzerqZHqtZrmumtWmVqym1h2t15pq3jHLVTUMQyfTvd0/8uIDRxS/J0TyB9IZRGE8rLJWy5vx0Mbi5mF0CgAADJeo8v+7ZVfLrladPfn9/vw/JgPk/yJh+T9+q7i5sGCS/x9xu/l/2j9+9yL/BwAAAAAAAAAAAAAAAAAAAADgf7Ajkmm1WpmdVstbBn9JEUmJSPB/1P3EwQjGnfE/nhaXR8T/4V5KxH7SKDaK7WW7PV+SsthiycyYyDdvPvja5fnLhbkZ9WTlrb3ux683inFJBvGBbHj8bDteu+PXZUzS3dvPSUamw+NzIfGNYkLOn2sl/S1bYkhGPtwWR2xZ9eZ1J/7xrOqlq4We+HFvPQAAAAAAjgJDf9l3/u61GxrcNqSnvV3ZuT4gmc71gbmw6wM959ejcmo0uv0GAAAAAOA4cZsPK6ZtW7U/FVKdmvf9Rw1VIXj+wcDh8ZCm4Bsx0e1Oqt+VR0XEr3k1LGPRTyH2D29vfIBRHts/nxMisqdm+vDn/ItnAxye/RU+3+9/0kb1iQQAAADgoARJ/7F5SCYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEOo35uHBev/zb3HujYXj2YvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOHwMwAA//8VhA3+") r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333406, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005c48, 0x0) read$FUSE(r0, &(0x7f0000004c40)={0x2020}, 0x2020) kernel console output (not intermixed with test programs): s2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 172.478851][ T8225] (syz.4.773,8225,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 172.573312][ T8225] JBD2: Ignoring recovery information on journal [ 172.599695][ T993] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 172.676050][ T8225] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 172.689171][ T8237] loop3: detected capacity change from 0 to 4096 [ 172.744757][ T8246] loop1: detected capacity change from 0 to 512 [ 172.780785][ T993] usb 1-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 172.810607][ T8246] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 172.822565][ T993] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 172.866889][ T993] usb 1-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 172.897843][ T8246] EXT4-fs (loop1): 1 truncate cleaned up [ 172.899733][ T993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.932371][ T993] usb 1-1: Product: syz [ 172.936591][ T993] usb 1-1: Manufacturer: syz [ 172.941796][ T993] usb 1-1: SerialNumber: syz [ 172.949798][ T993] usb 1-1: config 0 descriptor?? [ 172.956915][ T8246] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.967571][ T993] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 172.995581][ T8251] loop2: detected capacity change from 0 to 128 [ 173.011999][ T8246] EXT4-fs (loop1): shut down requested (2) [ 173.035578][ T8251] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 173.078789][ T8251] ext4 filesystem being mounted at /148/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 173.223295][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.286973][ T12] ntfs3(loop3): ino=5, mi_enum_attr [ 173.417033][ T5838] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 173.552801][ T5843] ocfs2: Unmounting device (7,4) on (node local) [ 174.201116][ T5899] usb 1-1: USB disconnect, device number 5 [ 174.524761][ T8276] loop1: detected capacity change from 0 to 32768 [ 174.532737][ T8276] btrfs: Deprecated parameter 'usebackuproot' [ 174.540007][ T8276] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 174.557761][ T8276] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.788 (8276) [ 174.610190][ T8276] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 174.633268][ T8276] BTRFS info (device loop1): using crc32c checksum algorithm [ 174.705617][ T148] BTRFS warning (device loop1): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 174.775051][ T8276] BTRFS error (device loop1): failed to load root extent [ 174.809169][ T8276] BTRFS warning (device loop1): try to load backup roots slot 1 [ 174.846651][ T1143] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 174.888899][ T8276] BTRFS warning (device loop1): couldn't read tree root [ 174.892774][ T8300] loop0: detected capacity change from 0 to 512 [ 174.901182][ T8276] BTRFS warning (device loop1): try to load backup roots slot 2 [ 174.927096][ T1143] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 174.960168][ T8276] BTRFS warning (device loop1): couldn't read tree root [ 174.977104][ T8276] BTRFS warning (device loop1): try to load backup roots slot 3 [ 175.062037][ T8276] BTRFS info (device loop1): rebuilding free space tree [ 175.133523][ T8276] BTRFS info (device loop1): checking UUID tree [ 175.149137][ T8276] BTRFS info (device loop1): enabling ssd optimizations [ 175.180955][ T8276] BTRFS info (device loop1): turning on async discard [ 175.210289][ T8276] BTRFS info (device loop1): enabling free space tree [ 175.233365][ T8276] BTRFS info (device loop1): force clearing of disk cache [ 175.251262][ T8276] BTRFS info (device loop1): enabling auto defrag [ 175.260661][ T8276] BTRFS info (device loop1): trying to use backup root at mount time [ 175.269357][ T8276] BTRFS info (device loop1): use zstd compression, level 3 [ 175.736845][ T5837] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 176.255577][ T8321] loop0: detected capacity change from 0 to 32768 [ 176.295172][ T8328] loop1: detected capacity change from 0 to 512 [ 176.313908][ T8321] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 176.362868][ T8337] loop2: detected capacity change from 0 to 1024 [ 176.384392][ T8321] XFS (loop0): Ending clean mount [ 176.425295][ T8321] XFS (loop0): Quotacheck needed: Please wait. [ 176.795877][ T8321] XFS (loop0): Quotacheck: Done. [ 176.873094][ T8321] XFS (loop0): User initiated shutdown received. [ 176.895133][ T8321] XFS (loop0): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:466). Shutting down filesystem. [ 176.924636][ T8321] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 177.062187][ T5839] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 177.073176][ T8341] loop3: detected capacity change from 0 to 32768 [ 177.111737][ T8341] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.803 (8341) [ 177.182106][ T8341] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 177.237798][ T8341] BTRFS info (device loop3): using crc32c checksum algorithm [ 177.335617][ T5898] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 177.518902][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 177.538393][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.548333][ T5898] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 177.558014][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.566531][ T8341] BTRFS info (device loop3): enabling ssd optimizations [ 177.597863][ T5898] usb 5-1: config 0 descriptor?? [ 177.599263][ T8341] BTRFS info (device loop3): turning on async discard [ 177.618729][ T5898] hub 5-1:0.0: USB hub found [ 177.653291][ T8341] BTRFS info (device loop3): enabling free space tree [ 177.826205][ T5898] hub 5-1:0.0: 1 port detected [ 177.844164][ T8354] syz.1.809 (8354) used greatest stack depth: 17096 bytes left [ 178.048712][ T8358] loop2: detected capacity change from 0 to 32768 [ 178.066858][ T8382] loop1: detected capacity change from 0 to 2048 [ 178.141443][ T8382] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.296575][ T8382] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 178.379322][ T8382] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 11 with error 28 [ 178.450900][ T8382] EXT4-fs (loop1): This should not happen!! Data will be lost [ 178.450900][ T8382] [ 178.461505][ T5898] hub 5-1:0.0: activate --> -90 [ 178.501861][ T8382] EXT4-fs (loop1): Total free blocks count 0 [ 178.509847][ T8382] EXT4-fs (loop1): Free/Dirty block details [ 178.526165][ T8382] EXT4-fs (loop1): free_blocks=2415919504 [ 178.551833][ T8382] EXT4-fs (loop1): dirty_blocks=16 [ 178.571095][ T8382] EXT4-fs (loop1): Block reservation details [ 178.588196][ T8382] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 178.627813][ T5836] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 178.749414][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.896395][ T5899] usb 5-1: USB disconnect, device number 8 [ 178.902818][ T5898] usb 5-1-port1: config error [ 179.442731][ T8404] netlink: 104 bytes leftover after parsing attributes in process `syz.3.822'. [ 179.799716][ T5913] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 179.979356][ T5913] usb 5-1: Using ep0 maxpacket: 8 [ 179.997178][ T5913] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 180.027635][ T5913] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 180.065415][ T5913] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 180.100413][ T5913] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 180.137922][ T5913] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 180.167456][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.216436][ T5913] hub 5-1:1.0: bad descriptor, ignoring hub [ 180.242216][ T5913] hub 5-1:1.0: probe with driver hub failed with error -5 [ 180.270455][ T5913] cdc_wdm 5-1:1.0: skipping garbage [ 180.290156][ T5913] cdc_wdm 5-1:1.0: skipping garbage [ 180.331048][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.340174][ T5913] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 180.360726][ T8413] loop0: detected capacity change from 0 to 32768 [ 180.368972][ T5913] cdc_wdm 5-1:1.0: Unknown control protocol [ 180.392099][ T8413] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.827 (8413) [ 180.450600][ T8408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.473323][ T8413] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 180.512012][ T8408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.537145][ T8413] BTRFS info (device loop0): using sha256 checksum algorithm [ 180.677804][ T5898] usb 5-1: USB disconnect, device number 9 [ 180.859208][ T5856] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 180.888318][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 180.889037][ T8413] BTRFS info (device loop0): enabling ssd optimizations [ 180.903803][ T8413] BTRFS info (device loop0): turning on async discard [ 180.905140][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 180.922514][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 180.930311][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 180.931425][ T8413] BTRFS info (device loop0): enabling free space tree [ 180.945581][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.013044][ T8413] BTRFS info (device loop0): enabling auto defrag [ 181.039258][ T8413] BTRFS info (device loop0): max_inline set to 4096 [ 181.040863][ T8415] loop3: detected capacity change from 0 to 32768 [ 181.057422][ T5898] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 181.107091][ T8415] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 181.190646][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.218041][ T5898] usb 5-1: Using ep0 maxpacket: 16 [ 181.226739][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 181.232525][ T8415] XFS (loop3): Ending clean mount [ 181.238781][ T5898] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 181.261366][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 36816, setting to 1024 [ 181.272772][ T5898] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 181.282878][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12161, setting to 1024 [ 181.294352][ T5898] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024 [ 181.306805][ T5898] usb 5-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 181.321795][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.337708][ T5898] usb 5-1: Product: syz [ 181.355546][ T5898] usb 5-1: Manufacturer: syz [ 181.361744][ T5898] usb 5-1: SerialNumber: syz [ 181.380229][ T5898] usb 5-1: config 0 descriptor?? [ 181.419164][ T8415] XFS (loop3): Quotacheck needed: Please wait. [ 181.425661][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.582981][ T8415] XFS (loop3): Quotacheck: Done. [ 181.698855][ C1] mcba_usb 5-1:0.0 can0: Tx URB aborted (-71) [ 181.705435][ T5898] mcba_usb 5-1:0.0: Microchip CAN BUS Analyzer connected [ 181.712714][ C1] mcba_usb 5-1:0.0 can0: Tx URB aborted (-71) [ 181.867900][ T5898] usb 5-1: USB disconnect, device number 10 [ 181.904114][ T5898] mcba_usb 5-1:0.0 can0: device disconnected [ 182.022310][ T5836] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 182.204816][ T5839] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 182.570719][ T8435] chnl_net:caif_netlink_parms(): no params data found [ 182.702227][ T8457] loop4: detected capacity change from 0 to 128 [ 182.731033][ T8457] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 182.795424][ T8457] hpfs: filesystem error: improperly stopped [ 182.831565][ T8457] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 182.882514][ T8457] hpfs: You really don't want any checks? You are crazy... [ 182.897971][ T8457] hpfs: hpfs_map_sector(): read error [ 182.913718][ T8457] hpfs: code page support is disabled [ 182.945077][ T8457] hpfs: hpfs_map_4sectors(): unaligned read [ 182.978087][ T8457] hpfs: hpfs_map_4sectors(): unaligned read [ 183.012234][ T5161] Bluetooth: hci2: command tx timeout [ 183.038173][ T8457] hpfs: filesystem error: unable to find root dir [ 183.217228][ T12] bridge_slave_1: left allmulticast mode [ 183.224531][ T12] bridge_slave_1: left promiscuous mode [ 183.340001][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.439752][ T12] bridge_slave_0: left allmulticast mode [ 183.460621][ T12] bridge_slave_0: left promiscuous mode [ 183.484329][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.837574][ T12] bond2 (unregistering): (slave ip6erspan0): Releasing active interface [ 184.138928][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.177695][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 184.194942][ T12] bond0 (unregistering): Released all slaves [ 184.218021][ T12] bond1 (unregistering): (slave lo): Releasing backup interface [ 184.226510][ T12] bond1 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 184.240615][ T12] bond1 (unregistering): Released all slaves [ 184.271283][ T12] bond2 (unregistering): Released all slaves [ 184.354314][ T8475] netlink: 40 bytes leftover after parsing attributes in process `syz.0.836'. [ 184.380983][ T8475] netlink: 16 bytes leftover after parsing attributes in process `syz.0.836'. [ 184.930944][ T8435] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.956165][ T8435] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.982605][ T8435] bridge_slave_0: entered allmulticast mode [ 184.987126][ T8512] netlink: 'syz.0.843': attribute type 3 has an invalid length. [ 185.014979][ T8512] netlink: 132 bytes leftover after parsing attributes in process `syz.0.843'. [ 185.030899][ T8435] bridge_slave_0: entered promiscuous mode [ 185.081270][ T8435] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.090504][ T5161] Bluetooth: hci2: command tx timeout [ 185.098016][ T8435] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.105317][ T8435] bridge_slave_1: entered allmulticast mode [ 185.115223][ T8435] bridge_slave_1: entered promiscuous mode [ 