last executing test programs: 15m39.021158757s ago: executing program 4 (id=1437): syz_mount_image$nilfs2(&(0x7f0000001600), &(0x7f0000001640)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="003bca07580e5f07bfc3780af4291ccfd31c2499a9e948223093556c2693964e0fdb7cd0cd83d139a3a8b821135cd7a3b8830c6a5b6c7b0ea5817ec426a6783886a07ddc5ef2e8b2c395cfdab785972bf72b92a09b476c06229d9e755fd9988d2f18621cd9bb86e8c17e73947844b50d384903a13d0950383872d7f47e3d3b6e588f9241e282a5fa5962a034f59cfaa157036168240b7552a7212e8606165c5cf41dd9584675b0260fd64a847f838b434e584a1074a3455aba0c991566879eff009ac28d9d3c6454ab78d0b963685047b6c488545695e645afc45734f95914fb44630d0567ec1d9d7d1c7dbcb38cbc27f5ee119ae60612044baf751b0c87695c4894e4fa11c83e1851507c9953ec3973c11d920d693ef5e3d7c0d72f6323547c3cde5010eadf1129bd"], 0x1, 0x15ce, &(0x7f00000016c0)="$eJzs3ctvXFcZAPB7Jx6P3bxsGkpo0zSURyKhOknjSmGFK3XVBRJCSDyKUNW6IcItiCChFiTq/AWVEAs2CKou2KBu2KBuUCUkVmz4B6BiwSZFRUXiIWKU5JzxzGdf3ZnxPDy5v5/05XjuuXPPdz3je8/Ex+cUQGO17v67vn66LIqf/vYnz5x552enyqIoHuvusdGz371H7Z7Hx8PxNjr3yv998KMXesvbqSyLJ4uyKLvbiy/c6j73aFEUrxfnit8VK8Xvv/zZ49sPPXt++8q/vvjc0b+endDpd5WTbgAAAA6BZ9755w9+/t9nv7T6n7fPbhSd7vbcP99Ij4+mfv+l1FHO/eX8OaDsKct9+tOLYb8jKVphvyNhv4XQzkJFe+1wnHbFfos17R3p2bbfeQLA/SDf11aKsrXW97jVWlu7d9+/48+dxXLtletbL92YUaIAwNh8+Pn0IV8IIYQQjYmdk7PugQAATRfHDe/x+nhH6naPtjRY+7eebu3/fBiDab//tT9f7b+17YrD+Nyv76Z8XvnnKI9jiOMIj4TnDfvz3wrHWRgyz6pxhfMy3rAqz/h9Payq8h/2dZyVqvzjeNjDqir/OE73sKrKvzPlPEZVlf/SlPMYVVX+y1POY149msr8fYx/aNt7/4zX9Hm5xgMA/f5t/J8QQgjRuPjxrDsgAMChE+fH2UlyfZyPJ9bHeXhifZwXKNZ3auqXauoBgL2u/Obar98od3/Pf9DxcHncxQOpPDpkPnE84rDtH3Tc00Hbn5dxSwA02zc/XP3LH2+++I84/+/tMP/vmXQv/1UaKJjHCx4r+h935/49199Oq2K/YyGf41XHu9C/34mq/S7173eyar+r/futhP3aKeI43vj/Dcvhebnfk/tRuf+T/59ktSqfMOB2Mey3kCKut3Ii5LPnfC/15xPHtef2V8L22I/K+62G7bG/uBxOJc6f/Hgqb6byzVS+m8r39mkXgPHL99+q+X/z/eZ00S5fur61mW+v+b7zh067c2f75SnnDQCMbtD5/08X/fP/H+tub7d6+wUnd7eXvf2ClbD9yYrtV9Lj/DnzW53lu9vXXvjO1ovjPnkAaKgbr7727ee3tja/5wtf+MIX3S9mfWUCJu3i91/+7sUbr772xPWXn7+2eW3zlStPXV6/+tTn1i9dvnj3c/3F3k/3AMD9YLfTP+tMAAAAAAAAAAAAAACAKtP4c+JZnyMA0O996/8LIYQQjYudnbiCCwDAdA273u5BdY+WFq3L6x7m8tgTf1q9E3m3W0/395fi+oVwENN+/2t/vtp/a3u87XfXAx34+tfqP8C50dr9ytt/f7+3/YcXBmw/nv+F0dr/amj/fDFY+zu/DO2PODXu10L7DwzY/p7zvzpa+19P7Z9Kjy98ctD2+1//vD5uXvN10PX/nwvnn9f2Gfr8l4Y46R7fSO0DQBO1Zp3AhOReQu5H535I73r6xT7r1w/b/2+F48T19UeVj5v7QWfS49zdyessdsLzhs0/r+98Ihy3HLBfW/X+mZffKlXlP67XcdKq8m9POY9RVeW/OOU8RlWVf/y5PKyq8h/xY9XUVeW/POU85tWjqczfx7OhPt9/zu9zTZ+XazwA0O9vxv8LIYQQjYumj/+f7GgeONya/v5v+vk3++rv9a+T3x/5+xR/37JQU9+uqV+sqe+E+vh6LdXUPxiOu5Pk+lM19R+tqX+opv5jNfUna+o/XlP/cE39IzX18fc/sf5sTT0A8+l0Kl3fAaA58rhv938AaI6VVLr/A0Bz5Il1qu7/Z2rqAYD585FUur8DQIOU+8/0FMfjP57Km6l8M5XvpvK9iSUITNpjqczTuX8ilfnnPk0PXnwqlZ9O5WemlB8wfr/44QcPvlHuzvP3SKgfdD7ZstX/l3dx/v/zA+YT/35v2PlsVwZsZ1Ltrx6wfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+z/4csiYQhnEAf97BWDgGS2MsbGsLa9t9gIWlBcFgs9lsdoP3GcQPY7P4RcRqsFkE8Q7PE6yH5fcLz8MD/z8vLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABNd+XM85cUMZtP/1aj4WuKiPc68dvIVdd9RKSL/tnkodr77Xhwbaf4Lufpjs6m7mbHfnzEIp5i2ft6LJ7/P4ufXbefrd9a+n4ttf0AAAAA3NAhAAD//w71JPs=") r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 15m37.956546023s ago: executing program 4 (id=1452): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@ipv4_newrule={0x3c, 0x20, 0x1, 0x70bd26, 0x25dfdbfb, {0x2, 0x10, 0x10, 0x0, 0x9, 0x0, 0x0, 0x6, 0x10006}, [@FRA_SRC={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2a}}, @FRA_FLOW={0x8, 0xb, 0x6}, @FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x89}, @FRA_DST={0x8, 0x1, @empty}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4004804) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='L\x00\x00\x00!'], 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) 15m37.327797176s ago: executing program 4 (id=1459): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000400)=0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2) 15m36.694809055s ago: executing program 4 (id=1466): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x200000, &(0x7f0000000000)={[{@errors_remount}]}, 0xfe, 0x596, &(0x7f00000026c0)="$eJzs3d9rFNceAPDvbLLRGK9GELn3crkEfKhF3Jikthb6YB9LKxXadxuSNUg2rmQ3YlKh+lBf+lKkUEqF0j+g730q0n+gf4WlFaRIqAX7sGU2s7pJdvPL1azZzwdG58ycmXPOznxPzuzZZQPoWSPpP7mI/0TEl0nE4aZ9/ZHtHFnJt/zoxlS6JFGrffRHEkm2rZE/yf4fyhL/joifP484mVtfbmVxaXayVCrOZ+nR6tzV0cri0qnLc5MzxZnilfGJibNnJsbffuvNjrX19QuPv/nw3ntnvzi+/PUPD47cSeJcHMz2NbdjQ/s23HuzOTESI9lrko9zazKObafir4BktyvAjvRlcZ6PtA84HH1Z1AN732cRUdu+Jzs4Bug6yU7iH9gDGuOAxrP9lp+D94iH7648AK1vf7Ly3kjsrz8bHVhOVj0Zpc+7wx0oPy3jx9/v3kmX2M77EADP6eatiDjd39++/1vj79qWz316C3nWlqH/g5fnXjr++WkwYl38556Of6LF+GeoRezuxObxn3uwMgnVZKADBWfS8d87Lce/T4sc7stS/6qP+fLJpculYtq3HYqIE5Hfl6Y3ms85u3y/bafZPP5Ll7T8xlgwq8eD/jVzTtOT1cnnaXOzh7ci/rvJ+Ddpcf3T1+PCFss4Vrz7/3b7Nm//i1X7PuK1ltf/2YxWsvH85Gj9fhht3BXr/Xn72C/tyt/t9qfX/8DG7R9OmudrK9sv47v9T4rt9o0k2aTpNu//geTjes/U6AquT1ar82MRA8kH9fSq7ePPjm2kG/nT9p843jr+N7r/ByPiky22//bR222z1q//4d29/tPbuv4brzw+s3JQ867773/6bbvyt9b/vVFfO5Ft2Ur/17aCA6u37PiFAwAAAAAAgC6UG4g4GEmukM3pH4xcrlBY+XzH0TiQK5Ur1ZOXygtXpqP+XdnhyOcaM91DTZ+HGMuOb6THs8/HNtITEXEkIr7qG6ynC1Pl0vRuNx4AAAAAAAAAAAAAAAAAAAC6xFC0/v5/6re+3a4d8ML5yW/oXavif1+LDJ34pSegK/n7D71L/EPvEv/Qu8Q/9C7xD71L/EPv2ln8/+9QxysCvHT+/gMAAAAAAAAAAAAAAAAAAAAAAAAAAEBHXTh/Pl1qy49uTEXE/ri2uDBbvnZqupifLcwtTBWmyvNXCzPl8kypWJgqz212vlK5fHVsPBauj1aLlepoZXHp4lx54Ur14uW5yZnixWL+5TQLAAAAAAAAAAAAAAAAAAAAXimVxaXZyVKpON+dK/kOn/DXLmnXHlrp745qWJmvDEYHT7i6n/irVqvtVh8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8EAAD//3hONlo=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x1c1) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x80086601, 0x0) 15m36.198585885s ago: executing program 4 (id=1472): socket$netlink(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) syz_emit_ethernet(0x8e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaac437bf8cb64c86dd6bcce16400000000000000000001000000000000000000000000000000002c"], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 15m32.798079513s ago: executing program 4 (id=1520): r0 = fsopen(&(0x7f0000000040)='ocfs2_dlmfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x1) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f00000000c0)='ro\x00', 0x0, 0x0) 15m32.151090106s ago: executing program 32 (id=1520): r0 = fsopen(&(0x7f0000000040)='ocfs2_dlmfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x1) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f00000000c0)='ro\x00', 0x0, 0x0) 12m0.539065687s ago: executing program 1 (id=3596): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x8480, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000001c0)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x1000)=nil, 0x1000, 0xfffffffffffffffe}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x6, r1, r1, 0xfffffffffffffffa, 0x35, 0x4001}) 12m0.306894431s ago: executing program 1 (id=3598): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1, 0x1}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000000)={r2, 0x1}, 0x8) 12m0.129424306s ago: executing program 1 (id=3602): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs(r0, &(0x7f00000001c0)='pagemap\x00') 11m59.879838485s ago: executing program 1 (id=3604): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000fc4000/0x3000)=nil, 0x3000}, 0x1}) 11m59.542320654s ago: executing program 1 (id=3608): r0 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace(0x4206, r0) waitid(0x0, 0x0, 0x0, 0xe, 0x0) 11m59.243286204s ago: executing program 1 (id=3610): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000}]}}) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r1, @ANYRESHEX=r2], 0x15) 11m43.793364882s ago: executing program 33 (id=3610): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000}]}}) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r1, @ANYRESHEX=r2], 0x15) 9m59.764715099s ago: executing program 5 (id=4619): syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000df2bfd404b0c0001cad7010203010902240001000000000904450002c9cee40009050802ff03000000090582030004"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="3000000010000304030000000000000000005500", @ANYRES32=r1, @ANYBLOB="000000006f0018000500100002000020080040"], 0x30}, 0x1, 0x0, 0x0, 0x2000c000}, 0x40000) 9m57.413570475s ago: executing program 5 (id=4646): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x8, 0x80000) fanotify_mark(r1, 0x105, 0x4800003a, r0, 0x0) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0x400017e) open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) 9m57.09368728s ago: executing program 5 (id=4649): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000180), 0x4) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000040)={@broadcast, @multicast1, 0x1, "0d5011f02b7fab96e0aa834d3a9e7cfc12178ac0ab1e6227c2b6ddaa5effda90", 0x5, 0x16, 0xfffffffe, 0x1}, 0x3c) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000000)={@broadcast, @multicast1, 0x0, "12ceaac82ab7d944e84b6fbd6178697e3b10c9b81bede26c85ee73daab4158e8", 0x2, 0x6, 0x4, 0x4}, 0x3c) setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f0000000100)=0xe, 0x4) 9m56.600088978s ago: executing program 5 (id=4654): syz_mount_image$exfat(&(0x7f0000002bc0), &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x1008804, &(0x7f0000000280)={[{@keep_last_dots}, {@errors_continue}, {@errors_remount}, {@errors_continue}, {@errors_remount}, {@umask={'umask', 0x3d, 0x26a}}, {@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@iocharset={'iocharset', 0x3d, 'cp865'}}, {@namecase}, {@time_offset={'time_offset', 0x3d, 0x9}}]}, 0x1, 0x1530, &(0x7f0000006800)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP5k0uiyTJJUkuSZIkSW4JSZIjCYkht6QhCcllSC5DSC4Tk8b9fr8kJMmZJMktt2T9PxPzV6fO/5zzO538/mee7+fzfmY9s95n7WfPM+9+995z+bbL0BqNalZtQETwb8FLHxIAIBYABgLAdQAQAEDZuLJxGfPZJSb8exthf6xHkq92Bexq4v5nbdz/rI37n7Vx/7M27n/Wxv3P2rj/WRv3n7GsbPP0/NfzI+s++P5/Vsbv//9F0kuO/WptyRu7AsT8sync////4b+Ry/3/rxX8M0/i/mdt3P+sKvZqF8D+F+DXf1aQ7e/OcP+zNu4/Y1nZL+8Fx8LVvx/9Zz8g8p/8GYjvdemrfPX38+/uP2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wx9ic4669QAJA5vtp1McYYY4wxxhhj7I/js13tChhjjDHGGGOMMfafhyBAgoIAYiAbxEJ2yAECICZz/nqIgxsgN9wIeSAv5IP8EA8FoCBoMGCBIIRCUBiicBMUgZuhKBSD4lACHJSEUnALlIZboQzcBmXhdigHd0B5qAAVoRLcCZXhLqgCd0NVuAeqQXWoATXhXqgF90FtuB/qwANQFx6EevAQ1IeHoQE8Ag3hUWgEj0FjeByaQFNoBs2hxf8o/yXoAS9DT+gFCdAb+sAr0Bf6QX8YAAPhVRgEr8FgeB0SYQgMhTdgGLwJw+EtGAEjYRS8DaPhHRgDY2EcjIckmAAT4V2YBO/BZJgCU2EaJMN0mAHvw0yYBbPhA5gDH8JcmAfzYQGkwEewEBZBKnwMi+ETSIMlsBSWwXJYASthFayGNbAW1sF62AAbYRNshi2wFbbBdtgBO+FT2AWfwW7YA3vhc9gHX/yL+Wf+Jr8rAgIKFKhQYQzGYCzGYg7MgTkxJ+bCXBjBCMZhHObG3JgH82A+zIfxGI8FsSAaNEhIWAgLYRSjWASLYFEsisWxODp0WApLYWm8FctgGSyLZbEclsPyWAErYCWshJWxMlbBKlgVq2I1rIY1sAbei/dib6yNtbEO1sG6WDfz9hQ2wAbYEBtiI2yEjbExNsEm2AybYQtsgS2xJbbCVtgG22BbbIvtsB22x/bYATtgR+yInbATdsbO2AW7YFfsht3SX8oG+DK+jL2wmuiNfbAP9sXEbP1xAA7AV3EQvoav4euYiENwKL6Bb+CbOBxP44iLI3EUjsLK4h0cg2ORxHhMwiSciBNxEk7CyTgFp+A0TMbpOANn4EychbPwA5yDH+KHOA/n4QJMwRRciIswFVNxMZ7BNFyCS3EZLscVuBxX4WpchWtxHa7FDbgBN+Em3IJbcBtuwx24Az9FBYCf4R7cg4m4D/fhftyPB/AAHsSDmI7peAgP4WE8jEfwCB7Fo3gMj+MJPI6n8BSexjN4Fs/ieTyPF/CF+K8bflpsTSKIDEooESNiRKyIFTlEDpFT5BS5RC4RERERJ+JEbpFb5BF5RD6RT8SLeFFQFBRGGEEizDhSiKiIiiKiiCgqioriorhwwolSopQoLUqLMqKMKCtuF+XEHaK8qCBau0qikqgs2rgq4m5RVVQV1UR1UUPUFDVFLVFL1Ba1RR1RR9QVdUU98ZCoL3pjf3xEZHSmkRiCjcVQbCKaCnn5CNVSDMdWorVoI54SI3EEthMtXXvxrOggxmBH8RcxFp8XncV47CJeFF1FN9FdvCR6iFaup+glJmNv0UdMw76in+gvBoiZWF18gHOy1xCvi0QxRAwVb4gF+KYYLt4SI8RIMUq8LUaLd8QYMVaME+NFkpggJop3xSTxnpgspoipYppIFtPFDPG+mClmidniAzFHfCjminlivlggUsRHYqFYJFLFx2Kx+ESkiSViqVgmlosVYqVYJVaLNWKtWCfWiw1io9gkNostYqvYJraLHWKn+FTsEp+J3WKP2Cs+F/vEF2K/+FIcEF+Jg+KvIl18LQ6Jb8Rh8a04Ir4TR8X34pg4Lk6Ik+KU+EGcFmfEWXFOnBc/igviJ3FReAESpZBSKhnIGJlNxsrsMoe8RuaUQebxX8bJG2RueaPMI/PKfDK/jJcFZEGppZFWkgxlIVlYRuVNsoi8WRaVxWRxWUI6WVKWkrfI0vJWWUbeJsvK22U5eYcsLyvIirKSvFNWlndJiFzaRjVZXdaQNeW9MgHuk7Xl/bKOfEDWlQ/KevIhWV8+LBvIR2RD+ahsJB+TjeXjsolsKpvJ5rKFfEK2lE/KVrK1bCOfkm3l07KdfEa2l8/KDtJf/hZ5XnaWL8gu8kXZVXaT3eVP8qL0sqfsJaE3yD7yFdlX9pP95QA5UL4qB8nX5GD5ukyUQ+RQ+YYcJt+Uw+VbcoQcKUfJt+Vo+Y4cI8fKcXK8TJIT5ET5rpwk35OT5RQ5VU6TyXK67H95pdlS/sP8d38nf/DPW98kN8stcqvcJrfLHXKn/FTukrvkbrlb7pV75T65T+6X++UBeUAelAdlukyXh+QheVgelkfkEXlUHpXH5HF5Tp6Up+QP8rQ8I8/Ic/K8PC8vXP4agEIllFRKBSpGZVOxKrvKoa5ROdW1Kpe6TkXU9SpO3aByqxtVHpVX5VP5VbwqoAoqrYyyilSoCqnCKqpuwsvfMKq4KqGcKqlKqVv+lXxVRN2siqpiv8rPrC/h79TXQrVQLVVL1Uq1Um1UG9VWtVXtVDvVXrVXHVQH1VF1VJ1UJ9VZdVZdVBfVVXVV3VV31UP1UD1VT5WgElQf9Yrqq/qp/mqAGqheFRn7MFgNVokqUQ1VQ9UwNUwNV8PVCDVCjVKj1Gg1Wo1RY9Q4NU4lqSQ1UU1UUk1Sk9VkNVVNVckqWc1QM9RMNVPNVrPVHDVHzVVz1Xw1X6WoFLVQLVSpKlUtVotVmlqilqhlaplaoVaoVWqVWqPWqHVqndqgNqg0tVltVlvVVrVdbVc71U61S+1Su9VutVftVfvUPrVf7VcH1AF1UB1U6SpdHVKH1GF1WB1RR9RRdVQdU8fUCXVCnVKn1Gl1Wp1VZ9V5dV5dUBfURXUx47QvEIEIVKCCmCAmiA1igxxBjiBnkDPIFeQKIkEkiAvigtzBjUGeIG+QL8gfxAcFgoKBDkxgA3G56dHgpqBIcHNQNCgWFA9KBC4oGZQKbglKB7cGZYLbgrLB7UG54I6gfFAhqBhUCu4MKgd3BVWCu4OqwT1BtaB6UCOoGdwb1AruC2oH9wd1ggeCusGDQb3goaB+8HDQIHgkaBg8GjQKHgsaB48HTYKmQbOgedDiD13f+9N5n3Q9dS+doHvrPvoV3Vf30/31AD1Qv6oH6df0YP26TtRD9FD9hh6m39TD9Vt6hB6pR+m39Wj9jh6jx+pxerxO0hP0RP2unqTf05P1FD1VT9PJerqeod/XM/UsPVt/oOfoD/VcPU/P1wt0iv5IL9SLdKr+WC/Wn+g0vUQv1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Un+pd+jO9W+/Re/Xnep/+Qu/XX+oD+it9UP9Vp+uv9SH9jT6sv9VH9Hf6qP5eH9PHdRl9Up/SP+jT+ow+q8/p8/pHfUH/pC9qn3Fyn/H2bpRRJsbEmFgTa3KYHCanyWlymVwmYiImzsSZ3Ca3yWPymHwmn4k38aagKWgykCFTyBQyURM1RUwRU9QUNcVNceOMM6VMKVPalDZlTBlT1pQ15Uw5U96UNxVNRXOnudPcZe4yd5u7zT3mHlPdVDc1TU1Ty9QytU1tU8fUMXVNXVPP1DP1TX3TwDQwDU1D08g0Mo1NY9PENDHNTDPTwrQwLU1L08q0Mm1MG9PWtDXtTDvT3rQ3HUwH09F0NJ1MJ9PZdDZdTBfT1XQ13U1308P0MD1NT5NgEkwf08f0NX1Nf9PfDDQDzSAzyAw2g02iSTRDzVAzzAwzw81wM8KMNKMyTlTNO2aMGWvGmfEmySSZiWaimWQmmclmsplqpppkk2xmmBlmpplpZpvZZo6ZY+aauWa+mW9STIpZaBaaVJNqFpvFJs2kmaVmqVlulpuVZqVZbVabtWatWQ/rzUaz0Ww2m81Ws9VsN9vNTrPT7DK7zG6z2+w1e80+s8/sN/vNAXPAHDQHTbpJN4fMIXPYHDZHzBFz1Bw1x8wxc8KcMKfMKXPanDZnzVlz3uS9/H7pTazNbnPYa2xOe63NZa+zfxvns/ltvC1gC1pt89i8v4qNtbaoLWaL2xLW2ZK2lL3lN3F5W8FWtJXsnbayvctW+U1cy95na9v7bR37gK1p7/1VXNc+aOvZx2x9RADb1Da0zW0j+5htbB+3TWxT28w2t23t07adfca2t8/aDva538QL7SK72q6xa+06u9vusWftOXvYfmvP2x9tT9vLDrSv2kH2NTvYvm4T7ZDfxKPs23a0fceOsWPtODv+N/FUO80m2+l2hn3fzrSzfhOn2I/sHJtq59p5dr5d8HOcUVOq/dgutp/YNBvAUrvMLrcr7Eq76v/WusxusBvtJrvLfma32m12u91hd2aeCNs9dq/93O6zX9hD9ht7wH5lD9ojNt1+/XOcsX9H7Hf2qP3eHrPH7Ql70p6yP6jM7Ix9P2l/shett0BIQJIUBRRD2SiWslMOuoZy0rWUi66jCF1PcXQD5aYbKQ/lpXyUn+KpABUkTYYsEYVUiApTlG6izPKKUwlyVJJK0S1Umm6lMnQblaXbqRzdQeWpAlWkSnQnVaa7qArdTVXpHqpG1akG1aR7qRbdR7XpfqpDD1BdepDq0UNUnx6mBvQINaRHqRE9Ro3pcWpCTakZNacW9AS1pCepFbWmNvQUtaWnqR09Q+3pWepAz1FH+gt1ouepM71AXehF6krdqDu9RD3oZepJvSiBelMfeoX6Uj/qTwNoIL1Kg+g1GkyvUyINoaH0Bg2jN2k4vUUjaCSNordpNL1DY2gsjaPxlEQTaCK9S5PoPZpMU2gqTaNkmk4z6H2aSbNoNn1Ac+hDmkvzaD4toBT6iBbSIkqlj2kxfUJptISW0jJaTitoJa2i1bSG1tI6Wk8baCNtos20hbbSNtpOO2gnfUq76DPaTXtoL31O++gL2k9f0gH6ig7SXymdvqZD9A0dpm/pCH3ne9H3dIyO0wk6SafoBzpNZ+gsnaPz9CNdoJ/oInmCEEMRylCFQRgTZgtjw+xhjvCaMGd4bZgrvC6MhNeHceENYe7wxjBPmDfMF+YP48MCYcFQhya0IYVhWCgsHEbDm8Ii4c1h0bBYWDwsEbqwZFgqvCUsHd4alglvC8uGt4flwjvC8mGF8LEHKoV3hpXDu8Iq4d1h1fCesFpYPawR1gzvDWuF94W1w/vDOuEDYZnwwbBe+FBYP3w4bBA+EjYMHw0bhY+FjcPHwyZh07BZ2DxsET4RtgyfDFuFrcM24TVh2/DpsF34TNg+fDbsED738/yDizLnn/rNfELYO+wTvhK+Enp/v5wfXRBNiX4UXRhdFE2NfhxdHP0kmhZdEl0aXRZdHl0RXRldFV0dXRNdG10XXR/dEN0Y3RT1vmY2cOiEk065wMW4bC7WZXc53DUup7vW5XLXuYi73sW5G1xud6PL4/K6fC6/i3cFXEGnnXHWkQtdIVfYRd1Nroi72RV1xVxxV8I5V9KVcs1dC9fCtXRPulautWvjnnJPuafd0+4Z94x71nVwz7mO7i+uk3vedXYvuBfci66r6+a6u5dcDzch16XXZILr4/q4vq6v6+/6u4FuoBvkBrnBbrBLdIluqBvqhrlhbrgb7ka4EW6UG+VGu9FujBvjxrlxLskluYluopvkJrnJbrKb6qa6ZJfsZrgZbqab6SrPurSVuW6um+/muxSX4ha6jHPGVLfYLXZpLs0tdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e10O90ut8vt9tddWtTtc/vdfnfAHXAH3V9duvvaHXLfuMPuW3fEfeeOuu/dMXfcnXAn3Sn3gzvtzriz7pw77350F9xP7qLzLikyITIx8m5kUuS9yOTIlMjUyLRIcmR6ZEbk/cjMyKzI7MgHkTmRDyNzI/Mi8yMLIimRjyILI4siqZGPI4sjn0TSIksiSyPLIssjKyLeF9ga+kK+sI/6m3wRf7Mv6ov54r6Ed76kL+Vv8aUv1Z3m/e2+nL/Dl/cVfEX/uG/im/pmvrlv4Z/wLf2TvpVv7dv4p3xb/7Rv55/x7f2zvoN/znf0f/Gd/PO+s3/Bd/Ev+q6+m+/uX/I9/Mu+p+/lE3xv38e/4vv6fr6/H+AH+lf9IP+aH+xf94l+iB/q3/DD/Jt+uH/Lj/Aj/aiYt/3ozEtkGO+T/AQ/0b/rJ/n3/GQ/xU/103yyn+5n+Pf9TD/Lz/Yf+Dn+Qz/Xz/Pz/QKf4j/yC/0in+o/9ov9Jz7NL8m8aexX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+m1+u9/hd/pP/S7/md/t9/i9/nO/z3/h9/sv/YGLmX+B9rU/5L/xh/23/oj/zh/13/tj/rg/4U/6U/4Hf9qf8Wf9OX/e/+gv+J/8Rf6bNcYYY4yxf8qEK0Px65lLt/N7/06O+MWT+wDAtdvyp/9yPuOMcn2eS+N+Ij424+Ozvbo8kvmoVi0hIeHyc9MkBIXnAWT+JCjDz796cDleAm3gaWgPraH079bfT3Q7T/9g/ejtADl+kZNRUGZ8Zf0vATDhd9Z/4qlRC8uFZ+P+H+vPAyha+EpOdrgSL4E2P99faQ1l/k79eVv+g/qzf5UE0OoXOTnhSnyl/lLwJDwH7X/1TMYYY4wxxhhj7JJ+omKnzOvPzN/4/L3r83h1JScbXIn/0fU5Y4wxxhhjjDHGrr7nu3V/5on27Vt3+tcHVf5HWf/0oDH8p1bmwe8OvAfI/IwCgH9zQYCMgfwz92LLn7KtxMsvnb+dWn7OB/C/o5V/xOAqH5gYY4wxxhhjf7grJ/2//ry6WgUxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGNZ0J/x78Su9j4yxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjV9v/CQAA//9F2vrQ") mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x989046, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x26) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, &(0x7f0000000000)={@desc={0x1, 0x0, @auto="9843cabf11e09c34"}}) ioctl$KVM_SET_SREGS(r0, 0x4138ae84, &(0x7f0000000040)={{0x45000, 0x60000, 0xf, 0xe, 0xe2, 0x2, 0xce, 0x39, 0x3, 0x40, 0x6, 0x3}, {0xffff1000, 0x50000, 0xe, 0x3, 0x3, 0xb, 0x7a, 0x4, 0x3, 0x7, 0x4, 0x3}, {0x4000, 0x5000, 0xe, 0x4, 0x7, 0x2, 0x5, 0x6, 0x80, 0x8, 0x4, 0xa9}, {0x41000, 0x40000, 0x8, 0x1, 0x8, 0x5, 0x3, 0x6, 0xbb, 0x2, 0x2, 0xd5}, {0x200000, 0x25000, 0x10, 0xab, 0x5, 0x71, 0x4, 0x5, 0x9, 0x7, 0x1, 0x3}, {0xeeef0000, 0xdddd0000, 0x8, 0x3, 0x8, 0xc2, 0x1, 0x5, 0xa2, 0x8, 0x8, 0x6}, {0x5000, 0x1, 0xf, 0x8, 0x83, 0x7, 0x74, 0x8, 0x5, 0x80, 0x5, 0x15}, {0x1000, 0x54000, 0x0, 0x81, 0x8, 0x10, 0x7, 0x3, 0x82, 0x12, 0x66}, {0xe000, 0x80}, {0x9000, 0x36}, 0x40000, 0x0, 0x2000, 0x200200, 0x0, 0x100, 0x54000, [0x8, 0x6, 0xffffffffffff0001]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 9m56.120204577s ago: executing program 5 (id=4660): syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) r0 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x60442, 0x0) dup(r0) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x1e, r1, 0xfffffffffffffffe, r2, 0x0) 9m53.579662856s ago: executing program 5 (id=4683): r0 = socket$netlink(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c000000030805"], 0x5c}, 0x1, 0x0, 0x0, 0x891}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r0) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) 9m52.656583462s ago: executing program 34 (id=4683): r0 = socket$netlink(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c000000030805"], 0x5c}, 0x1, 0x0, 0x0, 0x891}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r0) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) 2m46.617926199s ago: executing program 3 (id=7884): r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$hidraw(0x0, 0x82, 0x2) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000180)='A') preadv(r1, &(0x7f00000033c0), 0x0, 0x9, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x3, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x0, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8003, 0x0, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x4, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x8001, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x1, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x6, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0xf, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x8, 0x800, 0x7, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x411, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x4d, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x7, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x400, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x5d7, 0x7], [0x108e, 0xffff, 0x7, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x4c, 0x2, 0x763, 0xb, 0x402, 0x1, 0x9, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x2, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20006, 0x8a5, 0x86, 0x44, 0x409, 0x3, 0x4, 0x4, 0x10, 0xe, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff9, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x7fffffff]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) readv(r3, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1) ioctl$UI_DEV_DESTROY(r3, 0x5502) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8101, 0x0) write$binfmt_aout(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="8d76dabc169637c3d08377112e76b19a448253f417cf1f6ed2478401417aeb84209879cb171e735bf6647b762be14db8f6c8c797a7faed648073a442b2d3f6c3"], 0xff2e) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/consoles\x00', 0x0, 0x0) readahead(r6, 0x8001, 0x80000000) fcntl$lock(r5, 0x26, &(0x7f0000000080)) fcntl$lock(r5, 0x7, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x8, 0x0, 0x7fffffff}]}) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0xfffffffe, 0x0, "0062ba7d82000000000000000000f7fffeff00"}) 2m45.386734214s ago: executing program 3 (id=7889): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) r1 = socket$igmp(0x2, 0x3, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r3], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, 0x0, 0x40050) socket(0x10, 0x3, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 2m44.355414171s ago: executing program 3 (id=7892): bind$inet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_emit_ethernet(0x86, 0x0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000ab3000/0x400000)=nil) move_pages(r0, 0x2, &(0x7f0000000040)=[&(0x7f000047e000/0x1000)=nil, &(0x7f0000b1a000/0x2000)=nil], 0x0, &(0x7f0000000080)=[0x0, 0x0], 0x2) r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x1, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, 0x0, 0x0) preadv(r3, &(0x7f0000000100)=[{&(0x7f0000000340)=""/104, 0x68}], 0x1, 0x5b, 0x100) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom0\x00', 0x1000, 0x0) shutdown(r5, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f0000000240)={r6, @in={{0x2, 0x4e20, @empty}}}, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) 2m43.068639381s ago: executing program 3 (id=7895): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'wlan1\x00', &(0x7f0000000000)=@ethtool_ringparam={0x34}}) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f00000003c0)=""/246) madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00004b2000/0x400000)=nil) landlock_restrict_self(r1, 0xa) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0xfe, 0x0, 0xff, 0x0, 0x0, 0x0, 0x5, 0xff, 0x1f}, {0x101, 0x0, 0x2, 0x9, 0x0, 0x11, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000000}], 0x1}) r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x1c, 0x0, &(0x7f0000000180)) set_mempolicy(0x2, &(0x7f0000000100)=0x7, 0x7fff) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f00000001c0)={0x6, 0x60000, 0x4, 0xffffffffffffffff, 0x8}) 2m42.381088886s ago: executing program 3 (id=7909): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) lseek(0xffffffffffffffff, 0x101, 0x1) getdents64(0xffffffffffffffff, 0xfffffffffffffffe, 0x29) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001480)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c383032313100"], 0x20}}, 0x0) openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8b14, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00') preadv(r5, &(0x7f0000000640)=[{&(0x7f0000000340)=""/57, 0x39}], 0x1, 0x100, 0x9) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r6, 0x0, 0x8094) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) 2m41.274462354s ago: executing program 3 (id=7902): r0 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(r3, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0), 0x0) r7 = openat$cgroup_subtree(r1, &(0x7f0000000200), 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f00000a2000)={0x0, &(0x7f0000f07000)}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0) write$cgroup_subtree(r7, &(0x7f0000000040)={[{0x2b, 'cpuset'}]}, 0x8) 2m26.122743761s ago: executing program 35 (id=7902): r0 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(r3, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0), 0x0) r7 = openat$cgroup_subtree(r1, &(0x7f0000000200), 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f00000a2000)={0x0, &(0x7f0000f07000)}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0) write$cgroup_subtree(r7, &(0x7f0000000040)={[{0x2b, 'cpuset'}]}, 0x8) 9.019678697s ago: executing program 7 (id=8750): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="441f08100000", 0x6) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0x6) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r5, 0x4b67, 0x0) socket$inet(0x2, 0xa, 0x0) mkdir(0x0, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c041) syz_clone(0x2100, 0x0, 0x0, 0x0, 0x0, 0x0) 7.294633674s ago: executing program 7 (id=8761): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffffffe1f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xc8442, 0x19d) 5.881910199s ago: executing program 7 (id=8766): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20044185) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_open_procfs(0x0, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000340), 0x2440, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) openat$nvme_fabrics(0xffffff9c, 0x0, 0x2000, 0x0) pipe(&(0x7f0000000080)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000680)=ANY=[@ANYBLOB="b40600000000000071112400000000008510000002000000850000000700000095000000000000009500000000000000ce8920f29328b7ddd3856df677997bc5cafa405a82061c5386992ff41f5524a21802a859883d24cc98e697e9e2aa06a6ade7a79a62029a98a8e09c7c6edefac53c5f767377cfcd6bb593240100378e"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r2, 0xe8, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 5.70649068s ago: executing program 2 (id=8767): syz_emit_ethernet(0x5e, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0) 5.537847134s ago: executing program 7 (id=8771): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000080)="441f08100000", 0x6) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0x6) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r4, 0x4b67, 0x0) socket$inet(0x2, 0xa, 0x0) mkdir(0x0, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c041) syz_clone(0x2100, 0x0, 0x0, 0x0, 0x0, 0x0) 5.337526514s ago: executing program 2 (id=8782): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="441f08100000", 0x6) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0x6) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r5, 0x4b67, 0x0) socket$inet(0x2, 0xa, 0x0) mkdir(0x0, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c041) syz_clone(0x2100, 0x0, 0x0, 0x0, 0x0, 0x0) 4.336772419s ago: executing program 2 (id=8786): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20044185) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') openat$ptp0(0xffffffffffffff9c, &(0x7f0000000340), 