185.436479][ T8435] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.479625][ T8435] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.559988][ T5899] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 185.643012][ T12] hsr_slave_0: left promiscuous mode [ 185.678041][ T12] hsr_slave_1: left promiscuous mode [ 185.693414][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 185.744890][ T5899] usb 3-1: config 1 interface 0 altsetting 77 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 185.759886][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 185.770403][ T5899] usb 3-1: config 1 interface 0 has no altsetting 0 [ 185.778993][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 185.794920][ T5899] usb 3-1: string descriptor 0 read error: -22 [ 185.802034][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 185.809684][ T5899] usb 3-1: New USB device found, idVendor=046d, idProduct=c29a, bcdDevice= 0.40 [ 185.821622][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.987031][ T12] veth1_macvtap: left promiscuous mode [ 186.007793][ T12] veth0_macvtap: left promiscuous mode [ 186.024281][ T12] veth1_vlan: left promiscuous mode [ 186.044636][ T12] veth0_vlan: left promiscuous mode [ 186.305381][ T5899] logitech 0003:046D:C29A.000C: unknown main item tag 0x0 [ 186.343979][ T5899] logitech 0003:046D:C29A.000C: unknown main item tag 0x0 [ 186.376872][ T5899] logitech 0003:046D:C29A.000C: unknown main item tag 0x0 [ 186.405641][ T5899] logitech 0003:046D:C29A.000C: unknown main item tag 0x0 [ 186.441213][ T5899] logitech 0003:046D:C29A.000C: unknown main item tag 0x0 [ 186.476257][ T5899] logitech 0003:046D:C29A.000C: unknown main item tag 0x0 [ 186.489168][ T5899] logitech 0003:046D:C29A.000C: unknown main item tag 0x0 [ 186.538734][ T5899] logitech 0003:046D:C29A.000C: unknown main item tag 0x0 [ 186.555949][ T5899] logitech 0003:046D:C29A.000C: unknown main item tag 0x0 [ 186.586116][ T5899] logitech 0003:046D:C29A.000C: unknown main item tag 0x0 [ 186.881070][ T5899] logitech 0003:046D:C29A.000C: hidraw0: USB HID v0.02 Device [HID 046d:c29a] on usb-dummy_hcd.2-1/input0 [ 186.925517][ T5899] logitech 0003:046D:C29A.000C: no inputs found [ 186.995836][ T5899] usb 3-1: USB disconnect, device number 10 [ 187.074130][ T8558] fido_id[8558]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 187.167772][ T5161] Bluetooth: hci2: command tx timeout [ 187.344607][ T8551] loop3: detected capacity change from 0 to 32768 [ 187.385669][ T12] team0 (unregistering): Port device team_slave_1 removed [ 187.401779][ T8551] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.854 (8551) [ 187.453716][ T12] team0 (unregistering): Port device team_slave_0 removed [ 187.480264][ T8551] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 187.496419][ T8551] BTRFS info (device loop3): using crc32c checksum algorithm [ 187.670711][ T8551] BTRFS info (device loop3): enabling ssd optimizations [ 187.717419][ T8551] BTRFS info (device loop3): turning on flush-on-commit [ 187.745893][ T8551] BTRFS info (device loop3): enabling free space tree [ 187.770359][ T8551] BTRFS info (device loop3): enabling auto defrag [ 187.785223][ T8579] loop4: detected capacity change from 0 to 4096 [ 187.792829][ T8551] BTRFS info (device loop3): use lzo compression, level 1 [ 187.803243][ T8579] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 187.829196][ T8551] BTRFS info (device loop3): max_inline set to 4096 [ 188.240870][ T5836] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 188.382913][ T8435] team0: Port device team_slave_0 added [ 188.492841][ T8435] team0: Port device team_slave_1 added [ 188.757401][ T8435] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.809941][ T8435] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.937431][ T8435] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.985920][ T8435] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.009448][ T8435] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 189.106305][ T8435] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 189.247772][ T5161] Bluetooth: hci2: command tx timeout [ 189.328698][ T8435] hsr_slave_0: entered promiscuous mode [ 189.351523][ T8435] hsr_slave_1: entered promiscuous mode [ 189.382185][ T8435] debugfs: 'hsr0' already exists in 'hsr' [ 189.397042][ T8435] Cannot create hsr debugfs directory [ 189.533048][ T8620] loop3: detected capacity change from 0 to 764 [ 189.875575][ T8620] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet. [ 190.257414][ T5898] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 190.303338][ T8609] loop4: detected capacity change from 0 to 40427 [ 190.410903][ T5928] kernel write not supported for file bpf-prog (pid: 5928 comm: kworker/1:5) [ 190.448946][ T5898] usb 3-1: Using ep0 maxpacket: 8 [ 190.462743][ T5898] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 190.488598][ T8642] binder: 8640:8642 ioctl c0306201 200000000200 returned -14 [ 190.542670][ T5898] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 190.580507][ T5898] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 190.619462][ T5898] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 190.673897][ T5898] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 190.710131][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.768462][ T5898] hub 3-1:1.0: bad descriptor, ignoring hub [ 190.788411][ T5898] hub 3-1:1.0: probe with driver hub failed with error -5 [ 190.805597][ T5898] cdc_wdm 3-1:1.0: skipping garbage [ 190.827377][ T5898] cdc_wdm 3-1:1.0: skipping garbage [ 190.867620][ T5898] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 190.881782][ T8435] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 190.892660][ T5898] cdc_wdm 3-1:1.0: Unknown control protocol [ 190.935490][ T8435] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 191.012913][ T8435] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 191.029840][ T8630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 191.060080][ T8630] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.096273][ T8435] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 191.187194][ T8663] vcan0: tx drop: invalid sa for name 0x0000000000004000 [ 191.208722][ T5898] usb 3-1: USB disconnect, device number 11 [ 191.246786][ T8671] loop3: detected capacity change from 0 to 128 [ 191.309255][ T8671] EXT4-fs: Ignoring removed i_version option [ 191.346959][ T8671] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0003] [ 191.359061][ T8671] System zones: 1-3, 19-19, 35-36 [ 191.403728][ T8671] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 191.469045][ T8671] ext4 filesystem being mounted at /170/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 191.600157][ T5913] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 191.646992][ T8435] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.706193][ T8435] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.722396][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.723391][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.748357][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.748472][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.749919][ T5913] usb 3-1: Using ep0 maxpacket: 16 [ 191.772309][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 191.772341][ T5913] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 191.772361][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 36816, setting to 1024 [ 191.772384][ T5913] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 191.772404][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12161, setting to 1024 [ 191.772427][ T5913] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024 [ 191.801862][ T5913] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 191.801905][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.801924][ T5913] usb 3-1: Product: syz [ 191.801937][ T5913] usb 3-1: Manufacturer: syz [ 191.801951][ T5913] usb 3-1: SerialNumber: syz [ 191.808811][ T5913] usb 3-1: config 0 descriptor?? [ 191.905599][ T5836] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 192.031533][ T5913] mcba_usb 3-1:0.0: Microchip CAN BUS Analyzer connected [ 192.031638][ C0] mcba_usb 3-1:0.0 can0: Tx URB aborted (-71) [ 192.031747][ C0] mcba_usb 3-1:0.0 can0: Tx URB aborted (-71) [ 192.115731][ T8660] loop4: detected capacity change from 0 to 40427 [ 192.132343][ T8660] F2FS-fs: heap/no_heap options were deprecated [ 192.146320][ T8660] F2FS-fs (loop4): Image doesn't support compression [ 192.256123][ T5898] usb 3-1: USB disconnect, device number 12 [ 192.285290][ T8660] F2FS-fs (loop4): invalid crc value [ 192.294701][ T5898] mcba_usb 3-1:0.0 can0: device disconnected [ 192.570640][ T8660] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 192.606416][ T8660] F2FS-fs (loop4): Start checkpoint disabled! [ 192.783999][ T8660] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0 [ 192.795596][ T8660] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 192.806869][ T8706] netlink: 'syz.0.892': attribute type 13 has an invalid length. [ 192.842961][ T8706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.892'. [ 192.959976][ T68] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 192.975648][ T8706] netlink: 'syz.0.892': attribute type 13 has an invalid length. [ 192.994786][ T68] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.006483][ T8706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.892'. [ 193.031769][ T138] kworker/u8:5: attempt to access beyond end of device [ 193.031769][ T138] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 193.051952][ T68] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.081883][ T68] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.129395][ T138] CPU: 0 UID: 0 PID: 138 Comm: kworker/u8:5 Tainted: G L syzkaller #0 PREEMPT(full) [ 193.129421][ T138] Tainted: [L]=SOFTLOCKUP [ 193.129427][ T138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 193.129437][ T138] Workqueue: writeback wb_workfn (flush-7:4) [ 193.129461][ T138] Call Trace: [ 193.129467][ T138] [ 193.129474][ T138] dump_stack_lvl+0xe8/0x150 [ 193.129497][ T138] f2fs_handle_critical_error+0x37c/0x540 [ 193.129522][ T138] f2fs_write_end_io+0x1274/0x1740 [ 193.129563][ T138] __submit_merged_bio+0x256/0x700 [ 193.129587][ T138] __submit_merged_write_cond+0x3c9/0x4e0 [ 193.129612][ T138] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 193.129653][ T138] f2fs_write_data_pages+0x287e/0x34f0 [ 193.129701][ T138] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 193.129729][ T138] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 193.129771][ T138] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 193.129818][ T138] ? __lock_acquire+0x6b5/0x2cf0 [ 193.129855][ T138] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 193.129876][ T138] do_writepages+0x32e/0x550 [ 193.129901][ T138] ? reacquire_held_locks+0x104/0x190 [ 193.129917][ T138] ? writeback_sb_inodes+0x477/0x1a20 [ 193.129944][ T138] __writeback_single_inode+0x133/0x11a0 [ 193.129965][ T138] ? do_raw_spin_unlock+0xf5/0x210 [ 193.129989][ T138] writeback_sb_inodes+0x992/0x1a20 [ 193.130023][ T138] ? __lock_acquire+0x6b5/0x2cf0 [ 193.130048][ T138] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 193.130065][ T138] ? do_raw_spin_lock+0x12b/0x2f0 [ 193.130115][ T138] ? rcu_is_watching+0x15/0xb0 [ 193.130141][ T138] wb_writeback+0x456/0xb70 [ 193.130163][ T138] ? queue_io+0x211/0x4a0 [ 193.130187][ T138] ? __pfx_wb_writeback+0x10/0x10 [ 193.130202][ T138] ? do_raw_spin_lock+0x12b/0x2f0 [ 193.130316][ T138] wb_workfn+0x414/0xf50 [ 193.130356][ T138] ? look_up_lock_class+0x57/0x110 [ 193.130391][ T138] ? __pfx_wb_workfn+0x10/0x10 [ 193.130411][ T138] ? do_raw_spin_lock+0x12b/0x2f0 [ 193.130432][ T138] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 193.130468][ T138] ? process_one_work+0x8bb/0x1780 [ 193.130488][ T138] process_one_work+0x9ab/0x1780 [ 193.130528][ T138] ? __pfx_process_one_work+0x10/0x10 [ 193.130546][ T138] ? do_raw_spin_lock+0x12b/0x2f0 [ 193.130577][ T138] worker_thread+0xba8/0x11e0 [ 193.130614][ T138] kthread+0x388/0x470 [ 193.130630][ T138] ? __pfx_worker_thread+0x10/0x10 [ 193.130642][ T138] ? __pfx_kthread+0x10/0x10 [ 193.130660][ T138] ret_from_fork+0x51e/0xb90 [ 193.130683][ T138] ? __pfx_ret_from_fork+0x10/0x10 [ 193.130700][ T138] ? __switch_to+0xc7d/0x1450 [ 193.130721][ T138] ? __pfx_kthread+0x10/0x10 [ 193.130741][ T138] ret_from_fork_asm+0x1a/0x30 [ 193.130771][ T138] [ 193.135343][ T138] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 193.168963][ T8435] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.447460][ T993] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 193.687401][ T993] usb 3-1: Using ep0 maxpacket: 32 [ 193.725190][ T993] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.770411][ T993] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.825417][ T993] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 193.870825][ T993] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.908981][ T993] usb 3-1: config 0 descriptor?? [ 193.935136][ T993] hub 3-1:0.0: USB hub found [ 194.142267][ T993] hub 3-1:0.0: 1 port detected [ 194.152652][ T8744] loop4: detected capacity change from 0 to 256 [ 194.301880][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.309075][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.669250][ T8435] veth0_vlan: entered promiscuous mode [ 194.703805][ T8758] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 194.747457][ T10] hub 3-1:0.0: activate --> -90 [ 194.780655][ T8435] veth1_vlan: entered promiscuous mode [ 194.921613][ T8763] netlink: 'syz.4.908': attribute type 83 has an invalid length. [ 194.962326][ T8435] veth0_macvtap: entered promiscuous mode [ 194.993976][ T8435] veth1_macvtap: entered promiscuous mode [ 195.054637][ T8435] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.135976][ T8435] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.155961][ T5913] usb 3-1-port1: cannot disable (err = -71) [ 195.157144][ T6003] usb 3-1: USB disconnect, device number 13 [ 195.203701][ T148] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.234259][ T148] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.239564][ T8772] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.911'. [ 195.279234][ T148] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.318682][ T148] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.501558][ T8782] loop4: detected capacity change from 0 to 128 [ 195.612085][ T8784] loop0: detected capacity change from 0 to 512 [ 195.658487][ T8784] EXT4-fs: Ignoring removed orlov option [ 195.695731][ T8784] EXT4-fs: Ignoring removed i_version option [ 195.758793][ T8784] EXT4-fs error (device loop0): ext4_iget_extra_inode:5028: inode #15: comm