0x2440, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) openat$nvme_fabrics(0xffffff9c, 0x0, 0x2000, 0x0) pipe(&(0x7f0000000080)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r2, 0xe8, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 4.2587031s ago: executing program 7 (id=8787): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xc8442, 0x19d) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x10000839, r0, 0x0) readv(r1, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) 4.148420797s ago: executing program 0 (id=8790): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20044185) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') openat$ptp0(0xffffffffffffff9c, &(0x7f0000000340), 0x2440, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) openat$nvme_fabrics(0xffffff9c, 0x0, 0x2000, 0x0) pipe(&(0x7f0000000080)) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r2, 0xe8, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 3.946269519s ago: executing program 0 (id=8792): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="441f08100000", 0x6) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0x6) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r5, 0x4b67, 0x0) socket$inet(0x2, 0xa, 0x0) mkdir(0x0, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c041) syz_clone(0x2100, 0x0, 0x0, 0x0, 0x0, 0x0) 3.207619312s ago: executing program 2 (id=8793): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, &(0x7f0000000280)=0x1) r2 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.log\x00', 0x1c10c1, 0x9c37611dc13d0db7) fchown(r2, 0x0, 0x0) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]}) select(0x40, &(0x7f0000000580)={0xf, 0x6, 0x6, 0x8, 0x3ff, 0x1, 0xfff, 0xac}, 0x0, &(0x7f0000000600)={0xc, 0x10000, 0xfffffffffffffff8, 0x4, 0x2, 0x3ff, 0x80, 0xeb1}, 0x0) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, 0x0) socket$inet6(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001040)=@raw={'raw\x00', 0x3c1, 0x3, 0x338, 0x0, 0x12, 0x600, 0x1c0, 0x202, 0x290, 0x2e8, 0x2e8, 0x290, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth1_to_bond\x00', 'geneve1\x00'}, 0x0, 0x168, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "0000000000000019b5115c2aee68d23a465cd431e150c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baeb8989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b500", 0x2}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x398) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000300)=0x2000) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000b80)='./file0\x00', 0x3200002, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0xd0}}, {@resuid}, {@nomblk_io_submit}, {@jqfmt_vfsv1}, {@minixdf}, {}, {@min_batch_time={'min_batch_time', 0x3d, 0xc4}}, {@journal_checksum}, {@init_itable_val}, {@acl}]}, 0x1, 0x621, &(0x7f0000000280)="$eJzs3c9PHGUfAPDv7C4USvNCyZv3tR4siTFtokKhrSHGQ3s1Dak/4kUPYqG1lrakYJRqUprUixcvxph48mD9L7Sx15705MGLJ9OEqKk3E9fM7gyw7C7QLew27OeTLOw8z8w+34F8Z2affZ7ZALrWSPqjEHEoIuaTiMFkebWuFFnlSHW9B39+fC59JFEuv/b7cCRZWWW1nsqaFQPZxn0R8eMPSQwX69tdWLp+aXpubvZatjy2eHl+bGHp+vMXL09fmL0we2XihYnJkydOTo4fa2m/btQX/XXm1nsfDH469eY3X/2djH/7y1QSp+LlbMXV/dhBIzFS+Rsl9VUDkzvdWIek/9rBiCiXy+W8LCl1Nia2r5jleU9E/D8Goxhr/7zB+OSVjgYH7KpyUj12A90oaSn/+3c+EKDN8uuA/L39xvfBhY5clQDtsHK62gdQn/+lat9g9FX6BvY/SGJ9t04SEa31zNU6EBH37k7dOn936lbsUj8c0NjyzYh4olH+J5X8H4q+GKrkf6Em/9PrgrPZ77T81Rbb39hVLP+hfar537dp/keT/H87/X2jmsPvtNR63/qFd/tr8r+/1V0CAAAAAACArnXndEQ8t/r5f+/a52+F1fE/0WD8z0BEnNqB9kc2LNd//l+4vwPNAA2snI54af34v+W1/M9G/w4V101hHYqe5PzFudljEfGfiDgaPfvS5fHNGjk1/GWzqpFs/F/+SGO4l40FzOK4X9pXu83M9OJ063sM5FZuRvHJUvPxf+n5P2lw/k+PDPPbbGP4mdtnm9Vtnf/Abil/HXGk4fj/tbtWJJvfn2Oscj0wll8V1Hvqo8++a9Z+q/nvFhPw6FZuRuzfPP+HkuhZu1/PwsO3cXypVG5W1+r1f2/yeuWuQr1Z2YfTi4vXxiN6kzPFtLSmfOLhY4a9KM+HPF/S/D/69Fr+Fxv0/zW6/u+PiOUNr538UTunOPe/fwZ+bRaP63/onDT/Z7Y8/6+7X18LTyZuD33frP3tnf9PVM71R7MS/X9Q9UWepr09NeUN0rHUqKrtAQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAHlCIiAORFEZXnxcKo6MRAxHx39hfmLu6sPjs+avvX5lJ6yrf/1/Iv+l3sLqc5N//P7RueWLD8vGIOBgRnxf7K8uj567OzXR65wEAAAAAAAAAAAAAAAAAAOAxMdBk/n/qt2L9+j1tjxDYVaVOBwB0TIP8/6kTcQDt5/wP3Uv+Q/eS/9C95D90L/kP3Wvz/H9rsm2BAG3n/A/dS/4DAAAAAMCecvDwnZ+TiFh+sb/ySPVmdeb6w95W6HQAQMc0uMUP0CUM/YHu5T0+kGxR39d0o6223Mz8uUfYGAAAAAAAAAAAAAC6zpFDDzX/33QB2EPM/4fuZf4/dK98/v/hDscBtJ839EBsMZO/4fz/LbfKOcoAAAAAAAAAAAAAwE5YWLp+aXpubvaaJ2+0sFU+fbLjwbf2pFwu30jDf1ziqX1STiIe9XWSbIR6W2LOh8K3/y/Wu50dzOf6be+V648V+9p0TAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGr9GwAA//8fah9W") 3.206314737s ago: executing program 6 (id=8802): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20044185) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') openat$ptp0(0xffffffffffffff9c, &(0x7f0000000340), 0x2440, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) openat$nvme_fabrics(0xffffff9c, 0x0, 0x2000, 0x0) pipe(&(0x7f0000000080)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r2, 0xe8, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 3.139456418s ago: executing program 0 (id=8794): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xc8442, 0x19d) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x10000839, r0, 0x0) readv(r1, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) 3.048944999s ago: executing program 0 (id=8795): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="441f08100000", 0x6) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0x6) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r5, 0x4b67, 0x0) socket$inet(0x2, 0xa, 0x0) mkdir(0x0, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c041) syz_clone(0x2100, 0x0, 0x0, 0x0, 0x0, 0x0) 2.970791692s ago: executing program 7 (id=8796): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="441f08100000", 0x6) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0x6) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r5, 0x4b67, 0x0) socket$inet(0x2, 0xa, 0x0) mkdir(0x0, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c041) syz_clone(0x2100, 0x0, 0x0, 0x0, 0x0, 0x0) 2.868563798s ago: executing program 6 (id=8797): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xc8442, 0x19d) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x10000839, r0, 0x0) readv(r1, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) 2.579219311s ago: executing program 0 (id=8798): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20044185) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') openat$ptp0(0xffffffffffffff9c, &(0x7f0000000340), 0x2440, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) openat$nvme_fabrics(0xffffff9c, 0x0, 0x2000, 0x0) pipe(&(0x7f0000000080)) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r2, 0xe8, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 1.450263067s ago: executing program 0 (id=8799): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) r1 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r1, 0x0, 0x24008004) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x3}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$tty1(0xc, 0x4, 0x4) clock_gettime(0x17, 0x0) ioctl$KDGKBTYPE(r4, 0x4b33, 0x0) keyctl$join(0x1, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = dup(r5) write$UHID_INPUT(r6, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000002c0)={'ip6gre0\x00', 0x0, 0x29, 0x0, 0x7, 0x6661, 0x6d, @loopback, @mcast1, 0x20, 0x7800, 0x2, 0x81}}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}], 0x1}}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000300000000000000fcf142525f0000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) 1.45005404s ago: executing program 6 (id=8800): syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b0001000010000904550701034902000905820300"], 0x0) 552.687299ms ago: executing program 6 (id=8801): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20044185) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') openat$ptp0(0xffffffffffffff9c, &(0x7f0000000340), 0x2440, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) openat$nvme_fabrics(0xffffff9c, 0x0, 0x2000, 0x0) pipe(&(0x7f0000000080)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r2, 0xe8, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 169.403053ms ago: executing program 2 (id=8803): syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x5, 0xc9}}}, 0x6) 94.669963ms ago: executing program 6 (id=8804): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="441f08100000", 0x6) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0x6) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r5, 0x4b67, 0x0) socket$inet(0x2, 0xa, 0x0) mkdir(0x0, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c041) syz_clone(0x2100, 0x0, 0x0, 0x0, 0x0, 0x0) 25.504455ms ago: executing program 2 (id=8805): r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') preadv(r2, 0x0, 0x0, 0x2c2, 0xca) ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0xa) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) pwritev(r6, 0x0, 0x0, 0xffffffff, 0x4) sendto$packet(r5, &(0x7f0000000280)="18fc8a64dc534578695cf5ec3d55", 0xe, 0x15, &(0x7f0000000380)={0x11, 0xf5, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x50) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x1, 0x13, r7, 0x0) mremap(&(0x7f0000fa4000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fa2000/0x1000)=nil) shutdown(r0, 0x1) 0s ago: executing program 6 (id=8806): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xc8442, 0x19d) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x10000839, r0, 0x0) readv(r1, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) kernel console output (not intermixed with test programs): 032][T17103] hsr_slave_1: entered promiscuous mode [ 631.525820][T17103] debugfs: 'hsr0' already exists in 'hsr' [ 631.525849][T17103] Cannot create hsr debugfs directory [ 631.616439][ T5598] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 631.836569][ T5598] usb 3-1: Using ep0 maxpacket: 32 [ 631.849739][ T5598] usb 3-1: config 0 has no interfaces? [ 631.898249][ T5598] usb 3-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a [ 631.898285][ T5598] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 631.898309][ T5598] usb 3-1: Product: syz [ 631.898326][ T5598] usb 3-1: Manufacturer: syz [ 631.898343][ T5598] usb 3-1: SerialNumber: syz [ 631.970965][ T5598] usb 3-1: config 0 descriptor?? [ 632.106478][ T4924] Bluetooth: hci4: command tx timeout [ 632.213489][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880326f7c00: rx timeout, send abort [ 632.219655][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880326f7c00: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 633.461812][T17103] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 633.738757][T17103] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 633.769639][T17103] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 633.875668][T17103] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 633.902014][T17103] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 634.165945][T17103] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 634.169187][T17103] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 634.186331][ T4924] Bluetooth: hci4: command tx timeout [ 634.238501][ T9] usb 3-1: USB disconnect, device number 16 [ 634.543357][T17103] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 635.371881][T17103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 635.589945][T17103] 8021q: adding VLAN 0 to HW filter on device team0 [ 635.627771][ T1313] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.627948][ T1313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 635.760134][ T1517] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.760392][ T1517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 637.135582][T17353] 9pnet: p9_errstr2errno: server reported unknown error 0x00000 [ 638.216047][T17103] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 639.103706][T17412] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4812'. [ 639.617101][T17426] loop2: detected capacity change from 0 to 512 [ 639.619084][T17426] EXT4-fs: Ignoring removed nomblk_io_submit option [ 639.622715][T17426] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 639.622736][T17426] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 639.841983][T17424] netlink: 16178 bytes leftover after parsing attributes in process `syz.6.4815'. [ 640.532945][T17426] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4222: comm syz.2.4817: Allocating blocks 41-42 which overlap fs metadata [ 640.533068][T17426] loop2: lost filesystem error report for type 5 error -117 [ 640.582400][ C1] EXT4-fs (loop2): initial error at time 1781139330: ext4_mb_mark_diskspace_used:4222 [ 640.582442][ C1] EXT4-fs (loop2): last error at time 1781139330: ext4_mb_mark_diskspace_used:4222 [ 640.800076][T17103] veth0_vlan: entered promiscuous mode [ 641.096917][ T5598] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 641.173214][T17103] veth1_vlan: entered promiscuous mode [ 641.261716][T17426] EXT4-fs (loop2): Remounting filesystem read-only [ 641.261940][T17426] __quota_error: 14 callbacks suppressed [ 641.261952][T17426] Quota error (device loop2): write_blk: dquota write failed [ 641.261963][T17426] Quota error (device loop2): find_free_dqentry: Can't write quota data block 5 [ 641.262272][T17426] Quota error (device loop2): write_blk: dquota write failed [ 641.262352][T17426] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 641.262483][T17426] EXT4-fs (loop2): 1 truncate cleaned up [ 641.264496][T17426] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 641.407950][ T5598] usb 7-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 641.407988][ T5598] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.456376][ T5598] usb 7-1: config 0 descriptor?? [ 641.691951][ T5598] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 641.752763][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 642.335463][ T5598] gspca_sunplus: reg_w_riv err -71 [ 642.335653][ T5598] sunplus 7-1:0.0: probe with driver sunplus failed with error -71 [ 642.448161][ T5598] usb 7-1: USB disconnect, device number 4 [ 642.513481][T17103] veth0_macvtap: entered promiscuous mode [ 642.664429][T17103] veth1_macvtap: entered promiscuous mode [ 642.869344][T17103] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 642.934911][T17103] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 643.027575][ T1443] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 643.040173][ T1443] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 643.054470][ T1443] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 643.083702][ T1443] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.003035][ T3411] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.003054][ T3411] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 645.689347][ T3411] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.689376][ T3411] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 646.691882][T17560] loop3: detected capacity change from 0 to 256 [ 647.801243][T17582] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4873'. [ 647.917175][T17586] loop3: detected capacity change from 0 to 2048 [ 648.069800][T17586] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 648.301946][ T5598] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 648.471566][ T5598] usb 8-1: Using ep0 maxpacket: 32 [ 648.474012][ T5598] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 648.483224][ T5598] usb 8-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 648.483294][ T5598] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.483356][ T5598] usb 8-1: Product: syz [ 648.483398][ T5598] usb 8-1: Manufacturer: syz [ 648.483443][ T5598] usb 8-1: SerialNumber: syz [ 648.569643][ T5598] usb 8-1: config 0 descriptor?? [ 648.734400][ T5598] usb 8-1: No union descriptors [ 648.742726][ T5598] usb 8-1: unsupported MDLM descriptors [ 648.848932][T15502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 648.870384][ T5598] usb 8-1: USB disconnect, device number 2 [ 649.637016][ T56] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 650.065789][T17652] loop2: detected capacity change from 0 to 512 [ 650.273684][T17652] EXT4-fs (loop2): 1 orphan inode deleted [ 650.277981][T17652] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 650.304736][T17652] ext4 filesystem being mounted at /767/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 650.354193][ T67] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 650.466648][ T67] EXT4-fs error (device loop2): ext4_release_dquot:7077: comm kworker/u8:4: Failed to release dquot type 1 [ 651.315511][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 651.407820][T17683] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4919'. [ 651.805213][T17699] netlink: 'syz.2.4926': attribute type 22 has an invalid length. [ 652.876333][ T823] usb 7-1: new low-speed USB device number 5 using dummy_hcd [ 652.886114][T17733] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4941'. [ 653.032486][ T823] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 653.032544][ T823] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 653.032574][ T823] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 653.032602][ T823] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 653.032630][ T823] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 653.035910][ T823] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 653.035967][ T823] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 653.035998][ T823] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 653.036027][ T823] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 653.036056][ T823] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 653.110372][ T823] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 653.110533][ T823] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 653.110617][ T823] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 653.110714][ T823] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 653.110787][ T823] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 653.419614][ T823] usb 7-1: string descriptor 0 read error: -22 [ 653.419761][ T823] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 653.419788][ T823] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.803344][ T823] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 653.857152][T17759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 654.067969][ T823] usb 7-1: USB disconnect, device number 5 [ 654.339149][T17774] loop7: detected capacity change from 0 to 512 [ 654.344642][T17774] EXT4-fs: Ignoring removed nobh option [ 654.839990][T17774] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -13 [ 654.903304][T17774] EXT4-fs error (device loop7): ext4_clear_blocks:876: inode #13: comm syz.7.4959: attempt to clear invalid blocks 1 len 1 [ 654.903433][T17774] loop7: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 654.905236][T17774] EXT4-fs (loop7): Remounting filesystem read-only [ 654.908130][ C1] EXT4-fs (loop7): error count since last fsck: 1 [ 654.908154][ C1] EXT4-fs (loop7): initial error at time 1781139345: ext4_clear_blocks:876: inode 13 [ 654.908192][ C1] EXT4-fs (loop7): last error at time 1781139345: ext4_clear_blocks:876: inode 13 [ 655.197715][T17774] EXT4-fs (loop7): 1 truncate cleaned up [ 655.240024][T17774] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 655.663894][T17103] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 655.974810][T17811] loop3: detected capacity change from 0 to 4096 [ 656.343620][T17811] ntfs3(loop3): Failed to initialize $Secure::$SDH (-22). [ 656.343735][T17811] ntfs3(loop3): Failed to initialize $Secure (-22). [ 656.612171][T17811] loop3: detected capacity change from 0 to 4096 [ 656.630072][T17811] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 658.261378][T17830] loop6: detected capacity change from 0 to 32768 [ 658.412573][T17830] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 658.563484][T17830] XFS (loop6): Ending clean mount [ 658.966456][T14823] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 660.710880][T17915] loop7: detected capacity change from 0 to 512 [ 660.752427][T17915] EXT4-fs error (device loop7): ext4_iget_extra_inode:5179: inode #15: comm syz.7.5013: corrupted in-inode xattr: invalid ea_ino [ 660.752468][T17915] loop7: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 660.759593][ C0] EXT4-fs (loop7): error count since last fsck: 1 [ 660.759618][ C0] EXT4-fs (loop7): initial error at time 1781139350: ext4_iget_extra_inode:5179: inode 15 [ 660.759650][ C0] EXT4-fs (loop7): last error at time 1781139350: ext4_iget_extra_inode:5179: inode 15 [ 660.764073][T17915] EXT4-fs error (device loop7): ext4_orphan_get:1404: comm syz.7.5013: couldn't read orphan inode 15 (err -117) [ 660.764108][T17915] loop7: lost filesystem error report for type 5 error -117 [ 660.778857][T17915] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 661.121124][T17103] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 661.709665][T17941] loop2: detected capacity change from 0 to 128 [ 661.744623][ T38] audit: type=1800 audit(1781139351.923:545): pid=17941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5026" name="file1" dev="loop2" ino=1048731 res=0 errno=0 [ 661.843762][T17945] loop6: detected capacity change from 0 to 1024 [ 661.958121][T17945] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 661.958252][T17945] ext4 filesystem being mounted at /148/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 662.297745][T17945] EXT4-fs error (device loop6): ext4_map_blocks:833: inode #15: block 3: comm syz.6.5027: lblock 3 mapped to illegal pblock 3 (length 1) [ 662.334859][T17945] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 662.334895][T17945] EXT4-fs (loop6): This should not happen!! Data will be lost [ 662.334895][T17945] [ 662.680494][T14823] EXT4-fs warning (device loop6): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 662.709498][T14823] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 663.042112][T17967] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5035'. [ 663.043124][T17966] netlink: 408 bytes leftover after parsing attributes in process `syz.7.5034'. [ 663.298483][T17974] IPv6: Can't replace route, no match found [ 663.299177][T17974] IPv6: Can't replace route, no match found [ 663.605007][T17983] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5044'. [ 663.605037][T17983] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5044'. [ 664.136662][T17478] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 664.328515][T17478] usb 7-1: Using ep0 maxpacket: 32 [ 664.331232][T17478] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 664.331261][T17478] usb 7-1: config 0 has no interface number 0 [ 664.341101][T17478] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 664.341135][T17478] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.341158][T17478] usb 7-1: Product: syz [ 664.341174][T17478] usb 7-1: Manufacturer: syz [ 664.341191][T17478] usb 7-1: SerialNumber: syz [ 664.424346][T17478] usb 7-1: config 0 descriptor?? [ 664.429519][T17478] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 664.879363][T17478] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 664.954717][T17478] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 665.153217][ C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 665.184443][ T9] usb 7-1: USB disconnect, device number 6 [ 665.442025][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 665.470253][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 665.477017][ T9] quatech2 7-1:0.51: device disconnected [ 665.523460][T18022] trusted_key: syz.2.5060 sent an empty control message without MSG_MORE. [ 665.532978][T18021] loop7: detected capacity change from 0 to 128 [ 665.544434][T18021] EXT4-fs: inline encryption not supported [ 665.562159][T18021] EXT4-fs (loop7): Test dummy encryption mode enabled [ 665.584253][T17990] loop3: detected capacity change from 0 to 32768 [ 665.636348][T18021] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 665.637305][T18021] ext4 filesystem being mounted at /27/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 666.348919][T17103] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 666.616329][T18046] macvlan0: entered allmulticast mode [ 666.616354][T18046] veth1_vlan: entered allmulticast mode [ 666.644326][T18046] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5072'. [ 666.656014][T18046] veth1_vlan: left allmulticast mode [ 666.939924][T18046] macvlan0 (unregistering): left allmulticast mode [ 667.742886][T18080] vivid-000: disconnect [ 667.755016][T18079] vivid-000: reconnect [ 668.138536][T18098] loop3: detected capacity change from 0 to 16 [ 668.181318][T18098] erofs (device loop3): mounted with root inode @ nid 36. [ 669.147774][ T5731] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 669.311810][ T5731] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 669.314896][ T5731] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 669.314926][ T5731] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.314950][ T5731] usb 3-1: Product: syz [ 669.314967][ T5731] usb 3-1: Manufacturer: syz [ 669.314984][ T5731] usb 3-1: SerialNumber: syz [ 669.409998][ T5731] cdc_ncm 3-1:1.0: skipping garbage [ 670.025717][T18149] loop7: detected capacity change from 0 to 2048 [ 670.420111][T18149] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 670.528652][ T823] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 670.702392][ T5731] cdc_ncm 3-1:1.0: bind() failure [ 670.742488][ T5731] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 670.743549][ T5731] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 670.744499][ T823] usb 4-1: Using ep0 maxpacket: 8 [ 670.745393][ T5731] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 670.777311][ T823] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 670.777342][ T823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.777364][ T823] usb 4-1: Product: syz [ 670.777378][ T823] usb 4-1: Manufacturer: syz [ 670.777394][ T823] usb 4-1: SerialNumber: syz [ 670.927230][ T5731] usb 3-1: USB disconnect, device number 17 [ 671.031888][ T823] usb 4-1: config 0 descriptor?? [ 671.098504][ T823] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 672.289656][ T823] gspca_sonixj: reg_w1 err -71 [ 672.366343][ T823] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 672.385194][ T823] usb 4-1: USB disconnect, device number 19 [ 672.412551][ T7977] udevd[7977]: setting mode of /dev/bus/usb/004/019 to 020664 failed: No such file or directory [ 672.412704][ T7977] udevd[7977]: setting owner of /dev/bus/usb/004/019 to