syz.0.916: corrupted in-inode xattr: e_value size too large [ 195.806325][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 195.815097][ T8784] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 195.826483][ T8784] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.916: couldn't read orphan inode 15 (err -117) [ 195.835721][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 195.835748][ C0] EXT4-fs (loop0): initial error at time 1773776225: ext4_iget_extra_inode:5028: inode 15 [ 195.835785][ C0] EXT4-fs (loop0): last error at time 1773776225: ext4_iget_extra_inode:5028: inode 15 [ 195.881175][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 195.953783][ T8784] loop0: lost filesystem error report for type 5 error -117 [ 195.959985][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 195.986685][ T8784] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.035888][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.165649][ T8784] EXT4-fs error (device loop0): ext4_map_blocks:779: inode #2: block 12: comm syz.0.916: lblock 3 mapped to illegal pblock 12 (length 1) [ 196.320222][ T5839] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.641302][ T8780] loop3: detected capacity change from 0 to 40427 [ 196.672029][ T8780] F2FS-fs (loop3): build fault injection rate: 771 [ 196.712334][ T8780] F2FS-fs (loop3): invalid crc value [ 196.973049][ T8794] loop4: detected capacity change from 0 to 32768 [ 196.976249][ T8780] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 197.025782][ T8780] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 197.044660][ T8794] (syz.4.918,8794,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 197.067949][ T5898] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 197.080573][ T8794] (syz.4.918,8794,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 197.176418][ T8794] JBD2: Ignoring recovery information on journal [ 197.247138][ T8807] f2fs_ckpt-7:3: attempt to access beyond end of device [ 197.247138][ T8807] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 197.279425][ T5898] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 197.300300][ T5898] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 197.310336][ T8794] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 197.318384][ T8807] CPU: 1 UID: 0 PID: 8807 Comm: f2fs_ckpt-7:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 197.318414][ T8807] Tainted: [L]=SOFTLOCKUP [ 197.318419][ T8807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 197.318428][ T8807] Call Trace: [ 197.318436][ T8807] [ 197.318443][ T8807] dump_stack_lvl+0xe8/0x150 [ 197.318471][ T8807] f2fs_handle_critical_error+0x37c/0x540 [ 197.318500][ T8807] f2fs_write_end_io+0x1274/0x1740 [ 197.318543][ T8807] __submit_merged_bio+0x256/0x700 [ 197.318570][ T8807] f2fs_submit_merged_write+0x284/0x390 [ 197.318596][ T8807] ? __pfx_f2fs_submit_merged_write+0x10/0x10 [ 197.318632][ T8807] f2fs_sync_node_pages+0x14bf/0x1680 [ 197.318670][ T8807] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 197.318733][ T8807] f2fs_write_checkpoint+0xeb8/0x26a0 [ 197.318780][ T8807] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 197.318834][ T8807] ? down_write+0x16d/0x200 [ 197.318853][ T8807] ? __pfx_down_write+0x10/0x10 [ 197.318878][ T8807] ? uplift_priority+0xdb/0x730 [ 197.318899][ T8807] ? __schedule+0x167b/0x5590 [ 197.318922][ T8807] __write_checkpoint_sync+0x124/0x2b0 [ 197.318945][ T8807] ? __pfx___write_checkpoint_sync+0x10/0x10 [ 197.318975][ T8807] ? __pfx___schedule+0x10/0x10 [ 197.319008][ T8807] __checkpoint_and_complete_reqs+0x53/0x2d0 [ 197.319031][ T8807] issue_checkpoint_thread+0xd6/0x280 [ 197.319051][ T8807] ? __pfx_issue_checkpoint_thread+0x10/0x10 [ 197.319071][ T8807] ? __pfx_autoremove_wake_function+0x10/0x10 [ 197.319094][ T8807] ? __kthread_parkme+0x7a/0x1f0 [ 197.319119][ T8807] kthread+0x388/0x470 [ 197.319138][ T8807] ? __pfx_issue_checkpoint_thread+0x10/0x10 [ 197.319152][ T8807] ? __pfx_kthread+0x10/0x10 [ 197.319172][ T8807] ret_from_fork+0x51e/0xb90 [ 197.319198][ T8807] ? __pfx_ret_from_fork+0x10/0x10 [ 197.319217][ T8807] ? __switch_to+0xc7d/0x1450 [ 197.319240][ T8807] ? __pfx_kthread+0x10/0x10 [ 197.319260][ T8807] ret_from_fork_asm+0x1a/0x30 [ 197.319293][ T8807] [ 197.320910][ T8807] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 197.543120][ T8807] CPU: 1 UID: 0 PID: 8807 Comm: f2fs_ckpt-7:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 197.543149][ T8807] Tainted: [L]=SOFTLOCKUP [ 197.543155][ T8807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 197.543164][ T8807] Call Trace: [ 197.543170][ T8807] [ 197.543178][ T8807] dump_stack_lvl+0xe8/0x150 [ 197.543210][ T8807] f2fs_handle_critical_error+0x37c/0x540 [ 197.543239][ T8807] f2fs_write_end_io+0x1274/0x1740 [ 197.543284][ T8807] __submit_merged_bio+0x256/0x700 [ 197.543312][ T8807] f2fs_submit_merged_write+0x284/0x390 [ 197.543338][ T8807] ? __pfx_f2fs_submit_merged_write+0x10/0x10 [ 197.543384][ T8807] f2fs_sync_node_pages+0x14bf/0x1680 [ 197.543425][ T8807] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 197.543487][ T8807] f2fs_write_checkpoint+0xeb8/0x26a0 [ 197.543534][ T8807] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 197.543576][ T8807] ? down_write+0x16d/0x200 [ 197.543596][ T8807] ? __pfx_down_write+0x10/0x10 [ 197.543610][ T8807] ? uplift_priority+0xdb/0x730 [ 197.543629][ T8807] ? __schedule+0x167b/0x5590 [ 197.543652][ T8807] __write_checkpoint_sync+0x124/0x2b0 [ 197.543676][ T8807] ? __pfx___write_checkpoint_sync+0x10/0x10 [ 197.543707][ T8807] ? __pfx___schedule+0x10/0x10 [ 197.543741][ T8807] __checkpoint_and_complete_reqs+0x53/0x2d0 [ 197.543765][ T8807] issue_checkpoint_thread+0xd6/0x280 [ 197.543786][ T8807] ? __pfx_issue_checkpoint_thread+0x10/0x10 [ 197.543803][ T8807] ? __pfx_autoremove_wake_function+0x10/0x10 [ 197.543825][ T8807] ? __kthread_parkme+0x7a/0x1f0 [ 197.543852][ T8807] kthread+0x388/0x470 [ 197.543871][ T8807] ? __pfx_issue_checkpoint_thread+0x10/0x10 [ 197.543885][ T8807] ? __pfx_kthread+0x10/0x10 [ 197.543905][ T8807] ret_from_fork+0x51e/0xb90 [ 197.543930][ T8807] ? __pfx_ret_from_fork+0x10/0x10 [ 197.543950][ T8807] ? __switch_to+0xc7d/0x1450 [ 197.543975][ T8807] ? __pfx_kthread+0x10/0x10 [ 197.543995][ T8807] ret_from_fork_asm+0x1a/0x30 [ 197.544029][ T8807] [ 197.544060][ T8807] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 197.752659][ T5898] usb 3-1: New USB device found, idVendor=08b7, idProduct=8000, bcdDevice= 0.00 [ 197.762022][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 197.771572][ T5898] usb 3-1: SerialNumber: syz [ 198.036046][ T5898] usb 3-1: 0:2 : does not exist [ 198.300119][ T5898] usb 3-1: USB disconnect, device number 14 [ 198.426705][ T5843] ocfs2: Unmounting device (7,4) on (node local) [ 198.515183][ T6222] udevd[6222]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 198.810975][ T8841] input: syz1 as /devices/virtual/input/input11 [ 199.237451][ T6003] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 199.262909][ T8839] loop5: detected capacity change from 0 to 32768 [ 199.418427][ T6003] usb 5-1: Using ep0 maxpacket: 16 [ 199.455166][ T6003] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.483370][ T8839] JBD2: Ignoring recovery information on journal [ 199.504861][ T6003] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.536852][ T8844] loop3: detected capacity change from 0 to 32768 [ 199.571797][ T8839] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 199.582894][ T6003] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 199.651596][ T8844] debugfs: 'B1DE653C5FFC4D88B33B244AAB9EB3E9' already exists in 'ocfs2' [ 199.662371][ T6003] usb 5-1: config 0 interface 0 has no altsetting 0 [ 199.662418][ T6003] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 199.662438][ T6003] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.699052][ T6003] usb 5-1: config 0 descriptor?? [ 199.723434][ T8844] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 199.784592][ T8844] JBD2: Ignoring recovery information on journal [ 199.835750][ T8851] loop2: detected capacity change from 0 to 32768 [ 199.862477][ T8851] (syz.2.936,8851,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 199.884488][ T8844] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 199.899758][ T8851] (syz.2.936,8851,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 199.939162][ T8849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 199.970179][ T8849] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 200.028288][ T8851] JBD2: Ignoring recovery information on journal [ 200.038579][ T8865] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 200.081810][ T8435] ocfs2: Unmounting device (7,5) on (node local) [ 200.099166][ T8851] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 200.210069][ T6003] hid (null): unknown global tag 0xc [ 200.236923][ T6003] hid (null): usage index exceeded [ 200.254087][ T6003] hid (null): unknown global tag 0xe [ 200.272111][ T6003] hid (null): nested delimiters [ 200.453074][ T6003] usb 5-1: USB disconnect, device number 11 [ 200.507585][ T8871] mmap: syz.5.943 (8871) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 200.548862][ T5836] ocfs2: Unmounting device (7,3) on (node local) [ 200.783792][ T5838] ocfs2: Unmounting device (7,2) on (node local) [ 200.908119][ T6003] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 201.073869][ T6003] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.116986][ T6003] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.144656][ T6003] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 201.200773][ T6003] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 201.242721][ T6003] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.304693][ T6003] usb 6-1: config 0 descriptor?? [ 201.526205][ T5161] Bluetooth: hci4: command 0x0406 tx timeout [ 201.534712][ T5161] Bluetooth: hci3: command 0x0406 tx timeout [ 201.535754][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 201.871700][ T6003] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 203.566194][ T8958] input: syz0 as /devices/virtual/input/input12 [ 203.911246][ T10] usb 6-1: USB disconnect, device number 2 [ 204.097624][ T5928] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 204.284084][ T5928] usb 3-1: Using ep0 maxpacket: 8 [ 204.312383][ T5928] usb 3-1: config index 0 descriptor too short (expected 74, got 45) [ 204.322764][ T5928] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 204.345847][ T5928] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 204.370560][ T5928] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 204.414076][ T5928] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 204.458800][ T5928] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.507110][ T5928] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 204.553135][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.834303][ T5928] usb 3-1: usb_control_msg returned -32 [ 204.853753][ T5928] usbtmc 3-1:16.0: can't read capabilities [ 205.116780][ T8982] loop0: detected capacity change from 0 to 32768 [ 205.143442][ T8982] xfs: Deprecated parameter 'attr2' [ 205.165440][ T8982] XFS: attr2 mount option is deprecated. [ 205.216503][ T8982] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 205.362619][ T8982] XFS (loop0): Ending clean mount [ 205.406512][ T8982] XFS (loop0): Quotacheck needed: Please wait. [ 205.591995][ T9016] usbtmc 3-1:16.0: control status returned 0 [ 205.735021][ T8982] XFS (loop0): Quotacheck: Done. [ 206.076081][ T5839] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 206.283586][ T993] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 206.382955][ T9022] loop5: detected capacity change from 0 to 40427 [ 206.445140][ T9022] F2FS-fs (loop5): invalid crc value [ 206.458800][ T993] usb 5-1: Using ep0 maxpacket: 16 [ 206.490592][ T993] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.520882][ T993] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 206.561023][ T993] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 206.587037][ T993] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.612878][ T993] usb 5-1: config 0 descriptor?? [ 206.714503][ T9022] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 206.731913][ T9022] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 206.829495][ T29] audit: type=1800 audit(1773776236.132:30): pid=9051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1002" name="file1" dev="loop5" ino=10 res=0 errno=0 [ 206.888433][ T9022] syz.5.1002: attempt to access beyond end of device [ 206.888433][ T9022] loop5: rw=2049, sector=45096, nr_sectors = 968 limit=40427 [ 206.912977][ T5913] usb 3-1: USB disconnect, device number 15 [ 206.947037][ T8435] syz-executor: attempt to access beyond end of device [ 206.947037][ T8435] loop5: rw=2049, sector=46064, nr_sectors = 8 limit=40427 [ 206.966654][ T8435] CPU: 1 UID: 0 PID: 8435 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 206.966682][ T8435] Tainted: [L]=SOFTLOCKUP [ 206.966688][ T8435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 206.966698][ T8435] Call Trace: [ 206.966705][ T8435] [ 206.966713][ T8435] dump_stack_lvl+0xe8/0x150 [ 206.966742][ T8435] f2fs_handle_critical_error+0x37c/0x540 [ 206.966770][ T8435] f2fs_write_end_io+0x1274/0x1740 [ 206.966814][ T8435] __submit_merged_bio+0x256/0x700 [ 206.966840][ T8435] __submit_merged_write_cond+0x3c9/0x4e0 [ 206.966869][ T8435] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 206.966913][ T8435] f2fs_write_data_pages+0x287e/0x34f0 [ 206.966970][ T8435] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 206.967005][ T8435] ? __pfx_css_rstat_updated+0x10/0x10 [ 206.967054][ T8435] ? mod_memcg_lruvec_state+0x208/0x220 [ 206.967078][ T8435] ? lru_gen_update_size+0x7c7/0xd10 [ 206.967110][ T8435] ? __lock_acquire+0x6b5/0x2cf0 [ 206.967160][ T8435] ? filemap_get_folios_tag+0x118/0x720 [ 206.967185][ T8435] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 206.967208][ T8435] do_writepages+0x32e/0x550 [ 206.967238][ T8435] ? do_raw_spin_unlock+0xf5/0x210 [ 206.967263][ T8435] filemap_fdatawrite+0x1e9/0x2f0 [ 206.967285][ T8435] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 206.967342][ T8435] ? do_raw_spin_unlock+0xf5/0x210 [ 206.967365][ T8435] f2fs_sync_dirty_inodes+0x30e/0x860 [ 206.967402][ T8435] f2fs_write_checkpoint+0x9df/0x26a0 [ 206.967451][ T8435] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 206.967520][ T8435] kill_f2fs_super+0x314/0x720 [ 206.967547][ T8435] ? __pfx_kill_f2fs_super+0x10/0x10 [ 206.967582][ T8435] ? lockdep_hardirqs_on+0x7a/0x110 [ 206.967615][ T8435] deactivate_locked_super+0xbc/0x130 [ 206.967639][ T8435] cleanup_mnt+0x437/0x4d0 [ 206.967655][ T8435] ? _raw_spin_unlock_irq+0x23/0x50 [ 206.967676][ T8435] task_work_run+0x1d9/0x270 [ 206.967697][ T8435] ? __pfx_task_work_run+0x10/0x10 [ 206.967727][ T8435] exit_to_user_mode_loop+0xed/0x480 [ 206.967746][ T8435] ? rcu_is_watching+0x15/0xb0 [ 206.967767][ T8435] do_syscall_64+0x32d/0xf80 [ 206.967783][ T8435] ? trace_irq_disable+0x3b/0x150 [ 206.967800][ T8435] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.967817][ T8435] ? clear_bhb_loop+0x40/0x90 [ 206.967838][ T8435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.967854][ T8435] RIP: 0033:0x7fcdb4b9d9d7 [ 206.967871][ T8435] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 206.967884][ T8435] RSP: 002b:00007fffe0eaf198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 206.967902][ T8435] RAX: 0000000000000000 RBX: 00007fcdb4c32050 RCX: 00007fcdb4b9d9d7 [ 206.967913][ T8435] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffe0eaf250 [ 206.967923][ T8435] RBP: 00007fffe0eaf250 R08: 00007fffe0eb0250 R09: 00000000ffffffff [ 206.967933][ T8435] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffe0eb02e0 [ 206.967943][ T8435] R13: 00007fcdb4c32050 R14: 0000000000032822 R15: 00007fffe0eb0320 [ 206.967971][ T8435] [ 207.272829][ T993] HID 045e:07da: Invalid code 65791 type 1 [ 207.291182][ T993] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000F/input/input13 [ 207.361803][ T8435] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 207.494826][ T9060] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input14 [ 207.528869][ T993] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 207.916573][ T993] usb 5-1: USB disconnect, device number 12 [ 207.940043][ T9062] loop3: detected capacity change from 0 to 32768 [ 207.949309][ T9062] btrfs: Deprecated parameter 'usebackuproot' [ 207.956308][ T9062] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 207.968005][ T9062] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1012 (9062) [ 208.049464][ T9062] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 208.095677][ T9062] BTRFS info (device loop3): using crc32c checksum algorithm [ 208.192031][ T12] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 208.228528][ T9074] pim6reg1: entered promiscuous mode [ 208.264218][ T9074] pim6reg1: entered allmulticast mode [ 208.288196][ T9062] BTRFS error (device loop3): failed to load root extent [ 208.314622][ T9062] BTRFS warning (device loop3): try to load backup roots slot 1 [ 208.367742][ T13] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 208.456642][ T9062] BTRFS warning (device loop3): couldn't read tree root [ 208.487525][ T9062] BTRFS warning (device loop3): try to load backup roots slot 2 [ 208.521483][ T138] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 208.543036][ T9095] loop0: detected capacity change from 0 to 512 [ 208.572657][ T9062] BTRFS warning (device loop3): couldn't read tree root [ 208.597752][ T9062] BTRFS warning (device loop3): try to load backup roots slot 3 [ 208.631822][ T9097] netlink: 'syz.4.1017': attribute type 3 has an invalid length. [ 208.682201][ T9097] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1017'. [ 208.689619][ T9095] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.1016: bg 0: block 5: invalid block bitmap [ 208.710125][ T9095] loop0: lost filesystem error report for type 5 error -117 [ 208.718344][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 208.732220][ C1] EXT4-fs (loop0): initial error at time 1773776238: ext4_validate_block_bitmap:432 [ 208.741653][ C1] EXT4-fs (loop0): last error at time 1773776238: ext4_validate_block_bitmap:432 [ 208.771855][ T9095] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6685: Corrupt filesystem [ 208.780846][ T9095] loop0: lost filesystem error report for type 5 error -117 [ 208.785058][ T9062] BTRFS info (device loop3): rebuilding free space tree [ 208.790975][ T9095] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.1016: invalid indirect mapped block 3 (level 2) [ 208.911916][ T9095] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 208.912602][ T9095] EXT4-fs (loop0): 1 orphan inode deleted [ 208.962657][ T9062] BTRFS info (device loop3): checking UUID tree [ 208.970410][ T9062] BTRFS info (device loop3): enabling ssd optimizations [ 208.985445][ T9095] EXT4-fs (loop0): 1 truncate cleaned up [ 209.012627][ T9095] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.022527][ T9062] BTRFS info (device loop3): turning on async discard [ 209.073293][ T9062] BTRFS info (device loop3): enabling free space tree [ 209.105748][ T9062] BTRFS info (device loop3): force clearing of disk cache [ 209.140298][ T9062] BTRFS info (device loop3): enabling auto defrag [ 209.159245][ T9062] BTRFS info (device loop3): trying to use backup root at mount time [ 209.173844][ T9062] BTRFS info (device loop3): use zstd compression, level 3 [ 209.189115][ T5839] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.435658][ T5836] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 210.390593][ T9127] loop4: detected capacity change from 0 to 131072 [ 210.398651][ T9127] F2FS-fs (loop4): Invalid log sectorsize (67108873) [ 210.405950][ T9127] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 210.417607][ T9127] F2FS-fs (loop4): invalid crc value [ 210.586921][ T9127] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 210.618528][ T9127] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 210.625882][ T9127] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 210.653355][ T9156] loop0: detected capacity change from 0 to 128 [ 211.651942][ T9213] loop5: detected capacity change from 0 to 256 [ 211.793497][ T9213] FAT-fs (loop5): Directory bread(block 64) failed [ 211.811754][ T9213] FAT-fs (loop5): Directory bread(block 65) failed [ 211.828187][ T9213] FAT-fs (loop5): Directory bread(block 66) failed [ 211.852217][ T9213] FAT-fs (loop5): Directory bread(block 67) failed [ 211.871494][ T9213] FAT-fs (loop5): Directory bread(block 68) failed [ 211.899421][ T9213] FAT-fs (loop5): Directory bread(block 69) failed [ 211.925299][ T9213] FAT-fs (loop5): Directory bread(block 70) failed [ 211.953475][ T9213] FAT-fs (loop5): Directory bread(block 71) failed [ 211.971180][ T9213] FAT-fs (loop5): Directory bread(block 72) failed [ 211.994564][ T9213] FAT-fs (loop5): Directory bread(block 73) failed [ 212.291069][ T9228] syz.5.1034: attempt to access beyond end of device [ 212.291069][ T9228] loop5: rw=2049, sector=1224, nr_sectors = 120 limit=256 [ 212.676134][ T9209] loop0: detected capacity change from 0 to 32768 [ 212.750823][ T9209] gfs2: fsid=batadv_slave_1: Trying to join cluster "lock_nolock", "batadv_slave_1" [ 212.773748][ T9209] gfs2: fsid=batadv_slave_1: Now mounting FS (format 1801)... [ 212.878111][ T9209] gfs2: fsid=batadv_slave_1.s: journal 0 mapped with 5 extents in 0ms [ 213.076550][ T9209] gfs2: fsid=batadv_slave_1.s: first mount done, others may mount [ 213.123105][ T9254] netlink: 204 bytes leftover after parsing attributes in process `syz.5.1045'. [ 213.809143][ T9273] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1054'. [ 213.932184][ T9273] hsr_slave_1 (unregistering): left promiscuous mode [ 213.976346][ T9249] loop4: detected capacity change from 0 to 32768 [ 214.192148][ T9249] loop4: p1 p3 < > [ 214.344438][ T9290] netlink: 'syz.0.1060': attribute type 18 has an invalid length. [ 214.374022][ T9290] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1060'. [ 214.403022][ T9290] netlink: 'syz.0.1060': attribute type 18 has an invalid length. [ 214.423457][ T9290] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1060'. [ 214.884617][ T9283] loop2: detected capacity change from 0 to 40427 [ 214.898840][ T9283] F2FS-fs: heap/no_heap options were deprecated [ 214.980521][ T9283] F2FS-fs (loop2): build fault injection rate: 19 [ 215.003797][ T9283] F2FS-fs (loop2): build fault injection type: 0x3bfe8c [ 215.045477][ T9283] F2FS-fs (loop2): invalid crc value [ 215.058897][ T9306] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.1067'. [ 215.074381][ T9306] netlink: Conntrack attr has 4 unknown bytes [ 215.092470][ T9283] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810 [ 215.322579][ T9283] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410 [ 215.404282][ T9283] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 215.424079][ T9283] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 215.584011][ T5844] udevd[5844]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 215.604663][ T9283] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060 [ 215.744683][ T9320] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xd80 [ 215.876357][ T9283] F2FS-fs (loop2): inject inconsistent footer in f2fs_sanity_check_node_footer of __get_node_folio+0x8b5/0xe90 [ 215.940498][ T9283] F2FS-fs (loop2): inconsistent node block, node_type:3, nid:11, node_footer[nid:11,ino:3,ofs:2041,cpver:0,blkaddr:0] [ 216.203768][ T5838] F2FS-fs (loop2): inject inconsistent footer in f2fs_sanity_check_node_footer of __write_node_folio+0x5ba/0x1a50 [ 216.218951][ T5838] F2FS-fs (loop2): inconsistent node block, node_type:0, nid:14, node_footer[nid:14,ino:14,ofs:0,cpver:0,blkaddr:0] [ 216.239492][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 216.239519][ T5838] Tainted: [L]=SOFTLOCKUP [ 216.239525][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 216.239534][ T5838] Call Trace: [ 216.239540][ T5838] [ 216.239547][ T5838] dump_stack_lvl+0xe8/0x150 [ 216.239574][ T5838] f2fs_handle_critical_error+0x37c/0x540 [ 216.239603][ T5838] __write_node_folio+0x5dd/0x1a50 [ 216.239647][ T5838] ? __pfx___write_node_folio+0x10/0x10 [ 216.239675][ T5838] ? f2fs_inode_chksum_set+0x13e/0x640 [ 216.239701][ T5838] ? folio_clear_dirty_for_io+0x1d4/0x710 [ 216.239720][ T5838] ? folio_clear_dirty_for_io+0x570/0x710 [ 216.239738][ T5838] ? folio_clear_dirty_for_io+0x1d4/0x710 [ 216.239761][ T5838] f2fs_sync_node_pages+0xeb4/0x1680 [ 216.239801][ T5838] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 216.239863][ T5838] f2fs_write_checkpoint+0xeb8/0x26a0 [ 216.239910][ T5838] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 216.239977][ T5838] kill_f2fs_super+0x314/0x720 [ 216.240006][ T5838] ? __pfx_kill_f2fs_super+0x10/0x10 [ 216.240045][ T5838] ? lockdep_hardirqs_on+0x7a/0x110 [ 216.240078][ T5838] deactivate_locked_super+0xbc/0x130 [ 216.240103][ T5838] cleanup_mnt+0x437/0x4d0 [ 216.240118][ T5838] ? _raw_spin_unlock_irq+0x23/0x50 [ 216.240138][ T5838] task_work_run+0x1d9/0x270 [ 216.240161][ T5838] ? __pfx_task_work_run+0x10/0x10 [ 216.240192][ T5838] exit_to_user_mode_loop+0xed/0x480 [ 216.240212][ T5838] ? rcu_is_watching+0x15/0xb0 [ 216.240233][ T5838] do_syscall_64+0x32d/0xf80 [ 216.240250][ T5838] ? trace_irq_disable+0x3b/0x150 [ 216.240267][ T5838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.240283][ T5838] ? clear_bhb_loop+0x40/0x90 [ 216.240303][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.240318][ T5838] RIP: 0033:0x7fb1cb99d9d7 [ 216.240335][ T5838] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 216.240348][ T5838] RSP: 002b:00007ffcccf2cdc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 216.240365][ T5838] RAX: 0000000000000000 RBX: 00007fb1cba32050 RCX: 00007fb1cb99d9d7 [ 216.240375][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcccf2ce80 [ 216.240384][ T5838] RBP: 00007ffcccf2ce80 R08: 00007ffcccf2de80 R09: 00000000ffffffff [ 216.240393][ T5838] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcccf2df10 [ 216.240403][ T5838] R13: 00007fb1cba32050 R14: 0000000000034b9f R15: 00007ffcccf2df50 [ 216.240432][ T5838] [ 216.240508][ T5838] F2FS-fs (loop2): Stopped filesystem due to reason: 9 [ 216.567406][ T5899] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 216.718616][ T5899] usb 6-1: Using ep0 maxpacket: 16 [ 216.748726][ T5899] usb 6-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 216.769130][ T6003] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 216.799259][ T5899] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.811259][ T5899] usb 6-1: Product: syz [ 216.822263][ T5899] usb 6-1: Manufacturer: syz [ 216.832647][ T5899] usb 6-1: SerialNumber: syz [ 216.890718][ T5899] usb 6-1: config 0 descriptor?? [ 216.910927][ T5899] ssu100 6-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 216.931699][ T6003] usb 1-1: config 1 interface 0 has no altsetting 0 [ 216.942167][ T6003] usb 1-1: string descriptor 0 read error: -22 [ 216.954330][ T6003] usb 1-1: New USB device found, idVendor=5543, idProduct=006e, bcdDevice= 0.40 [ 216.975918][ T6003] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.312330][ T5899] ssu100 6-1:0.0: probe with driver ssu100 failed with error -71 [ 217.333160][ T5899] usb 6-1: USB disconnect, device number 3 [ 217.437371][ T5898] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 217.597609][ T5898] usb 3-1: Using ep0 maxpacket: 8 [ 217.629878][ T6003] uclogic 0003:5543:006E.0010: failed retrieving string descriptor #200: -71 [ 217.655948][ T5898] usb 3-1: config 1 interface 0 has no altsetting 0 [ 217.685149][ T6003] uclogic 0003:5543:006E.0010: failed retrieving pen parameters: -71 [ 217.704913][ T5898] usb 3-1: string descriptor 0 read error: -22 [ 217.716058][ T5898] usb 3-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice= 0.40 [ 217.733601][ T6003] uclogic 0003:5543:006E.0010: failed probing pen v2 parameters: -71 [ 217.743310][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.751943][ T6003] uclogic 0003:5543:006E.0010: failed probing parameters: -71 [ 217.759987][ T6003] uclogic 0003:5543:006E.0010: probe with driver uclogic failed with error -71 [ 217.800986][ T6003] usb 1-1: USB disconnect, device number 6 [ 218.008986][ T9394] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1091'. [ 218.063568][ T9392] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.104214][ T9392] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.253248][ T5898] apple 0003:05AC:024C.0011: invalid report_size -1149171161 [ 218.285027][ T5898] apple 0003:05AC:024C.0011: item 0 4 1 7 parsing failed [ 218.312987][ T5898] apple 0003:05AC:024C.0011: parse failed [ 218.329526][ T5898] apple 0003:05AC:024C.0011: probe with driver apple failed with error -22 [ 218.429496][ T5898] usb 3-1: USB disconnect, device number 16 [ 218.665648][ T9187] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 218.686955][ T9187] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.708210][ T9185] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 218.734351][ T9185] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.753988][ T9185] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 218.795541][ T9185] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.813266][ T9185] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 218.827077][ T9185] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.841613][ T9413] loop4: detected capacity change from 0 to 128 [ 218.979438][ T9400] loop5: detected capacity change from 0 to 32768 [ 218.993362][ T9417] netlink: 1400 bytes leftover after parsing attributes in process `syz.0.1102'. [ 219.034376][ T9400] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 219.035413][ T9417] netlink: 1400 bytes leftover after parsing attributes in process `syz.0.1102'. [ 219.107190][ T9424] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1103'. [ 219.219107][ T9400] XFS (loop5): Ending clean mount [ 219.451570][ T9435] loop0: detected capacity change from 0 to 1024 [ 219.538614][ T8435] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 219.664829][ T9413] syz.4.1100: attempt to access beyond end of device [ 219.664829][ T9413] loop4: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 219.738771][ T6003] usb 4-1: new low-speed USB device number 5 using dummy_hcd [ 219.747439][ T9413] syz.4.1100: attempt to access beyond end of device [ 219.747439][ T9413] loop4: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 219.774925][ T9413] syz.4.1100: attempt to access beyond end of device [ 219.774925][ T9413] loop4: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 219.792427][ T9413] syz.4.1100: attempt to access beyond end of device [ 219.792427][ T9413] loop4: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 219.822040][ T9413] syz.4.1100: attempt to access beyond end of device [ 219.822040][ T9413] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 219.881057][ T9413] syz.4.1100: attempt to access beyond end of device [ 219.881057][ T9413] loop4: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 219.924257][ T6003] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 219.936341][ T6003] usb 4-1: config 0 has no interface number 0 [ 219.943719][ T9189] hfsplus: bad catalog file entry [ 219.958100][ T9413] syz.4.1100: attempt to access beyond end of device [ 219.958100][ T9413] loop4: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 219.977169][ T6003] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 220.001012][ T6003] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 220.007991][ T9189] hfsplus: b-tree write err: -5, ino 3 [ 220.045353][ T9413] syz.4.1100: attempt to access beyond end of device [ 220.045353][ T9413] loop4: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 220.059791][ T9433] loop2: detected capacity change from 0 to 32768 [ 220.067229][ T6003] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 220.108927][ T6003] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.121691][ T9413] syz.4.1100: attempt to access beyond end of device [ 220.121691][ T9413] loop4: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 220.133899][ T9433] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 220.185933][ T6003] usb 4-1: config 0 descriptor?? [ 220.203173][ T9433] JBD2: Ignoring recovery information on journal [ 220.204271][ T9413] syz.4.1100: attempt to access beyond end of device [ 220.204271][ T9413] loop4: rw=2049, sector=289, nr_sectors = 8 limit=128 [ 220.239607][ T9438] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 220.280618][ T6003] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 220.343352][ T9433] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 220.607852][ T6003] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 220.662972][ T5838] ocfs2: Unmounting device (7,2) on (node local) [ 220.767399][ T10] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 220.767606][ T6003] usb 6-1: Using ep0 maxpacket: 8 [ 220.799339][ T6003] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 220.817633][ T6003] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 220.832402][ T6003] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 220.845088][ T6003] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 220.857621][ T993] usb 4-1: USB disconnect, device number 5 [ 220.858495][ C1] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 220.880708][ T6003] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 220.893510][ T6003] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.928944][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 220.936885][ T10] usb 5-1: config 0 has an invalid interface number: 119 but max is 0 [ 220.956742][ T10] usb 5-1: config 0 has no interface number 0 [ 220.974294][ T10] usb 5-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 220.986030][ T10] usb 5-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 220.998953][ T10] usb 5-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 27 [ 221.010181][ T10] usb 5-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 221.026385][ T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 221.036499][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.044910][ T10] usb 5-1: Product: syz [ 221.049987][ T10] usb 5-1: Manufacturer: syz [ 221.055339][ T10] usb 5-1: SerialNumber: syz [ 221.064195][ T10] usb 5-1: config 0 descriptor?? [ 221.070915][ T9452] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 221.089288][ T10] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.119/input/input15 [ 221.103570][ T5196] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 221.123422][ T6003] usb 6-1: usb_control_msg returned -32 [ 221.130871][ T6003] usbtmc 6-1:16.0: can't read capabilities [ 221.164386][ C0] bcm5974 5-1:0.119: trackpad urb failed: -1 [ 221.300653][ T10] usb 5-1: USB disconnect, device number 13 [ 221.300790][ C1] bcm5974 5-1:0.119: trackpad urb failed: -19 [ 221.508160][ C0] usbtmc 6-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 222.514474][ T9492] loop4: detected capacity change from 0 to 128 [ 222.555259][ T9492] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 222.624639][ T9492] hpfs: filesystem error: improperly stopped [ 222.675460][ T9492] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 222.729046][ T9492] hpfs: You really don't want any checks? You are crazy... [ 222.771807][ T9492] hpfs: Code page index out of array [ 222.797124][ T9492] hpfs: code page support is disabled [ 222.816815][ T9492] hpfs: hpfs_map_4sectors(): unaligned read [ 222.850493][ T9492] hpfs: hpfs_map_4sectors(): unaligned read [ 222.857629][ T9480] loop2: detected capacity change from 0 to 131072 [ 222.885493][ T9492] hpfs: filesystem error: unable to find root dir [ 222.935715][ T9480] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 222.945771][ T9480] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 223.405735][ T10] usb 6-1: USB disconnect, device number 4 [ 223.928471][ T9508] loop0: detected capacity change from 0 to 32768 [ 223.963114][ T9508] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 223.992555][ T9508] XFS (loop0): Ending clean mount [ 224.001676][ T9508] XFS (loop0): Quotacheck needed: Please wait. [ 224.018422][ T6003] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 224.095413][ T9508] XFS (loop0): Quotacheck: Done. [ 224.191788][ T6003] usb 6-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 224.191818][ T6003] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.191837][ T6003] usb 6-1: Product: syz [ 224.191852][ T6003] usb 6-1: Manufacturer: syz [ 224.191867][ T6003] usb 6-1: SerialNumber: syz [ 224.200458][ T6003] usb 6-1: config 0 descriptor?? [ 224.213660][ T5839] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 224.724158][ T9547] 9pnet: p9_errstr2errno: server reported unknown error 0x00000 [ 225.437402][ T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 225.451917][ T6003] usb 6-1: f81604_read: reg: 100e failed: -EPROTO [ 225.533625][ T6003] usb 6-1: f81604_read: reg: 200f failed: -EPROTO [ 225.548904][ T6003] usb 6-1: USB disconnect, device number 5 [ 225.583769][ T6003] usb 6-1: f81604_read: reg: 100f failed: -ENODEV [ 225.627484][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 225.650206][ T9] usb 5-1: config 0 has no interfaces? [ 225.672679][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 225.700384][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.734003][ T9] usb 5-1: config 0 descriptor?? [ 225.746195][ T6003] usb 6-1: f81604_read: reg: 200f failed: -ENODEV [ 225.830645][ T9567] loop2: detected capacity change from 0 to 32768 [ 225.864777][ T9567] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1154 (9567) [ 225.910178][ T9567] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 225.930745][ T9567] BTRFS info (device loop2): using sha256 checksum algorithm [ 225.982381][ T9565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 226.019335][ T9565] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.089896][ T6003] usb 5-1: USB disconnect, device number 14 [ 226.113265][ T9567] BTRFS info (device loop2): enabling ssd optimizations [ 226.120740][ T9567] BTRFS info (device loop2): turning on async discard [ 226.128839][ T9567] BTRFS info (device loop2): enabling free space tree [ 226.135851][ T9567] BTRFS info (device loop2): enabling auto defrag [ 226.143182][ T9567] BTRFS info (device loop2): max_inline set to 4096 [ 226.605931][ T5838] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 226.836304][ T9611] netlink: 'syz.4.1164': attribute type 1 has an invalid length. [ 227.296819][ T9619] bond1: (slave veth3): Enslaving as an active interface with a down link [ 227.414513][ T9629] loop0: detected capacity change from 0 to 1024 [ 227.646220][ T9185] hfsplus: b-tree write err: -5, ino 3 [ 227.954763][ T9645] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 227.964721][ T9648] netlink: 'syz.2.1175': attribute type 8 has an invalid length. [ 227.972996][ T9648] netlink: 'syz.2.1175': attribute type 9 has an invalid length. [ 227.990357][ T9648] netlink: 'syz.2.1175': attribute type 10 has an invalid length. [ 228.005577][ T9648] netlink: 'syz.2.1175': attribute type 11 has an invalid length. [ 228.024282][ T9648] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1175'. [ 228.047865][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 228.086701][ T9634] loop5: detected capacity change from 0 to 32768 [ 228.114198][ T9634] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1169 (9634) [ 228.182868][ T9634] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 228.213922][ T9634] BTRFS info (device loop5): using crc32c checksum algorithm [ 228.222353][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 228.235019][ T10] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 228.243331][ T10] usb 1-1: config 0 has no interface number 0 [ 228.244469][ T9655] loop3: detected capacity change from 0 to 512 [ 228.253867][ T10] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 228.267667][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.276798][ T10] usb 1-1: Product: syz [ 228.281921][ T10] usb 1-1: Manufacturer: syz [ 228.323020][ T10] usb 1-1: SerialNumber: syz [ 228.379624][ T9655] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.399531][ T10] usb 1-1: config 0 descriptor?? [ 228.410462][ T9634] BTRFS info (device loop5): enabling ssd optimizations [ 228.423113][ T9655] ext4 filesystem being mounted at /239/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 228.436582][ T9634] BTRFS info (device loop5): turning on flush-on-commit [ 228.473352][ T9634] BTRFS info (device loop5): enabling free space tree [ 228.497032][ T9634] BTRFS info (device loop5): enabling auto defrag [ 228.506481][ T9634] BTRFS info (device loop5): use lzo compression, level 1 [ 228.515854][ T9634] BTRFS info (device loop5): max_inline set to 4096 [ 228.634755][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.808666][ T9683] loop3: detected capacity change from 0 to 512 [ 228.852947][ T10] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 228.885522][ T9683] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c198, mo2=0002] [ 228.916143][ T10] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 228.930155][ T9683] System zones: 1-12 [ 228.947164][ T9683] EXT4-fs error (device loop3): ext4_iget_extra_inode:5028: inode #15: comm syz.3.1181: corrupted in-inode xattr: e_value size too large [ 228.978526][ T9683] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 228.979097][ T9683] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1181: couldn't read orphan inode 15 (err -117) [ 228.988354][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 228.988379][ C0] EXT4-fs (loop3): initial error at time 1773776258: ext4_iget_extra_inode:5028: inode 15 [ 228.988408][ C0] EXT4-fs (loop3): last error at time 1773776258: ext4_iget_extra_inode:5028: inode 15 [ 229.060650][ T9683] loop3: lost filesystem error report for type 5 error -117 [ 229.062824][ T9683] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 229.384136][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.544265][ T8435] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 229.567608][ T10] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71 [ 229.607227][ T10] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 229.665941][ T10] usb 1-1: USB disconnect, device number 7 [ 230.346558][ T9717] netlink: 212344 bytes leftover after parsing attributes in process `syz.5.1193'. [ 230.522093][ T9727] loop2: detected capacity change from 0 to 512 [ 230.556894][ T9732] loop3: detected capacity change from 0 to 512 [ 230.568676][ T9733] Illegal XDP return value 4294967274 on prog (id 71) dev syz_tun, expect packet loss! [ 230.585432][ T9732] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 230.586439][ T9727] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 230.616563][ T9727] EXT4-fs (loop2): orphan cleanup on readonly fs [ 230.637972][ T9727] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated! [ 230.649999][ T9727] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota [ 230.653786][ T9732] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 230.660119][ T9727] EXT4-fs error (device loop2): ext4_acquire_dquot:7001: comm syz.2.1197: Failed to acquire dquot type 1 [ 230.660147][ T9727] loop2: lost filesystem error report for type 5 error -5 [ 230.677383][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 230.696689][ C0] EXT4-fs (loop2): initial error at time 1773776259: ext4_acquire_dquot:7001 [ 230.705511][ C0] EXT4-fs (loop2): last error at time 1773776259: ext4_acquire_dquot:7001 [ 230.732917][ T9732] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 230.768908][ T9732] System zones: 0-2, 18-18, 34-35 [ 230.773726][ T9727] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1197: bg 0: block 40: padding at end of block bitmap is not set [ 230.796802][ T9732] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.811871][ T9737] netlink: 7 bytes leftover after parsing attributes in process `syz.4.1201'. [ 230.823121][ T9727] loop2: lost filesystem error report for type 5 error -117 [ 230.845027][ T9727] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6685: Corrupt filesystem [ 230.927613][ T9727] loop2: lost filesystem error report for type 5 error -117 [ 230.928539][ T9727] EXT4-fs (loop2): 1 truncate cleaned up [ 230.996311][ T9727] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 231.033454][ T9727] EXT4-fs error (device loop2): ext4_get_link:106: inode #16: comm syz.2.1197: bad symlink. [ 231.056738][ T9727] EXT4-fs error (device loop2): ext4_get_link:106: inode #16: comm syz.2.1197: bad symlink. [ 231.212731][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.423513][ T5836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.589960][ T9757] xt_hashlimit: size too large, truncated to 1048576 [ 231.980942][ T9741] overlayfs: failed to clone lowerpath [ 232.265080][ T9752] loop4: detected capacity change from 0 to 32768 [ 232.361863][ T9752] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 232.555699][ T9] hid_parser_main: 4007 callbacks suppressed [ 232.555809][ T9] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 232.649770][ T9752] XFS (loop4): Ending clean mount [ 232.658082][ T9] hid-generic 0000:0000:0000.0012: hidraw0: HID v0.00 Device [syz1] on syz0 [ 232.699496][ T9752] XFS (loop4): Quotacheck needed: Please wait. [ 232.840865][ T5899] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 232.867765][ T9752] XFS (loop4): Quotacheck: Done. [ 233.098502][ T5899] usb 3-1: unable to get BOS descriptor or descriptor too short [ 233.120894][ T5899] usb 3-1: no configurations [ 233.133225][ T5899] usb 3-1: can't read configurations, error -22 [ 233.195933][ T5843] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 233.816260][ T993] IPVS: starting estimator thread 0... [ 233.958241][ T9808] IPVS: using max 40 ests per chain, 96000 per kthread [ 234.316783][ T9805] loop3: detected capacity change from 0 to 32768 [ 234.346149][ T9805] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1224 (9805) [ 234.424811][ T9805] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 234.464040][ T9805] BTRFS info (device loop3): using sha256 checksum algorithm [ 234.606379][ T9173] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 234.635531][ T9173] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.647392][ T9173] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 234.658764][ T9805] BTRFS info (device loop3): enabling ssd optimizations [ 234.665858][ T9805] BTRFS info (device loop3): turning on async discard [ 234.672727][ T9805] BTRFS info (device loop3): enabling free space tree [ 234.683721][ T9805] BTRFS info (device loop3): enabling auto defrag [ 234.702111][ T9805] BTRFS info (device loop3): max_inline set to 4096 [ 235.045196][ T5856] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 235.073221][ T5856] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 235.082353][ T5856] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 235.093534][ T5856] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 235.113189][ T5856] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 235.292214][ T5836] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 235.363314][ T9173] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 235.373934][ T9841] loop2: detected capacity change from 0 to 4096 [ 235.404883][ T9173] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.406445][ T9841] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 235.453977][ T9173] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 235.460151][ T9847] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1236'. [ 235.592900][ T9841] ntfs3(loop2): ino=19, mi_enum_attr [ 235.613784][ T9841] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 235.647696][ T9854] loop5: detected capacity change from 0 to 7 [ 235.691964][ T29] audit: type=1800 audit(1773776264.992:31): pid=9841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1231" name="file1" dev="loop2" ino=30 res=0 errno=0 [ 235.735131][ T9854] Dev loop5: unable to read RDB block 7 [ 235.766240][ T9854] loop5: unable to read partition table [ 235.812793][ T9854] loop5: partition table beyond EOD, truncated [ 235.825324][ T9854] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 235.873437][ T9173] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 235.887776][ T9173] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.920523][ T9173] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 236.440745][ T9874] tipc: Failed to remove unknown binding: 66,1,1/0:785320777/785320779 [ 236.485230][ T9874] tipc: Failed to remove unknown binding: 66,1,1/0:785320777/785320779 [ 236.564884][ T9173] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 236.603790][ T9173] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.638704][ T9173] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 236.870434][ T9885] geneve2: entered promiscuous mode [ 237.169602][ T5842] Bluetooth: hci3: command tx timeout [ 237.411256][ T9173] bridge_slave_1: left allmulticast mode [ 237.418482][ T9173] bridge_slave_1: left promiscuous mode [ 237.424414][ T9173] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.452856][ T9173] bridge_slave_0: left allmulticast mode [ 237.464078][ T9173] bridge_slave_0: left promiscuous mode [ 237.471653][ T9173] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.557664][ T993] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 237.768313][ T993] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 237.782835][ T993] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.828630][ T993] usb 4-1: config 0 descriptor?? [ 237.875912][ T993] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 237.914187][ T9173] bond2 (unregistering): (slave ip6erspan0): Releasing active interface [ 238.060130][ T9923] fuse: fd is not a fuse device [ 238.243754][ T9173] bond1 (unregistering): (slave geneve2): Releasing active interface [ 238.420127][ T9173] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 238.466980][ T9173] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 238.513154][ T9173] .` (unregistering): Released all slaves [ 238.554848][ T9173] bond1 (unregistering): Released all slaves [ 238.604950][ T9173] bond2 (unregistering): Released all slaves [ 238.719873][ T9836] chnl_net:caif_netlink_parms(): no params data found [ 239.142413][ T993] usb 4-1: USB disconnect, device number 6 [ 239.253760][ T5842] Bluetooth: hci3: command tx timeout [ 239.636462][ T9836] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.653948][ T9836] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.664608][ T9836] bridge_slave_0: entered allmulticast mode [ 239.683689][ T9836] bridge_slave_0: entered promiscuous mode [ 239.737663][ T9836] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.760175][ T9836] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.769466][ T9836] bridge_slave_1: entered allmulticast mode [ 239.778302][ T9836] bridge_slave_1: entered promiscuous mode [ 239.813616][ T9173] hsr_slave_0: left promiscuous mode [ 239.831963][ T9173] hsr_slave_1: left promiscuous mode [ 239.842462][ T9173] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.858906][ T9173] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 239.878955][ T9173] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.897576][ T9173] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 239.950564][ T9173] veth1_macvtap: left promiscuous mode [ 239.965205][ T9173] veth0_macvtap: left promiscuous mode [ 239.979992][ T9173] veth1_vlan: left promiscuous mode [ 239.992349][ T9173] veth0_vlan: left promiscuous mode [ 240.797989][ T9173] team0 (unregistering): Port device team_slave_1 removed [ 240.872369][ T9173] team0 (unregistering): Port device team_slave_0 removed [ 241.327422][ T5842] Bluetooth: hci3: command tx timeout [ 241.356043][ T9988] gretap0: entered promiscuous mode [ 241.523001][ T9836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.536675][ T9] IPVS: starting estimator thread 0... [ 241.670943][T10002] IPVS: using max 33 ests per chain, 79200 per kthread [ 241.755810][ T9836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.941632][ T9836] team0: Port device team_slave_0 added [ 241.965188][ T9836] team0: Port device team_slave_1 added [ 242.097696][ T9836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 242.112761][ T9836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 242.195995][ T9836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 242.212628][ T9836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 242.237833][ T9836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 242.267607][ T9836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 242.781466][T10046] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1295'. [ 243.066820][T10049] bridge1: entered promiscuous mode [ 243.113538][T10049] bridge1: left promiscuous mode [ 243.362119][ T9173] IPVS: stop unused estimator thread 0... [ 243.409029][ T5842] Bluetooth: hci3: command tx timeout [ 243.533522][ T9836] hsr_slave_0: entered promiscuous mode [ 243.555437][ T9836] hsr_slave_1: entered promiscuous mode [ 243.581144][ T9836] debugfs: 'hsr0' already exists in 'hsr' [ 243.598754][ T9836] Cannot create hsr debugfs directory [ 244.093477][T10079] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 245.008035][T10093] trusted_key: syz.3.1307 sent an empty control message without MSG_MORE. [ 245.132767][ T9836] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 245.161835][ T9836] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 245.206933][ T9836] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 245.222388][T10099] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1309'. [ 245.302931][ T9836] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 245.537502][ T993] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 245.569067][ T9836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.635356][ T9836] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.681913][ T9183] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.689210][ T9183] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.697844][ T993] usb 5-1: Using ep0 maxpacket: 32 [ 245.710932][ T993] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 245.740394][ T9181] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.747622][ T9181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.756598][ T993] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 245.775799][ T993] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 245.810139][ T993] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.855552][ T993] usb 5-1: config 0 descriptor?? [ 245.891265][ T993] hub 5-1:0.0: USB hub found [ 246.095823][ T993] hub 5-1:0.0: 1 port detected [ 246.537123][ T9836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 246.726887][ T993] hub 5-1:0.0: activate --> -90 [ 246.806512][T10160] loop2: detected capacity change from 0 to 128 [ 246.863102][T10160] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 246.880987][T10160] ext4 filesystem being mounted at /256/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 246.934592][ T5841] usb 5-1: USB disconnect, device number 15 [ 246.940851][ T993] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 247.198403][T10160] fscrypt: Adiantum using implementation "adiantum(xchacha12-lib,aes-lib)" [ 247.265109][ T9836] veth0_vlan: entered promiscuous mode [ 247.308878][ T5838] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 247.311175][ T9836] veth1_vlan: entered promiscuous mode [ 247.464382][ T9836] veth0_macvtap: entered promiscuous mode [ 247.524691][ T9836] veth1_macvtap: entered promiscuous mode [ 247.561971][T10177] overlayfs: failed to clone upperpath [ 247.603185][ T9836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 247.654639][ T9836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 247.723521][ T9181] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.759607][ T9181] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.772379][T10184] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.1333'. [ 247.791521][ T9181] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.826903][ T9181] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.185627][ T9189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 248.226444][ T9189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 248.353729][ T9189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 248.372540][ T9189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.092503][ T5898] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 249.148807][T10219] UHID_CREATE from different security context by process 649 (syz.2.1346), this is not allowed. [ 249.267383][ T5898] usb 7-1: Using ep0 maxpacket: 32 [ 249.300010][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 249.358148][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 249.387528][ T5898] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 249.419651][ T5898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.456552][ T5898] usb 7-1: config 0 descriptor?? [ 249.493709][ T5898] hub 7-1:0.0: USB hub found [ 249.535248][T10227] Invalid ELF header magic: != ELF [ 249.582788][T10228] fuse: root generation should be zero [ 249.676438][ T5898] hub 7-1:0.0: 1 port detected [ 250.119649][T10250] loop3: detected capacity change from 0 to 128 [ 250.290321][ T5898] hub 7-1:0.0: activate --> -90 [ 250.308866][T10255] bio_check_eod: 22 callbacks suppressed [ 250.308885][T10255] syz.3.1358: attempt to access beyond end of device [ 250.308885][T10255] loop3: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 250.336599][T10255] syz.3.1358: attempt to access beyond end of device [ 250.336599][T10255] loop3: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 250.351843][T10255] syz.3.1358: attempt to access beyond end of device [ 250.351843][T10255] loop3: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 250.357594][ T29] audit: type=1800 audit(1773776279.662:32): pid=10256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1360" name="file1" dev="overlay" ino=1594 res=0 errno=0 [ 250.371098][T10255] syz.3.1358: attempt to access beyond end of device [ 250.371098][T10255] loop3: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 250.421053][T10255] syz.3.1358: attempt to access beyond end of device [ 250.421053][T10255] loop3: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 250.450188][T10255] syz.3.1358: attempt to access beyond end of device [ 250.450188][T10255] loop3: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 250.466619][T10255] syz.3.1358: attempt to access beyond end of device [ 250.466619][T10255] loop3: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 250.483404][T10255] syz.3.1358: attempt to access beyond end of device [ 250.483404][T10255] loop3: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 