uid=0, gid=0 failed: No such file or directory [ 672.831415][T18217] loop6: detected capacity change from 0 to 764 [ 674.998407][T18245] loop7: detected capacity change from 0 to 131072 [ 675.005743][T18245] F2FS-fs (loop7): Test dummy encryption mode enabled [ 675.028355][T18245] F2FS-fs (loop7): invalid crc value [ 675.250924][T18245] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 675.268122][T18245] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 675.908449][T18279] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5173'. [ 676.045652][T18246] loop3: detected capacity change from 0 to 32768 [ 676.059249][T18246] xfs: Unknown parameter 'biosize' [ 676.231589][T18279] bond1: entered promiscuous mode [ 676.235801][T18279] 8021q: adding VLAN 0 to HW filter on device bond1 [ 676.497652][T18282] bridge1: entered promiscuous mode [ 676.504214][T18282] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 677.240007][T18294] loop6: detected capacity change from 0 to 32768 [ 677.314312][T18294] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 677.483520][T18294] XFS (loop6): Ending clean mount [ 677.522831][ T38] audit: type=1800 audit(1781139367.703:546): pid=18294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.5181" name="bus" dev="loop6" ino=6153 res=0 errno=0 [ 677.860363][T14823] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 679.054968][T18342] netlink: 'syz.3.5198': attribute type 3 has an invalid length. [ 679.054987][T18342] netlink: 766 bytes leftover after parsing attributes in process `syz.3.5198'. [ 680.610901][T18381] loop2: detected capacity change from 0 to 256 [ 680.635328][T18381] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 680.679105][T18381] exFAT-fs (loop2): valid_size(150994954) is greater than size(10) [ 680.768199][T12875] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 681.079941][ T38] audit: type=1800 audit(1781139371.263:547): pid=18381 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5215" name="file1" dev="loop2" ino=1048732 res=0 errno=0 [ 681.287808][T18400] IPv6: NLM_F_CREATE should be specified when creating new route [ 681.341341][T18400] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 681.341371][T18400] IPv6: NLM_F_CREATE should be set when creating new route [ 681.363404][T18400] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 682.024980][T18397] loop7: detected capacity change from 0 to 32768 [ 682.208938][T18419] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input23 [ 682.816863][T17478] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 682.978804][T17478] usb 7-1: Using ep0 maxpacket: 16 [ 682.982805][T17478] usb 7-1: config index 0 descriptor too short (expected 65, got 36) [ 682.982991][T17478] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 682.983066][T17478] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 682.983097][T17478] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 682.983127][T17478] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 682.983171][T17478] usb 7-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 682.983215][T17478] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.098277][T17478] usb 7-1: config 0 descriptor?? [ 683.099320][T18429] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 683.166504][T18448] netlink: 'syz.3.5246': attribute type 39 has an invalid length. [ 683.320152][T17478] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input24 [ 684.148402][T17478] usb 7-1: USB disconnect, device number 7 [ 684.215843][ T7975] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -19 [ 684.346364][ T5625] Bluetooth: hci2: command 0x2016 tx timeout [ 685.809193][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.809292][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.427726][ T4924] Bluetooth: hci2: command 0x2016 tx timeout [ 687.297364][T18512] loop7: detected capacity change from 0 to 131072 [ 687.317750][T18512] F2FS-fs (loop7): invalid crc value [ 687.491096][T18512] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 687.569235][T18512] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4 [ 688.033600][T18553] loop6: detected capacity change from 0 to 1024 [ 688.050576][T18553] EXT4-fs: Ignoring removed bh option [ 688.180333][T18553] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 688.601512][T18571] loop3: detected capacity change from 0 to 8 [ 689.394975][ T4924] Bluetooth: hci2: command 0x2016 tx timeout [ 690.205826][T14823] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 690.325732][T18584] loop2: detected capacity change from 0 to 131072 [ 690.450527][T18584] F2FS-fs (loop2): invalid crc value [ 690.694233][T18584] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 690.739480][T18584] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 694.736397][T18678] loop6: detected capacity change from 0 to 512 [ 695.599615][T18693] loop6: detected capacity change from 0 to 512 [ 695.600801][T18693] EXT4-fs: Ignoring removed oldalloc option [ 695.636818][T18693] EXT4-fs: old and new quota format mixing [ 696.216195][T18705] loop2: detected capacity change from 0 to 256 [ 696.980549][T18730] Bluetooth: hci0: unsupported parameter 3079 [ 696.980573][T18730] Bluetooth: hci0: invalid length 0, exp 2 for type 2 [ 697.135709][T18734] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5362'. [ 697.223480][T18734] team1: entered promiscuous mode [ 697.266277][T18734] team1: entered allmulticast mode [ 697.267673][T18734] 8021q: adding VLAN 0 to HW filter on device team1 [ 697.310865][T18739] netlink: 'syz.6.5361': attribute type 34 has an invalid length. [ 697.704121][T18756] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 698.019231][T18769] loop2: detected capacity change from 0 to 64 [ 698.043123][T18769] hfs: Bad value for 'part' [ 699.622937][T18821] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5399'. [ 700.700661][T17478] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 700.879535][T17478] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 700.879571][T17478] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 700.879594][T17478] usb 3-1: Product: syz [ 700.879609][T17478] usb 3-1: Manufacturer: syz [ 700.879625][T17478] usb 3-1: SerialNumber: syz [ 700.933925][T17478] usb 3-1: config 0 descriptor?? [ 701.365632][T18864] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5417'. [ 701.387398][T18864] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5417'. [ 701.394669][T17478] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 701.991911][T18867] loop3: detected capacity change from 0 to 1024 [ 702.242859][T18867] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 702.242995][T18867] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 702.243121][T18867] EXT4-fs error (device loop3): ext4_get_journal_inode:5900: comm syz.3.5418: inode #1: comm syz.3.5418: iget: illegal inode # [ 702.243236][T18867] loop3: lost filesystem error report for type 5 error -117 [ 702.245173][T18867] EXT4-fs (loop3): Remounting filesystem read-only [ 702.245203][T18867] EXT4-fs (loop3): no journal found [ 702.245217][T18867] EXT4-fs (loop3): can't get journal size [ 702.246271][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 702.246294][ C0] EXT4-fs (loop3): initial error at time 1781139392: ext4_get_journal_inode:5900 [ 702.246323][ C0] EXT4-fs (loop3): last error at time 1781139392: ext4_get_journal_inode:5900 [ 702.465902][T18860] loop6: detected capacity change from 0 to 131072 [ 702.506026][T18867] EXT4-fs (loop3): failed to initialize system zone (-22) [ 702.577420][T18860] F2FS-fs (loop6): invalid crc value [ 702.769502][T17478] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 702.795488][T18860] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 702.853146][T17478] usb 3-1: USB disconnect, device number 18 [ 702.892349][T18867] EXT4-fs (loop3): mount failed [ 702.902609][T18860] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4 [ 703.040569][T18860] F2FS-fs (loop6): access invalid blkaddr:2 [ 703.040606][T18860] CPU: 1 UID: 0 PID: 18860 Comm: syz.6.5415 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 703.040640][T18860] Tainted: [L]=SOFTLOCKUP [ 703.040649][T18860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 703.040663][T18860] Call Trace: [ 703.040672][T18860] [ 703.040683][T18860] dump_stack_lvl+0xe8/0x150 [ 703.040724][T18860] __f2fs_is_valid_blkaddr+0xeb2/0x1570 [ 703.040761][T18860] f2fs_get_read_data_folio+0xa7b/0xf70 [ 703.040815][T18860] ? __pfx_f2fs_get_read_data_folio+0x10/0x10 [ 703.040859][T18860] ? __f2fs_find_entry+0x7ba/0xf10 [ 703.040902][T18860] ? __f2fs_find_entry+0x7ba/0xf10 [ 703.040939][T18860] f2fs_find_data_folio+0x3a6/0x6a0 [ 703.040971][T18860] __f2fs_find_entry+0x7ba/0xf10 [ 703.041047][T18860] ? __pfx___f2fs_find_entry+0x10/0x10 [ 703.041080][T18860] ? d_alloc_parallel+0x14bd/0x1630 [ 703.041133][T18860] f2fs_lookup+0x26f/0xa30 [ 703.041166][T18860] ? make_vfsuid+0x49/0xa0 [ 703.041206][T18860] ? __pfx_f2fs_lookup+0x10/0x10 [ 703.041250][T18860] ? security_inode_permission+0xb7/0x2e0 [ 703.041286][T18860] ? may_o_create+0x2d2/0x370 [ 703.041319][T18860] ? bpf_lsm_inode_create+0x9/0x20 [ 703.041349][T18860] path_openat+0x110f/0x37e0 [ 703.041421][T18860] do_file_open+0x23e/0x4a0 [ 703.041453][T18860] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 703.041488][T18860] ? __pfx_do_file_open+0x10/0x10 [ 703.041516][T18860] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 703.041565][T18860] ? alloc_fd+0x679/0x6f0 [ 703.041604][T18860] do_sys_openat2+0x115/0x200 [ 703.041631][T18860] ? __se_sys_futex+0x3a8/0x450 [ 703.041655][T18860] ? __pfx_do_sys_openat2+0x10/0x10 [ 703.041688][T18860] ? rcu_is_watching+0x15/0xb0 [ 703.041717][T18860] __x64_sys_openat+0x138/0x170 [ 703.041746][T18860] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.041770][T18860] do_syscall_64+0x174/0x580 [ 703.041797][T18860] ? trace_irq_disable+0x3b/0x140 [ 703.041828][T18860] ? clear_bhb_loop+0x40/0x90 [ 703.041855][T18860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.041877][T18860] RIP: 0033:0x7f0f50c4ce59 [ 703.041900][T18860] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 703.041921][T18860] RSP: 002b:00007f0f4ee9e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 703.041947][T18860] RAX: ffffffffffffffda RBX: 00007f0f50ec5fa0 RCX: 00007f0f50c4ce59 [ 703.041965][T18860] RDX: 0000000000062c40 RSI: 0000200000000580 RDI: ffffffffffffff9c [ 703.041982][T18860] RBP: 00007f0f50ce2d6f R08: 0000000000000000 R09: 0000000000000000 [ 703.041997][T18860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 703.042012][T18860] R13: 00007f0f50ec6038 R14: 00007f0f50ec5fa0 R15: 00007ffc2e0091b8 [ 703.042050][T18860] [ 703.045655][T18860] F2FS-fs (loop6): access invalid blkaddr:2 [ 703.045708][T18860] CPU: 1 UID: 0 PID: 18860 Comm: syz.6.5415 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 703.045742][T18860] Tainted: [L]=SOFTLOCKUP [ 703.045750][T18860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 703.045766][T18860] Call Trace: [ 703.045775][T18860] [ 703.045784][T18860] dump_stack_lvl+0xe8/0x150 [ 703.045835][T18860] __f2fs_is_valid_blkaddr+0xeb2/0x1570 [ 703.045872][T18860] f2fs_get_read_data_folio+0xa7b/0xf70 [ 703.045926][T18860] ? __pfx_f2fs_get_read_data_folio+0x10/0x10 [ 703.045980][T18860] f2fs_find_data_folio+0x3a6/0x6a0 [ 703.046009][T18860] __f2fs_find_entry+0x7ba/0xf10 [ 703.046081][T18860] ? __pfx___f2fs_find_entry+0x10/0x10 [ 703.046140][T18860] f2fs_lookup+0x26f/0xa30 [ 703.046173][T18860] ? reacquire_held_locks+0x104/0x190 [ 703.046201][T18860] ? __pfx_f2fs_lookup+0x10/0x10 [ 703.046245][T18860] ? rt_spin_unlock+0x160/0x200 [ 703.046271][T18860] ? d_alloc+0x144/0x190 [ 703.046305][T18860] lookup_one_qstr_excl+0x12d/0x360 [ 703.046342][T18860] filename_create+0x20e/0x370 [ 703.046381][T18860] ? __pfx_filename_create+0x10/0x10 [ 703.046419][T18860] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.046449][T18860] filename_mkdirat+0xd2/0x520 [ 703.046490][T18860] ? __pfx_filename_mkdirat+0x10/0x10 [ 703.046528][T18860] ? do_getname+0x151/0x250 [ 703.046552][T18860] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.046577][T18860] __se_sys_mkdirat+0x35/0x150 [ 703.046610][T18860] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.046634][T18860] do_syscall_64+0x174/0x580 [ 703.046725][T18860] ? trace_irq_disable+0x3b/0x140 [ 703.046828][T18860] ? clear_bhb_loop+0x40/0x90 [ 703.046908][T18860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.046970][T18860] RIP: 0033:0x7f0f50c4bcc7 [ 703.047031][T18860] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 703.047083][T18860] RSP: 002b:00007f0f4ee9de58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 703.047160][T18860] RAX: ffffffffffffffda RBX: 00007f0f4ee9dee0 RCX: 00007f0f50c4bcc7 [ 703.047204][T18860] RDX: 00000000000001ff RSI: 00002000000001c0 RDI: 00000000ffffff9c [ 703.047246][T18860] RBP: 00002000000024c0 R08: 0000200000000240 R09: 0000000000000000 [ 703.047288][T18860] R10: 00002000000024c0 R11: 0000000000000246 R12: 00002000000001c0 [ 703.047324][T18860] R13: 00007f0f4ee9dea0 R14: 0000000000000000 R15: 0000000000000000 [ 703.047419][T18860] [ 704.354731][T18905] loop2: detected capacity change from 0 to 2048 [ 705.656918][T18929] batadv_slave_0: entered promiscuous mode [ 705.664480][T18929] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5431'. [ 