250.498725][ T5928] usb 7-1: USB disconnect, device number 2 [ 250.518445][T10255] syz.3.1358: attempt to access beyond end of device [ 250.518445][T10255] loop3: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 250.556075][T10255] syz.3.1358: attempt to access beyond end of device [ 250.556075][T10255] loop3: rw=2049, sector=297, nr_sectors = 8 limit=128 [ 250.769791][T10266] netlink: 'syz.3.1364': attribute type 10 has an invalid length. [ 250.834188][T10266] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 251.204061][T10283] all: renamed from bond_slave_0 (while UP) [ 251.405802][T10287] af_packet: tpacket_rcv: packet too big, clamped from 65354 to 4294967272. macoff=96 [ 252.126900][T10301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1379'. [ 252.243748][T10296] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.255543][T10296] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.540135][T10296] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 252.675030][T10296] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 252.915671][T10314] loop4: detected capacity change from 0 to 128 [ 252.931862][T10314] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 252.975701][T10314] hpfs: filesystem error: improperly stopped [ 252.994705][T10314] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 253.024939][T10314] hpfs: You really don't want any checks? You are crazy... [ 253.038456][T10314] hpfs: Code page index out of array [ 253.071476][T10314] hpfs: code page support is disabled [ 253.097214][T10314] hpfs: hpfs_map_4sectors(): unaligned read [ 253.114856][T10314] hpfs: hpfs_map_4sectors(): unaligned read [ 253.122725][T10314] hpfs: filesystem error: unable to find root dir [ 253.162718][T10301] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1379'. [ 253.197240][ T9185] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.221696][ T9185] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.231805][ T9185] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.240803][ T9185] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.253993][ T9185] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.267096][ T9185] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.277725][ T9185] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 253.286650][ T9185] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.617391][ T5898] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 253.787394][ T5898] usb 7-1: Using ep0 maxpacket: 16 [ 253.812666][ T5898] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 253.857488][ T5898] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.885053][ T5898] usb 7-1: Product: syz [ 253.898612][ T5898] usb 7-1: Manufacturer: syz [ 253.913594][ T5898] usb 7-1: SerialNumber: syz [ 254.049502][T10352] Invalid ELF header magic: != ELF [ 254.558072][T10368] loop4: detected capacity change from 0 to 2048 [ 254.614675][ T5844] loop4: p3 < > p4 < > [ 254.627741][ T5844] loop4: partition table partially beyond EOD, truncated [ 254.648776][ T5844] loop4: p3 start 4284289 is beyond EOD, truncated [ 254.674985][T10368] loop4: p3 < > p4 < > [ 254.686229][T10368] loop4: partition table partially beyond EOD, truncated [ 254.709525][T10368] loop4: p3 start 4284289 is beyond EOD, truncated [ 255.393805][ T29] audit: type=1800 audit(1773776284.692:33): pid=10400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1416" name="nullb0" dev="tmpfs" ino=528 res=0 errno=0 [ 255.423611][ T5898] snd-usb-audio 7-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 255.456860][ T5898] usb 7-1: USB disconnect, device number 3 [ 255.508976][ T993] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 255.631438][T10409] netlink: 7 bytes leftover after parsing attributes in process `syz.5.1419'. [ 255.684845][ T993] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 255.700847][ T993] usb 4-1: can't read configurations, error -71 [ 255.736515][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.744960][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.095755][T10429] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=1420284373 (45449099936 ns) > initial count (5257758976 ns). Using initial count to start timer. [ 256.386048][ T5928] IPVS: starting estimator thread 0... [ 256.392200][T10442] IPVS: set_ctl: invalid protocol: 29 10.1.1.1:20001 [ 256.412845][T10439] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 256.524955][T10447] IPVS: using max 32 ests per chain, 76800 per kthread [ 256.742689][T10462] loop4: detected capacity change from 0 to 512 [ 256.756532][T10462] EXT4-fs: Ignoring removed mblk_io_submit option [ 256.769674][T10462] EXT4-fs: inline encryption not supported [ 256.775763][T10462] EXT4-fs: Ignoring removed mblk_io_submit option [ 256.787968][T10462] EXT4-fs (loop4): Test dummy encryption mode enabled [ 256.796101][T10462] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 256.848506][T10462] EXT4-fs (loop4): 1 truncate cleaned up [ 256.881722][T10462] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.909443][ T993] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 257.009804][T10462] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 257.109004][ T993] usb 4-1: Using ep0 maxpacket: 32 [ 257.125883][ T993] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 257.161033][ T993] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 257.182572][ T5843] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.193028][ T993] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 257.231903][ T993] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.266311][ T993] usb 4-1: config 0 descriptor?? [ 257.313980][ T993] hub 4-1:0.0: USB hub found [ 257.509923][ T993] hub 4-1:0.0: 1 port detected [ 257.987938][ T29] audit: type=1800 audit(1773776287.292:34): pid=10482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1444" name="file1" dev="overlay" ino=81 res=0 errno=0 [ 258.165036][ T993] hub 4-1:0.0: activate --> -90 [ 258.374189][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 258.386231][ T993] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 258.388302][ T5898] usb 4-1: USB disconnect, device number 9 [ 258.883274][T10502] atomic_op ffff88806b9b9198 conn xmit_atomic 0000000000000000 [ 259.153748][T10491] loop6: detected capacity change from 0 to 32768 [ 259.235804][T10491] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1446 (10491) [ 259.301230][T10491] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 259.328284][T10491] BTRFS info (device loop6): using sha256 checksum algorithm [ 259.547562][T10491] BTRFS info (device loop6): rebuilding free space tree [ 259.914907][T10491] BTRFS info (device loop6): enabling ssd optimizations [ 259.950286][T10491] BTRFS info (device loop6): using spread ssd allocation scheme [ 259.996779][T10491] BTRFS info (device loop6): turning on async discard [ 260.024737][T10546] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1455'. [ 260.034441][T10491] BTRFS info (device loop6): enabling free space tree [ 260.061895][T10491] BTRFS info (device loop6): force clearing of disk cache [ 260.074311][T10546] unsupported nlmsg_type 40 [ 260.428275][ T5912] kernel write not supported for file bpf-prog (pid: 5912 comm: kworker/0:5) [ 260.572186][ T29] audit: type=1800 audit(1773776289.872:35): pid=10491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1446" name="bus" dev="loop6" ino=263 res=0 errno=0 [ 260.827662][T10565] netlink: 212344 bytes leftover after parsing attributes in process `syz.4.1459'. [ 260.995441][T10570] netlink: 'syz.5.1461': attribute type 10 has an invalid length. [ 261.083213][T10577] netlink: 'syz.5.1461': attribute type 10 has an invalid length. [ 261.120440][ T9836] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 261.184287][T10570] team0: Failed to send options change via netlink (err -105) [ 261.219036][T10570] team0: Port device dummy0 added [ 261.242638][T10577] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 261.287739][T10581] fuse: fd is not a fuse device [ 261.391892][T10577] team0: Failed to send options change via netlink (err -105) [ 261.408764][T10577] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 261.473333][T10577] team0: Port device dummy0 removed [ 261.545591][T10577] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 261.556790][T10587] fuse: Bad value for 'fd' [ 263.261338][T10636] fuse: fd is not a fuse device [ 264.684295][T10649] loop6: detected capacity change from 0 to 131072 [ 264.854648][T10649] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 264.873789][T10649] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 264.974101][T10649] F2FS-fs (loop6): lookup inode (7) has corrupted xattr [ 264.982991][ T29] audit: type=1800 audit(1773776294.282:36): pid=10649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1485" name="file1" dev="loop6" ino=7 res=0 errno=0 [ 265.009738][T10649] F2FS-fs (loop6): lookup inode (7) has corrupted xattr [ 265.034896][T10649] F2FS-fs (loop6): lookup inode (7) has corrupted xattr [ 265.516247][T10689] fuse: fd is not a fuse device [ 265.541815][T10689] overlayfs: failed to clone lowerpath [ 265.747376][ T5899] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 265.902983][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1506'. [ 265.925957][ T5899] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.942325][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1506'. [ 265.954138][ T5899] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 265.996925][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.045003][ T5899] usb 5-1: config 0 descriptor?? [ 266.298063][ T5899] usbhid 5-1:0.0: can't add hid device: -71 [ 266.316252][ T5899] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 266.341295][ T5899] usb 5-1: USB disconnect, device number 16 [ 266.470868][T10721] loop6: detected capacity change from 0 to 512 [ 266.489002][T10721] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 266.561905][T10721] EXT4-fs error (device loop6): ext4_iget_extra_inode:5028: inode #15: comm syz.6.1511: corrupted in-inode xattr: invalid ea_ino [ 266.614297][T10721] loop6: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 266.614774][T10721] EXT4-fs error (device loop6): ext4_orphan_get:1396: comm syz.6.1511: couldn't read orphan inode 15 (err -117) [ 266.624015][ C1] EXT4-fs (loop6): error count since last fsck: 1 [ 266.624039][ C1] EXT4-fs (loop6): initial error at time 1773776295: ext4_iget_extra_inode:5028: inode 15 [ 266.624069][ C1] EXT4-fs (loop6): last error at time 1773776295: ext4_iget_extra_inode:5028: inode 15 [ 266.677405][T10721] loop6: lost filesystem error report for type 5 error -117 [ 266.681063][T10721] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 266.867392][ T5899] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 266.913628][T10740] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1518'. [ 266.963885][ T9836] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.029716][ T5899] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 267.051792][ T5899] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 267.084317][ T5899] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 267.097472][ T5840] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 267.102890][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.129681][ T5899] usb 5-1: config 0 descriptor?? [ 267.268631][ T5840] usb 3-1: Using ep0 maxpacket: 16 [ 267.284463][ T5840] usb 3-1: config index 0 descriptor too short (expected 12306, got 18) [ 267.298300][ T5840] usb 3-1: config 55 has too many interfaces: 49, using maximum allowed: 32 [ 267.317453][ T5840] usb 3-1: config 55 has an invalid descriptor of length 55, skipping remainder of the config [ 267.329134][ T5840] usb 3-1: config 55 has 0 interfaces, different from the descriptor's value: 49 [ 267.346243][ T5840] usb 3-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 267.356331][ T5840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.381232][ T5840] usb 3-1: Product: syz [ 267.390129][ T5840] usb 3-1: Manufacturer: syz [ 267.399786][ T5840] usb 3-1: SerialNumber: syz [ 267.566929][ T5899] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 267.838470][ T5840] usb 3-1: USB disconnect, device number 19 [ 268.003249][T10772] ªªªªªª: renamed from vlan0 (while UP) [ 268.045863][ T5928] usb 5-1: USB disconnect, device number 17 [ 268.644171][T10790] loop2: detected capacity change from 0 to 64 [ 270.230913][T10849] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1559'. [ 270.277871][T10849] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1559'. [ 270.775976][T10853] loop6: detected capacity change from 0 to 32768 [ 270.806064][T10853] btrfs: Deprecated parameter 'usebackuproot' [ 270.823591][T10853] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 270.850754][T10853] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1562 (10853) [ 270.881452][T10853] BTRFS error: failed to open device for path /dev/loop6 with flags 0x23: -16 [ 272.138568][T10882] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1572'. [ 272.772034][T10902] netlink: 1347 bytes leftover after parsing attributes in process `syz.5.1583'. [ 273.211663][T10917] fuse: fd is not a fuse device [ 273.241305][T10917] 9pnet_fd: p9_fd_create_unix (10917): problem connecting socket: ./file0: -111 [ 273.436857][T10922] loop4: detected capacity change from 0 to 512 [ 273.453500][T10888] loop6: detected capacity change from 0 to 32768 [ 273.494940][T10888] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 273.528692][T10888] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 273.644781][T10888] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 273.725215][ T5928] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 273.761379][ T5928] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 274.029673][ T5928] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 268ms [ 274.132381][ T5928] gfs2: fsid=syz:syz.0: jid=0: Done [ 274.164255][T10888] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 274.457466][ T29] audit: type=1800 audit(1773776303.732:37): pid=10922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1590" name="file2" dev="loop4" ino=1048634 res=0 errno=0 [ 274.501453][T10888] gfs2: fsid=syz:syz.0: found 1 quota changes [ 274.574511][T10951] loop2: detected capacity change from 0 to 128 [ 274.594681][ T29] audit: type=1800 audit(1773776303.892:38): pid=10937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1590" name="file2" dev="loop4" ino=1048634 res=0 errno=0 [ 274.770760][T10951] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 274.814114][T10951] ext4 filesystem being mounted at /307/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 275.125215][ T5838] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 275.398707][ T29] audit: type=1800 audit(1773776304.692:39): pid=10956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1575" name="file1" dev="loop6" ino=2341 res=0 errno=0 [ 275.766033][ T9836] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 11 2339, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 402 [ 275.860144][ T9836] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:aqonN t:EX d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 275.913537][ T9836] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:9836 [syz-executor] gfs2_quota_sync+0x370/0x470 [ 275.960543][ T9836] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 275.989835][ T9836] CPU: 1 UID: 0 PID: 9836 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 275.989863][ T9836] Tainted: [L]=SOFTLOCKUP [ 275.989869][ T9836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 275.989879][ T9836] Call Trace: [ 275.989967][ T9836] [ 275.989975][ T9836] dump_stack_lvl+0xe8/0x150 [ 275.990043][ T9836] gfs2_withdraw+0xc3/0x1b0 [ 275.990064][ T9836] inode_go_instantiate+0xdd8/0x1220 [ 275.990085][ T9836] ? preempt_schedule_common+0x82/0xd0 [ 275.990143][ T9836] ? __pfx_inode_go_instantiate+0x10/0x10 [ 275.990174][ T9836] gfs2_instantiate+0x168/0x220 [ 275.990196][ T9836] gfs2_glock_wait+0x1d4/0x2a0 [ 275.990218][ T9836] do_sync+0x49a/0xcb0 [ 275.990238][ T9836] ? _raw_spin_unlock+0x28/0x50 [ 275.990254][ T9836] ? gfs2_quota_sync+0x370/0x470 [ 275.990285][ T9836] ? __pfx_do_sync+0x10/0x10 [ 275.990315][ T9836] ? gfs2_quota_sync+0x370/0x470 [ 275.990340][ T9836] ? do_raw_spin_unlock+0xf5/0x210 [ 275.990365][ T9836] gfs2_quota_sync+0x370/0x470 [ 275.990397][ T9836] gfs2_sync_fs+0x4c/0xb0 [ 275.990419][ T9836] sync_filesystem+0xee/0x230 [ 275.990439][ T9836] generic_shutdown_super+0x77/0x2d0 [ 275.990465][ T9836] kill_block_super+0x44/0x90 [ 275.990483][ T9836] deactivate_locked_super+0xbc/0x130 [ 275.990507][ T9836] cleanup_mnt+0x437/0x4d0 [ 275.990523][ T9836] ? _raw_spin_unlock_irq+0x23/0x50 [ 275.990544][ T9836] task_work_run+0x1d9/0x270 [ 275.990571][ T9836] ? __pfx_task_work_run+0x10/0x10 [ 275.990602][ T9836] exit_to_user_mode_loop+0xed/0x480 [ 275.990648][ T9836] ? rcu_is_watching+0x15/0xb0 [ 275.990669][ T9836] do_syscall_64+0x32d/0xf80 [ 275.990687][ T9836] ? trace_irq_disable+0x3b/0x150 [ 275.990705][ T9836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.990721][ T9836] ? clear_bhb_loop+0x40/0x90 [ 275.990741][ T9836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.990757][ T9836] RIP: 0033:0x7ff3c879d9d7 [ 275.990874][ T9836] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 275.990888][ T9836] RSP: 002b:00007ffe70f368a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 275.990937][ T9836] RAX: 0000000000000000 RBX: 00007ff3c8832050 RCX: 00007ff3c879d9d7 [ 275.990948][ T9836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe70f36960 [ 275.990958][ T9836] RBP: 00007ffe70f36960 R08: 00007ffe70f37960 R09: 00000000ffffffff [ 275.990969][ T9836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe70f379f0 [ 275.990979][ T9836] R13: 00007ff3c8832050 R14: 000000000004333d R15: 00007ffe70f37a30 [ 275.991009][ T9836] [ 275.994098][ T9836] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 277.076367][T11009] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1627'. [ 278.994940][ T29] audit: type=1326 audit(1773776308.292:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.5.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdb4b9c799 code=0x7ffc0000 [ 279.060637][ T29] audit: type=1326 audit(1773776308.322:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.5.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdb4b9c799 code=0x7ffc0000 [ 279.108163][T11066] kernel profiling enabled (shift: 0) [ 279.116612][ T29] audit: type=1326 audit(1773776308.322:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.5.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fcdb4b9c799 code=0x7ffc0000 [ 279.158350][ T29] audit: type=1326 audit(1773776308.322:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.5.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdb4b9c799 code=0x7ffc0000 [ 279.217466][ T29] audit: type=1326 audit(1773776308.322:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.5.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdb4b9c799 code=0x7ffc0000 [ 279.268944][ T29] audit: type=1326 audit(1773776308.322:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.5.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7fcdb4b9c799 code=0x7ffc0000 [ 279.324776][ T29] audit: type=1326 audit(1773776308.322:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11063 comm="syz.5.1651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdb4b9c799 code=0x7ffc0000 [ 279.437613][ T5840] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 279.610591][ T5840] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 279.636495][ T5840] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.663242][ T5840] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 279.687135][ T5840] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.716401][ T5840] usb 5-1: config 0 descriptor?? [ 280.212441][ T5840] isku 0003:1E7D:319C.0014: unknown main item tag 0x0 [ 280.231581][ T5840] isku 0003:1E7D:319C.0014: unknown main item tag 0x0 [ 280.250280][ T5840] isku 0003:1E7D:319C.0014: unknown main item tag 0x0 [ 280.267993][ T5840] isku 0003:1E7D:319C.0014: unknown main item tag 0x1 [ 280.278857][ T5840] isku 0003:1E7D:319C.0014: unknown main item tag 0x0 [ 280.295926][ T5840] isku 0003:1E7D:319C.0014: unknown main item tag 0x0 [ 280.307697][ T5840] isku 0003:1E7D:319C.0014: item fetching failed at offset 6/7 [ 280.326313][ T5840] isku 0003:1E7D:319C.0014: parse failed [ 280.337248][ T5840] isku 0003:1E7D:319C.0014: probe with driver isku failed with error -22 [ 281.328260][ T9836] gfs2: fsid=syz:syz.0: warning: assertion "gfs2_log_is_empty(sdp)" failed - function = gfs2_make_fs_ro, file = fs/gfs2/super.c, line = 566 [ 281.347440][ T9836] CPU: 0 UID: 0 PID: 9836 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 281.347469][ T9836] Tainted: [L]=SOFTLOCKUP [ 281.347475][ T9836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 281.347484][ T9836] Call Trace: [ 281.347491][ T9836] [ 281.347499][ T9836] dump_stack_lvl+0xe8/0x150 [ 281.347526][ T9836] gfs2_assert_warn_i+0x194/0x2c0 [ 281.347552][ T9836] gfs2_make_fs_ro+0x30d/0x320 [ 281.347576][ T9836] ? __pfx_gfs2_make_fs_ro+0x10/0x10 [ 281.347593][ T9836] ? do_raw_spin_lock+0x12b/0x2f0 [ 281.347612][ T9836] ? __pfx_autoremove_wake_function+0x10/0x10 [ 281.347641][ T9836] ? do_raw_spin_unlock+0xf5/0x210 [ 281.347664][ T9836] gfs2_put_super+0x220/0x860 [ 281.347690][ T9836] ? __pfx_gfs2_put_super+0x10/0x10 [ 281.347709][ T9836] generic_shutdown_super+0x13d/0x2d0 [ 281.347735][ T9836] kill_block_super+0x44/0x90 [ 281.347752][ T9836] deactivate_locked_super+0xbc/0x130 [ 281.347774][ T9836] cleanup_mnt+0x437/0x4d0 [ 281.347789][ T9836] ? _raw_spin_unlock_irq+0x23/0x50 [ 281.347810][ T9836] task_work_run+0x1d9/0x270 [ 281.347833][ T9836] ? __pfx_task_work_run+0x10/0x10 [ 281.347863][ T9836] exit_to_user_mode_loop+0xed/0x480 [ 281.347886][ T9836] ? rcu_is_watching+0x15/0xb0 [ 281.347907][ T9836] do_syscall_64+0x32d/0xf80 [ 281.347924][ T9836] ? trace_irq_disable+0x3b/0x150 [ 281.347942][ T9836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.347958][ T9836] ? clear_bhb_loop+0x40/0x90 [ 281.347978][ T9836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.347993][ T9836] RIP: 0033:0x7ff3c879d9d7 [ 281.348010][ T9836] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 281.348023][ T9836] RSP: 002b:00007ffe70f368a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 281.348041][ T9836] RAX: 0000000000000000 RBX: 00007ff3c8832050 RCX: 00007ff3c879d9d7 [ 281.348052][ T9836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe70f36960 [ 281.348062][ T9836] RBP: 00007ffe70f36960 R08: 00007ffe70f37960 R09: 00000000ffffffff [ 281.348073][ T9836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe70f379f0 [ 281.348083][ T9836] R13: 00007ff3c8832050 R14: 000000000004333d R15: 00007ffe70f37a30 [ 281.348110][ T9836] [ 281.596966][ T9836] gfs2: fsid=syz:syz.0: gfs2_evict_inode: -5 [ 282.153226][ T5898] usb 5-1: USB disconnect, device number 18 [ 282.280609][T11105] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1667'. [ 282.672594][ T5912] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 282.700956][ T5912] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 282.727532][ T5912] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 282.751746][ T5912] hid-generic 0006:0004:0009.0015: unknown main item tag 0x0 [ 282.798741][ T5912] hid-generic 0006:0004:0009.0015: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0 [ 282.810404][T11121] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1674'. [ 282.980977][T11123] fido_id[11123]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 285.192224][T11163] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1690'. [ 288.457231][T11246] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI [ 288.469245][T11246] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 288.477776][T11246] CPU: 0 UID: 0 PID: 11246 Comm: syz.6.1725 Tainted: G L syzkaller #0 PREEMPT(full) [ 288.488722][T11246] Tainted: [L]=SOFTLOCKUP [ 288.493063][T11246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 288.503136][T11246] RIP: 0010:do_dentry_open+0xaf/0x14e0 [ 288.508613][T11246] Code: 44 24 28 80 3c 28 00 74 08 4c 89 ff e8 ba 5b ef ff 4c 89 7c 24 20 4d 89 27 4d 8d 7c 24 30 4c 89 f8 48 c1 e8 03 48 89 44 24 58 <80> 3c 28 00 74 08 4c 89 ff e8 a3 5a ef ff 4c 89 7c 24 60 4d 8b 3f [ 288.528233][T11246] RSP: 0018:ffffc9000eed7638 EFLAGS: 00010206 [ 288.534318][T11246] RAX: 0000000000000006 RBX: ffff88805874c160 RCX: 0000000000000000 [ 288.542305][T11246] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000ffffffff [ 288.550382][T11246] RBP: dffffc0000000000 R08: ffff88807a5410e3 R09: 1ffff1100f4a821c [ 288.558373][T11246] R10: dffffc0000000000 R11: ffffed100f4a821d R12: 0000000000000000 [ 288.566359][T11246] R13: 1ffff1100b0e983d R14: ffff88805874c1e8 R15: 0000000000000030 [ 288.574344][T11246] FS: 00007ff3c96cd6c0(0000) GS:ffff888125435000(0000) knlGS:0000000000000000 [ 288.583285][T11246] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 288.589885][T11246] CR2: 0000200000053030 CR3: 000000005cdc8000 CR4: 00000000003526f0 [ 288.597873][T11246] Call Trace: [ 288.601158][T11246] [ 288.604093][T11246] ? vfs_open+0x31/0x340 [ 288.608350][T11246] vfs_open+0x3b/0x340 [ 288.612487][T11246] ? backing_file_open_user_path+0x12/0x50 [ 288.618311][T11246] backing_file_open_user_path+0x24/0x50 [ 288.623956][T11246] backing_tmpfile_open+0x9b/0xf0 [ 288.628992][T11246] ovl_tmpfile+0x400/0x810 [ 288.633423][T11246] ? __pfx_ovl_tmpfile+0x10/0x10 [ 288.638370][T11246] ? _raw_spin_unlock+0x28/0x50 [ 288.643226][T11246] ? d_alloc+0x144/0x190 [ 288.647482][T11246] ? mode_strip_sgid+0x6a/0x1b0 [ 288.652348][T11246] vfs_tmpfile+0x3ff/0x890 [ 288.656857][T11246] do_tmpfile+0xd3/0x240 [ 288.661118][T11246] path_openat+0x300d/0x3860 [ 288.665708][T11246] ? arch_stack_walk+0xfb/0x150 [ 288.670564][T11246] ? do_getname+0x2e/0x250 [ 288.674983][T11246] ? stack_trace_save+0xa9/0x100 [ 288.679922][T11246] ? __pfx_stack_trace_save+0x10/0x10 [ 288.685296][T11246] ? __futex_wait+0x371/0x420 [ 288.689979][T11246] ? do_getname+0x2e/0x250 [ 288.694402][T11246] ? stack_depot_save_flags+0x33/0x810 [ 288.700128][T11246] ? kasan_save_track+0x3e/0x80 [ 288.704989][T11246] ? __kasan_slab_alloc+0x6c/0x80 [ 288.710016][T11246] ? __pfx_path_openat+0x10/0x10 [ 288.714959][T11246] ? __x64_sys_open+0x11e/0x150 [ 288.719816][T11246] ? do_syscall_64+0x14d/0xf80 [ 288.724584][T11246] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.730661][T11246] ? __lock_acquire+0x6b5/0x2cf0 [ 288.735615][T11246] do_file_open+0x23e/0x4a0 [ 288.740130][T11246] ? __pfx_do_file_open+0x10/0x10 [ 288.745168][T11246] ? _raw_spin_unlock+0x28/0x50 [ 288.750022][T11246] ? alloc_fd+0x64b/0x6c0 [ 288.754366][T11246] do_sys_openat2+0x113/0x200 [ 288.759048][T11246] ? __se_sys_futex+0x3a8/0x450 [ 288.763914][T11246] ? __pfx_do_sys_openat2+0x10/0x10 [ 288.769121][T11246] ? rcu_is_watching+0x15/0xb0 [ 288.773891][T11246] __x64_sys_open+0x11e/0x150 [ 288.778583][T11246] do_syscall_64+0x14d/0xf80 [ 288.783193][T11246] ? trace_irq_disable+0x3b/0x150 [ 288.788239][T11246] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.794397][T11246] ? clear_bhb_loop+0x40/0x90 [ 288.799083][T11246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.804980][T11246] RIP: 0033:0x7ff3c879c799 [ 288.809398][T11246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 288.829010][T11246] RSP: 002b:00007ff3c96cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 288.837433][T11246] RAX: ffffffffffffffda RBX: 00007ff3c8a15fa0 RCX: 00007ff3c879c799 [ 288.845844][T11246] RDX: 0000000000000008 RSI: 0000000000d5b203 RDI: 00002000000000c0 [ 288.853819][T11246] RBP: 00007ff3c8832c99 R08: 0000000000000000 R09: 0000000000000000 [ 288.861793][T11246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 288.869778][T11246] R13: 00007ff3c8a16038 R14: 00007ff3c8a15fa0 R15: 00007ffe70f37638 [ 288.877769][T11246] [ 288.880882][T11246] Modules linked in: [ 288.885659][T11246] ---[ end trace 0000000000000000 ]--- [ 288.892676][T11246] RIP: 0010:do_dentry_open+0xaf/0x14e0 [ 288.898206][T11246] Code: 44 24 28 80 3c 28 00 74 08 4c 89 ff e8 ba 5b ef ff 4c 89 7c 24 20 4d 89 27 4d 8d 7c 24 30 4c 89 f8 48 c1 e8 03 48 89 44 24 58 <80> 3c 28 00 74 08 4c 89 ff e8 a3 5a ef ff 4c 89 7c 24 60 4d 8b 3f [ 288.918771][T11246] RSP: 0018:ffffc9000eed7638 EFLAGS: 00010206 [ 288.930632][T11246] RAX: 0000000000000006 RBX: ffff88805874c160 RCX: 0000000000000000 [ 288.968436][T11246] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000ffffffff [ 288.976557][T11246] RBP: dffffc0000000000 R08: ffff88807a5410e3 R09: 1ffff1100f4a821c [ 288.985695][T11246] R10: dffffc0000000000 R11: ffffed100f4a821d R12: 0000000000000000 [ 288.995853][T11246] R13: 1ffff1100b0e983d R14: ffff88805874c1e8 R15: 0000000000000030 [ 289.006714][T11246] FS: 00007ff3c96cd6c0(0000) GS:ffff888125535000(0000) knlGS:0000000000000000 [ 289.016530][T11246] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 289.023807][T11246] CR2: 00007f338a9e7158 CR3: 000000005cdc8000 CR4: 00000000003526f0 [ 289.032644][T11246] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 289.041113][T11246] DR3: 000000000000000c DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 289.049811][T11246] Kernel panic - not syncing: Fatal exception [ 289.056152][T11246] Kernel Offset: disabled [ 289.060463][T11246] Rebooting in 86400 seconds..