705.664653][T18929] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 706.116465][T18929] batadv_slave_0 (unregistering): left promiscuous mode [ 706.116606][T18929] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 706.680710][ T38] audit: type=1804 audit(1781139396.863:548): pid=18947 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.5439" name="/newroot/849/file0" dev="tmpfs" ino=4436 res=1 errno=0 [ 706.680771][ T38] audit: type=1800 audit(1781139396.863:549): pid=18947 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5439" name="file0" dev="tmpfs" ino=4436 res=0 errno=0 [ 707.177235][T17528] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 707.336284][T17528] usb 8-1: Using ep0 maxpacket: 16 [ 707.345209][T17528] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 707.345242][T17528] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 707.345265][T17528] usb 8-1: Product: syz [ 707.345281][T17528] usb 8-1: Manufacturer: syz [ 707.345304][T17528] usb 8-1: SerialNumber: syz [ 707.805863][T18981] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5454'. [ 707.948882][T17528] snd-usb-audio 8-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 707.968561][T17528] usb 8-1: USB disconnect, device number 3 [ 708.965642][ T9] IPVS: starting estimator thread 0... [ 709.056392][T19010] IPVS: using max 8 ests per chain, 19200 per kthread [ 709.254221][T19015] Bluetooth: hci0: invalid length 0, exp 2 for type 3 [ 709.492532][T19021] loop7: detected capacity change from 0 to 128 [ 709.510376][T19022] netlink: 'syz.6.5471': attribute type 11 has an invalid length. [ 709.510403][T19022] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5471'. [ 709.513807][T19021] UDF-fs: error (device loop7): udf_read_tagged: read failed, block=256, location=256 [ 709.532159][T19021] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 710.842416][ T10] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 710.995260][ T10] usb 8-1: unable to get BOS descriptor or descriptor too short [ 711.005676][ T10] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 185, changing to 7 [ 711.017975][ T10] usb 8-1: string descriptor 0 read error: -22 [ 711.018120][ T10] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 711.018160][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.793725][ T44] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 712.213079][T19082] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5498'. [ 712.294656][T19083] syzkaller1: entered promiscuous mode [ 712.294686][T19083] syzkaller1: entered allmulticast mode [ 712.294919][T19082] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5498'. [ 712.382304][ T10] snd-usb-audio 8-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 712.434988][ T10] usb 8-1: USB disconnect, device number 4 [ 713.891687][ T10] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 714.036321][ T10] usb 8-1: Using ep0 maxpacket: 32 [ 714.038358][ T10] usb 8-1: config 0 has an invalid interface number: 188 but max is 0 [ 714.038383][ T10] usb 8-1: config 0 has no interface number 0 [ 714.038423][ T10] usb 8-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 714.040866][ T10] usb 8-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 714.040891][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.040911][ T10] usb 8-1: Product: syz [ 714.040924][ T10] usb 8-1: Manufacturer: syz [ 714.040938][ T10] usb 8-1: SerialNumber: syz [ 714.125081][ T10] usb 8-1: config 0 descriptor?? [ 714.126495][T19102] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 714.344436][T19102] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 715.596027][ T10] asix 8-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 715.596059][ T10] asix 8-1:0.188 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9 [ 715.606594][ T10] asix 8-1:0.188: probe with driver asix failed with error -71 [ 715.640550][ T10] usb 8-1: USB disconnect, device number 5 [ 715.865949][T19146] loop6: detected capacity change from 0 to 1024 [ 715.924949][T19146] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 715.925080][T19146] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 716.403184][T19146] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 716.804900][T14823] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 717.817000][T19193] loop3: detected capacity change from 0 to 512 [ 717.960980][T19193] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 717.961124][T19193] ext4 filesystem being mounted at /157/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 718.078861][T19193] EXT4-fs error (device loop3): ext4_do_update_inode:5741: inode #2: comm syz.3.5548: corrupted inode contents [ 718.386384][T19193] EXT4-fs error (device loop3): ext4_dirty_inode:6638: inode #2: comm syz.3.5548: mark_inode_dirty error [ 718.393916][T19193] EXT4-fs error (device loop3): ext4_do_update_inode:5741: inode #2: comm syz.3.5548: corrupted inode contents [ 718.400404][T19193] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #2: comm syz.3.5548: mark_inode_dirty error [ 718.629704][T19222] loop7: detected capacity change from 0 to 64 [ 718.731257][T19222] hfs: unable to locate alternate MDB [ 718.731343][T19222] hfs: continuing without an alternate MDB [ 718.878261][T19222] hfs: inconsistency in B*Tree (3,2,0,3,0) [ 718.878308][T19222] hfs: get root inode failed [ 719.183439][T19208] EXT4-fs warning (device loop3): ext4_es_cache_extent:1082: inode #2: comm syz.3.5548: ES cache extent failed: add [0,1,21,0x1] conflict with existing [0,8,576460752303423487,0x18] [ 719.183439][T19208] [ 719.183963][T19208] EXT4-fs error (device loop3): ext4_do_update_inode:5741: inode #2: comm syz.3.5548: corrupted inode contents [ 719.204804][T19208] EXT4-fs error (device loop3): ext4_append:88: inode #2: comm syz.3.5548: mark_inode_dirty error [ 719.208881][T19208] EXT4-fs error (device loop3) in ext4_append:100: Corrupt filesystem [ 719.628087][T15502] EXT4-fs error (device loop3): ext4_do_update_inode:5741: inode #2: comm syz-executor: corrupted inode contents [ 719.630699][T15502] EXT4-fs error (device loop3): ext4_dirty_inode:6638: inode #2: comm syz-executor: mark_inode_dirty error [ 719.674328][T15502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 720.206484][ T10] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 720.360679][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 720.360741][ T10] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 720.360767][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 720.413434][ T10] usb 4-1: config 0 descriptor?? [ 720.665812][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 720.665951][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 720.717205][ T10] usb 4-1: USB disconnect, device number 20 [ 720.986547][T17528] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 721.147380][T17528] usb 3-1: Using ep0 maxpacket: 32 [ 721.150354][T17528] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 721.150377][T17528] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 721.150397][T17528] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 721.150428][T17528] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 721.150446][T17528] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 721.221157][T17528] usb 3-1: config 0 descriptor?? [ 721.242125][T19271] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 721.267735][T17528] hub 3-1:0.0: USB hub found [ 721.386281][ T823] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 721.528169][T17528] hub 3-1:0.0: config failed, hub has too many ports! (err -19) [ 721.618773][ T823] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 721.619059][ T823] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40 [ 721.619089][ T823] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 721.673512][ T823] usb 4-1: config 0 descriptor?? [ 721.741278][T17528] usbhid 3-1:0.0: can't add hid device: -71 [ 721.741700][T17528] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 721.836287][T17528] usb 3-1: USB disconnect, device number 19 [ 721.952216][T19296] loop7: detected capacity change from 0 to 4125 [ 722.517097][ T823] aiptek 4-1:0.0: Aiptek using 400 ms programming speed [ 722.537319][ T823] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input25 [ 722.760711][T17528] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 722.924312][ C0] aiptek 4-1:0.0: aiptek_irq - usb_submit_urb failed with result -19 [ 722.924485][ T823] usb 4-1: USB disconnect, device number 21 [ 722.936436][T17528] usb 3-1: Using ep0 maxpacket: 16 [ 722.939675][T17528] usb 3-1: config index 0 descriptor too short (expected 51443, got 18) [ 722.975761][T17528] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 722.975800][T17528] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.975826][T17528] usb 3-1: Product: syz [ 722.975844][T17528] usb 3-1: Manufacturer: syz [ 722.975862][T17528] usb 3-1: SerialNumber: syz [ 723.075981][T17528] r8152-cfgselector 3-1: Unknown version 0x0000 [ 723.076012][T17528] r8152-cfgselector 3-1: config 0 descriptor?? [ 723.677310][ T10] r8152-cfgselector 3-1: USB disconnect, device number 20 [ 724.454843][ T38] audit: type=1326 audit(1781139414.633:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19356 comm="syz.2.5622" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 724.454995][ T38] audit: type=1326 audit(1781139414.633:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19356 comm="syz.2.5622" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 724.474668][ T38] audit: type=1326 audit(1781139414.643:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19356 comm="syz.2.5622" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 724.474838][ T38] audit: type=1326 audit(1781139414.643:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19356 comm="syz.2.5622" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 724.479894][ T38] audit: type=1326 audit(1781139414.663:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19356 comm="syz.2.5622" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 724.480081][ T38] audit: type=1326 audit(1781139414.643:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19356 comm="syz.2.5622" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 724.492424][ T38] audit: type=1326 audit(1781139414.673:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19356 comm="syz.2.5622" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 724.514646][ T38] audit: type=1326 audit(1781139414.693:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19356 comm="syz.2.5622" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 724.519860][ T38] audit: type=1326 audit(1781139414.703:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19356 comm="syz.2.5622" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 724.520003][ T38] audit: type=1326 audit(1781139414.703:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19356 comm="syz.2.5622" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 725.084738][T19371] loop3: detected capacity change from 0 to 128 [ 725.198784][T19370] loop7: detected capacity change from 0 to 1024 [ 725.216955][T19370] EXT4-fs: Ignoring removed orlov option [ 725.217042][T19370] EXT4-fs: Ignoring removed orlov option [ 725.222979][T19370] EXT4-fs (loop7): couldn't mount as ext3 due to feature incompatibilities [ 725.798278][T19386] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 725.798309][T19386] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 726.145783][T19367] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 726.294805][T19397] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 726.867387][T19405] loop2: detected capacity change from 0 to 32768 [ 726.939483][T19405] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 727.097285][T19405] XFS (loop2): Ending clean mount [ 727.135238][T19405] XFS (loop2): Quotacheck needed: Please wait. [ 728.193008][T19405] XFS (loop2): Quotacheck: Done. [ 729.169905][T19479] netlink: 'syz.3.5672': attribute type 1 has an invalid length. [ 729.169928][T19479] netlink: 'syz.3.5672': attribute type 4 has an invalid length. [ 729.169944][T19479] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.5672'. [ 730.286404][ T823] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 730.328040][ T5619] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 730.438851][ T823] usb 4-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 730.438892][ T823] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 730.475008][ T823] usb 4-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 730.475044][ T823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 730.475067][ T823] usb 4-1: Product: syz [ 730.475084][ T823] usb 4-1: Manufacturer: syz [ 730.475100][ T823] usb 4-1: SerialNumber: syz [ 730.520238][ T823] usb 4-1: config 0 descriptor?? [ 730.539849][ T823] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 732.014638][ T823] gspca_sunplus: reg_r err -71 [ 732.014737][ T823] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 732.019273][ T823] usb 4-1: USB disconnect, device number 22 [ 732.092720][ T7975] udevd[7975]: setting mode of /dev/bus/usb/004/022 to 020664 failed: No such file or directory [ 732.092853][ T7975] udevd[7975]: setting owner of /dev/bus/usb/004/022 to uid=0, gid=0 failed: No such file or directory [ 732.424637][T19548] loop7: detected capacity change from 0 to 32768 [ 732.587892][T19548] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 732.761084][T19548] XFS (loop7): Ending clean mount [ 732.777762][T19548] XFS (loop7): Quotacheck needed: Please wait. [ 733.758075][T19548] XFS (loop7): Quotacheck: Done. [ 734.025429][T17103] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 734.707823][T19619] loop3: detected capacity change from 0 to 512 [ 734.755918][T19619] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 734.755946][T19619] EXT4-fs (loop3): blocks per group (35) and clusters per group (32768) inconsistent [ 735.116315][ T5731] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 735.347146][ T5731] usb 4-1: Using ep0 maxpacket: 16 [ 735.350677][ T5731] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 735.350714][ T5731] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 735.350741][ T5731] usb 4-1: config 0 interface 0 has no altsetting 0 [ 735.350776][ T5731] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 735.350802][ T5731] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 735.356601][ T5731] usb 4-1: config 0 descriptor?? [ 735.767206][ T5731] hid (null): unknown global tag 0xe [ 735.767232][ T5731] hid (null): usage index exceeded [ 735.767249][ T5731] hid (null): invalid report_size -1214615059 [ 735.767269][ T5731] hid (null): unknown global tag 0xd [ 735.767284][ T5731] hid (null): unknown global tag 0xcf [ 735.790202][ T5731] hid (null): unknown global tag 0xff [ 735.790234][ T5731] hid (null): unknown global tag 0xc [ 735.790440][ T5731] hid (null): unknown global tag 0xe [ 735.790570][ T5731] hid (null): report_id 31132 is invalid [ 736.177576][ T5731] usb 4-1: USB disconnect, device number 23 [ 739.297856][T19767] loop3: detected capacity change from 0 to 128 [ 740.345503][T19800] loop2: detected capacity change from 0 to 256 [ 740.671987][T19800] FAT-fs (loop2): Directory bread(block 64) failed [ 740.672027][T19800] FAT-fs (loop2): Directory bread(block 65) failed [ 740.672154][T19800] FAT-fs (loop2): Directory bread(block 66) failed [ 740.672182][T19800] FAT-fs (loop2): Directory bread(block 67) failed [ 740.672288][T19800] FAT-fs (loop2): Directory bread(block 68) failed [ 740.672313][T19800] FAT-fs (loop2): Directory bread(block 69) failed [ 740.672416][T19800] FAT-fs (loop2): Directory bread(block 70) failed [ 740.672441][T19800] FAT-fs (loop2): Directory bread(block 71) failed [ 740.672542][T19800] FAT-fs (loop2): Directory bread(block 72) failed [ 740.672575][T19800] FAT-fs (loop2): Directory bread(block 73) failed [ 743.013348][ T3411] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 743.094626][T19855] loop2: detected capacity change from 0 to 4096 [ 743.287522][T19855] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512). [ 743.287646][T19855] ntfs3(loop2): RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only. [ 743.423357][T19855] ntfs3(loop2): It is recommended to use chkdsk. [ 743.757623][T19855] ntfs3(loop2): ino=0, mi_enum_attr [ 743.802314][T19855] ntfs3(loop2): failed to read volume at offset 0x201800 [ 743.802755][T19855] ntfs3(loop2): failed to read volume at offset 0x201800 [ 743.803016][T19855] ntfs3(loop2): failed to read volume at offset 0x201800 [ 743.803499][T19855] ntfs3(loop2): failed to read volume at offset 0x201800 [ 743.804919][T19855] ntfs3(loop2): failed to read volume at offset 0x202800 [ 743.818508][T19855] ntfs3(loop2): failed to read volume at offset 0x203800 [ 747.240463][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.240581][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.449519][T17528] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 748.727814][T17528] usb 4-1: Using ep0 maxpacket: 16 [ 748.730334][T17528] usb 4-1: config 0 has an invalid interface number: 34 but max is 0 [ 748.730365][T17528] usb 4-1: config 0 has no interface number 0 [ 748.730413][T17528] usb 4-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 748.730442][T17528] usb 4-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 748.734140][T17528] usb 4-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 748.734173][T17528] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 748.734197][T17528] usb 4-1: Product: syz [ 748.734213][T17528] usb 4-1: Manufacturer: syz [ 748.734229][T17528] usb 4-1: SerialNumber: syz [ 748.910417][T17528] usb 4-1: config 0 descriptor?? [ 748.911323][T19954] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 748.911467][T19954] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 748.981767][T19947] loop7: detected capacity change from 0 to 32768 [ 749.009379][T19947] OCFS2: ERROR (device loop7): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #70: mode 03644 has unknown file type [ 749.009491][T19947] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 749.009504][T19947] OCFS2: File system is now read-only. [ 749.009525][T19947] (syz.7.5884,19947,1):ocfs2_read_locked_inode:633 ERROR: status = -30 [ 749.010027][T19947] (syz.7.5884,19947,1):_ocfs2_get_system_file_inode:141 ERROR: status = -30 [ 749.010530][T19947] (syz.7.5884,19947,1):ocfs2_init_global_system_inodes:465 ERROR: status = -30 [ 749.010597][T19947] (syz.7.5884,19947,1):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 3, possibly corrupt fs? [ 749.010622][T19947] (syz.7.5884,19947,1):ocfs2_init_global_system_inodes:476 ERROR: status = -30 [ 749.010649][T19947] (syz.7.5884,19947,1):ocfs2_initialize_super:2195 ERROR: status = -30 [ 749.020496][T19947] (syz.7.5884,19947,0):ocfs2_fill_super:1177 ERROR: status = -30 [ 749.311260][T19954] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 749.311389][T19954] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 750.067863][T17478] usb 8-1: new full-speed USB device number 6 using dummy_hcd [ 750.229311][T17478] usb 8-1: config 5 has an invalid interface number: 211 but max is 0 [ 750.229344][T17478] usb 8-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config [ 750.229365][T17478] usb 8-1: config 5 has no interface number 0 [ 750.278583][T17478] usb 8-1: New USB device found, idVendor=813a, idProduct=22fe, bcdDevice=89.9c [ 750.278616][T17478] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 750.278638][T17478] usb 8-1: Product: syz [ 750.278654][T17478] usb 8-1: Manufacturer: syz [ 750.278669][T17478] usb 8-1: SerialNumber: syz [ 750.322772][T17478] rndis_host 8-1:5.211: rndis: master #0/0000000000000000 slave #1/0000000000000000 [ 750.750494][T17528] asix 4-1:0.34 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 750.750528][T17528] asix 4-1:0.34 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 750.750829][T17528] asix 4-1:0.34: probe with driver asix failed with error -71 [ 750.803004][T17528] usb 4-1: USB disconnect, device number 24 [ 751.272671][T17478] usb 8-1: USB disconnect, device number 6 [ 751.740680][T20042] loop2: detected capacity change from 0 to 128 [ 751.789886][T20042] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 751.789926][T20042] hpfs: filesystem error: improperly stopped [ 751.789944][T20042] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 751.789960][T20042] hpfs: You really don't want any checks? You are crazy... [ 751.789980][T20042] hpfs: Code page index out of array [ 751.789990][T20042] hpfs: code page support is disabled [ 751.790130][T20042] hpfs: hpfs_map_4sectors(): unaligned read [ 751.790218][T20042] hpfs: hpfs_map_4sectors(): unaligned read [ 751.790229][T20042] hpfs: filesystem error: unable to find root dir [ 752.766443][ T10] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 752.918931][ T10] usb 3-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid maxpacket 1056, setting to 64 [ 752.918971][ T10] usb 3-1: config 0 interface 0 altsetting 15 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 752.919000][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 752.919043][ T10] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 752.919068][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 752.975889][ T10] usb 3-1: config 0 descriptor?? [ 753.011375][T20060] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 753.522436][ T10] hid_parser_main: 4005 callbacks suppressed [ 753.522463][ T10] pyra 0003:1E7D:2CF6.001A: unknown main item tag 0x2 [ 753.522496][ T10] pyra 0003:1E7D:2CF6.001A: unknown main item tag 0x7 [ 753.522523][ T10] pyra 0003:1E7D:2CF6.001A: unknown main item tag 0x0 [ 753.522550][ T10] pyra 0003:1E7D:2CF6.001A: unknown main item tag 0x0 [ 753.522577][ T10] pyra 0003:1E7D:2CF6.001A: unknown main item tag 0x0 [ 753.522605][ T10] pyra 0003:1E7D:2CF6.001A: unknown main item tag 0x0 [ 753.522633][ T10] pyra 0003:1E7D:2CF6.001A: unknown main item tag 0x0 [ 753.522659][ T10] pyra 0003:1E7D:2CF6.001A: unknown main item tag 0x0 [ 753.522686][ T10] pyra 0003:1E7D:2CF6.001A: unknown main item tag 0x0 [ 753.522712][ T10] pyra 0003:1E7D:2CF6.001A: unknown main item tag 0x0 [ 753.641796][ T10] pyra 0003:1E7D:2CF6.001A: hidraw0: USB HID v0.0c Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0 [ 753.687597][T20096] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 753.738965][ T10] usb 3-1: USB disconnect, device number 21 [ 753.870800][T20101] fido_id[20101]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 754.378623][T20121] genirq: Flags mismatch irq 31. 00200000 (comedi_parport) vs. 00200000 (virtio1-input.0) [ 754.566297][T20131] loop7: detected capacity change from 0 to 512 [ 754.570927][T20131] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 754.880023][T20131] EXT4-fs (loop7): 1 truncate cleaned up [ 754.893782][T20131] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 755.065391][T20131] EXT4-fs error (device loop7): ext4_generic_delete_entry:2673: inode #2: block 13: comm syz.7.5970: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 755.297259][T20131] EXT4-fs (loop7): Remounting filesystem read-only [ 755.297288][T20131] EXT4-fs warning (device loop7): ext4_rename_delete:3739: inode #2: comm syz.7.5970: Deleting old file: nlink 5, error=-117 [ 755.690760][T17103] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 756.626376][ T10] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 756.862806][ T10] usb 8-1: unable to get BOS descriptor or descriptor too short [ 756.863940][ T10] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 756.863979][ T10] usb 8-1: can't read configurations, error -71 [ 758.422049][T20260] loop7: detected capacity change from 0 to 256 [ 758.509886][T20260] FAT-fs (loop7): Directory bread(block 64) failed [ 758.509927][T20260] FAT-fs (loop7): Directory bread(block 65) failed [ 758.510034][T20260] FAT-fs (loop7): Directory bread(block 66) failed [ 758.510058][T20260] FAT-fs (loop7): Directory bread(block 67) failed [ 758.510171][T20260] FAT-fs (loop7): Directory bread(block 68) failed [ 758.510197][T20260] FAT-fs (loop7): Directory bread(block 69) failed [ 758.510314][T20260] FAT-fs (loop7): Directory bread(block 70) failed [ 758.510340][T20260] FAT-fs (loop7): Directory bread(block 71) failed [ 758.510443][T20260] FAT-fs (loop7): Directory bread(block 72) failed [ 758.510495][T20260] FAT-fs (loop7): Directory bread(block 73) failed [ 759.475818][T20289] loop2: detected capacity change from 0 to 128 [ 759.695127][T20289] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 759.700918][T20289] ext4 filesystem being mounted at /902/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 759.782318][ T38] kauditd_printk_skb: 15 callbacks suppressed [ 759.782350][ T38] audit: type=1800 audit(1781139449.963:575): pid=20289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6041" name="bus" dev="loop2" ino=12 res=0 errno=0 [ 760.509374][ T5619] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 761.094513][ C0] [drm:vkms_crtc_handle_vblank_timeout] *ERROR* vkms failure on handling vblank [ 761.701222][T20312] loop7: detected capacity change from 0 to 32768 [ 761.737750][ T32] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 761.915708][ T32] usb 3-1: Using ep0 maxpacket: 16 [ 761.926833][ T32] usb 3-1: config 0 has an invalid interface number: 34 but max is 0 [ 761.926864][ T32] usb 3-1: config 0 has no interface number 0 [ 761.926914][ T32] usb 3-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 761.926943][ T32] usb 3-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 761.969756][ T32] usb 3-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 761.969791][ T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.969815][ T32] usb 3-1: Product: syz [ 761.969831][ T32] usb 3-1: Manufacturer: syz [ 761.969848][ T32] usb 3-1: SerialNumber: syz [ 762.015203][ T32] usb 3-1: config 0 descriptor?? [ 762.016545][T20344] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 762.017126][T20344] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 762.240900][T20344] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 762.241107][T20344] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 762.472044][ T32] asix 3-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 762.917590][T20312] Bad index:0 in slot in dtpage [ 762.917590][T20312] [ 762.917614][T20312] ERROR: (device loop7): dtSearch: DT_GETPAGE: dtree page corrupt [ 762.917614][T20312] [ 763.268948][T20312] ERROR: (device loop7): remounting filesystem as read-only [ 763.268989][T20312] jfs_rename did not expect dtDelete to return rc = -5 [ 763.269374][T20312] ERROR: (device loop7): jfs_rename: [ 763.269374][T20312] [ 763.696835][ T32] asix 3-1:0.34 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 763.696875][ T32] asix 3-1:0.34 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 763.697209][ T32] asix 3-1:0.34: probe with driver asix failed with error -71 [ 763.753932][ T32] usb 3-1: USB disconnect, device number 22 [ 763.942297][T20393] loop3: detected capacity change from 0 to 256 [ 763.971174][T20393] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 764.124365][T20393] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 764.539036][ T5625] Bluetooth: hci2: unexpected event for opcode 0x0c47 [ 764.615310][T20412] sg_write: data in/out 626257625/38 bytes for SCSI command 0x57-- guessing data in; [ 764.615310][T20412] program syz.3.6103 not setting count and/or reply_len properly [ 765.655257][T20449] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6117'. [ 767.381762][T20470] loop3: detected capacity change from 0 to 131072 [ 767.449134][T20470] F2FS-fs (loop3): Test dummy encryption mode enabled [ 767.546390][T20470] F2FS-fs (loop3): invalid crc value [ 767.676269][T20470] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 767.905897][T20470] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 768.592639][ T5625] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 768.592876][ T5625] Bluetooth: hci2: Injecting HCI hardware error event [ 768.625312][ T4924] Bluetooth: hci2: hardware error 0x00 [ 769.378652][T20517] loop7: detected capacity change from 0 to 131072 [ 769.783159][T20517] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 769.822815][T20517] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 770.131854][T20517] F2FS-fs (loop7): lookup inode (7) has corrupted xattr [ 770.151544][ T38] audit: type=1800 audit(1781139460.313:576): pid=20517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.6144" name="file1" dev="loop7" ino=7 res=0 errno=0 [ 770.185370][T20562] F2FS-fs (loop7): lookup inode (7) has corrupted xattr [ 770.460494][T20562] F2FS-fs (loop7): lookup inode (7) has corrupted xattr [ 771.723779][T20600] loop2: detected capacity change from 0 to 1024 [ 771.780849][T20600] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 772.078953][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 772.186569][ T4924] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 775.788247][T20708] loop3: detected capacity change from 0 to 32768 [ 775.939263][T20708] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 776.062017][ T3411] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 776.080489][ T38] audit: type=1800 audit(1781139466.253:577): pid=20708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.6231" name="file1" dev="loop3" ino=17058 res=0 errno=0 [ 776.774812][T15502] ocfs2: Unmounting device (7,3) on (node local) [ 778.654961][T20797] netlink: 'syz.2.6271': attribute type 4 has an invalid length. [ 778.689739][T20793] netlink: 36 bytes leftover after parsing attributes in process `syz.7.6268'. [ 779.304786][ T4370] Bluetooth: hci7: Frame reassembly failed (-84) [ 779.371119][T18898] Bluetooth: hci6: Frame reassembly failed (-84) [ 780.869791][T20880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 780.915370][T20880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 781.306464][T17105] Bluetooth: hci7: command 0x1003 tx timeout [ 781.360185][ T4924] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 781.401920][ T5625] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 781.413569][ T4924] Bluetooth: hci6: command 0x1003 tx timeout [ 783.305124][T20941] loop7: detected capacity change from 0 to 8 [ 783.314671][T20941] squashfs: Unknown parameter '18446744073709551615' [ 785.753500][T21022] loop2: detected capacity change from 0 to 128 [ 785.858117][T21022] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 785.881957][T21022] ext4 filesystem being mounted at /939/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 786.463898][ T5619] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 787.392661][T21059] loop3: detected capacity change from 0 to 128 [ 788.456278][ T10] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 788.639608][ T10] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 788.639643][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.639667][ T10] usb 3-1: Product: syz [ 788.639684][ T10] usb 3-1: Manufacturer: syz [ 788.639700][ T10] usb 3-1: SerialNumber: syz [ 789.109337][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 789.109405][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 789.297220][T21072] dummy0: entered promiscuous mode [ 789.774249][T21072] dummy0: left promiscuous mode [ 790.339242][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 790.352066][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 790.352600][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 790.352658][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 790.417547][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 790.439393][ T10] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 790.462028][ T10] usb 3-1: USB disconnect, device number 23 [ 791.674217][ T5625] Bluetooth: hci1: unexpected event for opcode 0x041b [ 791.704597][T21144] loop7: detected capacity change from 0 to 256 [ 799.948746][ T38] audit: type=1800 audit(1781139490.103:578): pid=21401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.6541" name="bus" dev="ramfs" ino=61711 res=0 errno=0 [ 800.341936][T21425] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 800.341956][T21425] IPv6: NLM_F_CREATE should be set when creating new route [ 801.783423][T21429] loop2: detected capacity change from 0 to 131072 [ 801.823414][T21429] F2FS-fs (loop2): invalid crc value [ 802.072439][T21429] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 802.158964][T21429] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 802.185031][ T38] audit: type=1800 audit(1781139492.363:579): pid=21429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6553" name="file1" dev="loop2" ino=7 res=0 errno=0 [ 802.805220][T21486] evm: overlay not supported [ 803.895298][T21507] binder: 21506:21507 ioctl c0306201 200000000680 returned -14 [ 806.151946][ T9] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 806.262667][T21550] bond1: entered allmulticast mode [ 806.271383][T21550] 8021q: adding VLAN 0 to HW filter on device bond1 [ 806.300155][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 806.302827][ T9] usb 8-1: config 0 has an invalid interface number: 34 but max is 0 [ 806.302855][ T9] usb 8-1: config 0 has no interface number 0 [ 806.302917][ T9] usb 8-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 806.302946][ T9] usb 8-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 806.347071][ T9] usb 8-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 806.347104][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.347125][ T9] usb 8-1: Product: syz [ 806.347140][ T9] usb 8-1: Manufacturer: syz [ 806.347157][ T9] usb 8-1: SerialNumber: syz [ 806.393390][ T9] usb 8-1: config 0 descriptor?? [ 806.395020][T21545] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 806.395630][T21545] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 806.454224][T21553] macvlan2: entered promiscuous mode [ 806.454250][T21553] macvlan2: entered allmulticast mode [ 806.484705][T21553] bond1: (slave macvlan2): Opening slave failed [ 806.642612][T21545] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 806.642750][T21545] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 806.871404][ T9] asix 8-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 807.873144][ T9] asix 8-1:0.34 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 807.873178][ T9] asix 8-1:0.34 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 807.873463][ T9] asix 8-1:0.34: probe with driver asix failed with error -71 [ 807.915930][ T9] usb 8-1: USB disconnect, device number 9 [ 808.677980][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.678073][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.808955][T21613] loop3: detected capacity change from 0 to 512 [ 811.057345][ T5625] Bluetooth: hci4: command 0x0406 tx timeout [ 812.327409][T21613] EXT4-fs: error -4 creating inode table initialization thread [ 812.328111][T21613] EXT4-fs (loop3): mount failed [ 813.319464][T21648] loop3: detected capacity change from 0 to 1024 [ 813.473790][T21648] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 813.473820][T21648] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 813.473917][T21648] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 813.483353][T21648] EXT4-fs error (device loop3): ext4_get_journal_inode:5900: inode #5: comm syz.3.6654: unexpected bad inode w/o EXT4_IGET_BAD [ 813.483473][T21648] loop3: lost file I/O error report for ino 5 type 5 pos 0x0 len 0x0 error -117 [ 813.484337][T21648] EXT4-fs (loop3): no journal found [ 813.484389][T21648] EXT4-fs (loop3): can't get journal size [ 813.486212][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 813.486233][ C1] EXT4-fs (loop3): initial error at time 1781139503: ext4_get_journal_inode:5900: inode 5 [ 813.486284][ C1] EXT4-fs (loop3): last error at time 1781139503: ext4_get_journal_inode:5900: inode 5 [ 813.641906][T21648] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 814.228464][T21648] EXT4-fs error (device loop3): __ext4_iget:5532: inode #15: block 1803188595: comm syz.3.6654: invalid block [ 814.469109][T15502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 816.558315][T21768] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6703'. [ 816.791765][T21774] loop3: detected capacity change from 0 to 512 [ 817.212305][T21774] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 817.212465][T21774] ext4 filesystem being mounted at /250/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 817.431948][T21755] loop2: detected capacity change from 0 to 40427 [ 817.484346][T21755] F2FS-fs (loop2): build fault injection rate: 771 [ 817.485639][T21755] F2FS-fs (loop2): invalid crc value [ 817.875671][T21781] EXT4-fs error (device loop3): ext4_validate_block_bitmap:423: comm ext4lazyinit: bg 0: bad block bitmap checksum [ 817.924346][T15502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 818.771511][T21755] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 818.942773][T21755] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 819.370362][ T5619] syz-executor: attempt to access beyond end of device [ 819.370362][ T5619] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 819.486269][ T5619] CPU: 0 UID: 0 PID: 5619 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 819.486307][ T5619] Tainted: [L]=SOFTLOCKUP [ 819.486315][ T5619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 819.486330][ T5619] Call Trace: [ 819.486339][ T5619] [ 819.486350][ T5619] dump_stack_lvl+0xe8/0x150 [ 819.486384][ T5619] f2fs_stop_checkpoint+0x3ef/0x5d0 [ 819.486426][ T5619] f2fs_write_end_io+0x1274/0x1740 [ 819.486472][ T5619] __submit_merged_bio+0x256/0x6a0 [ 819.486506][ T5619] ? rcu_is_watching+0x15/0xb0 [ 819.486535][ T5619] __submit_merged_write_cond+0x3c9/0x4e0 [ 819.486581][ T5619] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 819.486649][ T5619] f2fs_write_data_pages+0x287e/0x34f0 [ 819.486719][ T5619] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 819.486801][ T5619] ? do_raw_spin_lock+0x12b/0x2f0 [ 819.486843][ T5619] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 819.486873][ T5619] ? lockdep_hardirqs_on+0x7a/0x110 [ 819.486900][ T5619] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 819.486928][ T5619] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 819.486949][ T5619] ? reacquire_held_locks+0x104/0x190 [ 819.486971][ T5619] ? rt_spin_lock+0x1e0/0x400 [ 819.487018][ T5619] ? rt_spin_unlock+0x14f/0x200 [ 819.487046][ T5619] ? rt_spin_unlock+0x160/0x200 [ 819.487066][ T5619] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 819.487094][ T5619] do_writepages+0x32e/0x550 [ 819.487132][ T5619] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 819.487157][ T5619] ? rt_spin_unlock+0x14f/0x200 [ 819.487190][ T5619] filemap_fdatawrite+0x1ec/0x2f0 [ 819.487231][ T5619] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 819.487265][ T5619] ? __lock_acquire+0x6b5/0x2d10 [ 819.487336][ T5619] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 819.487368][ T5619] ? rt_spin_unlock+0x160/0x200 [ 819.487393][ T5619] f2fs_sync_dirty_inodes+0x30e/0x830 [ 819.487439][ T5619] f2fs_write_checkpoint+0x9ce/0x25a0 [ 819.487515][ T5619] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 819.487607][ T5619] ? kfree+0x1c5/0x6c0 [ 819.487635][ T5619] ? __wake_up_common_lock+0x18a/0x1e0 [ 819.487661][ T5619] ? f2fs_stop_gc_thread+0x82/0xb0 [ 819.487703][ T5619] kill_f2fs_super+0x314/0x730 [ 819.487737][ T5619] ? __pfx_kill_f2fs_super+0x10/0x10 [ 819.487778][ T5619] ? lockdep_hardirqs_on+0x7a/0x110 [ 819.487822][ T5619] deactivate_locked_super+0xbc/0x130 [ 819.487851][ T5619] cleanup_mnt+0x437/0x4d0 [ 819.487879][ T5619] ? _raw_spin_unlock_irq+0x23/0x50 [ 819.487909][ T5619] task_work_run+0x1d9/0x270 [ 819.487943][ T5619] ? __pfx_task_work_run+0x10/0x10 [ 819.487986][ T5619] exit_to_user_mode_loop+0x1fa/0x710 [ 819.488018][ T5619] ? rcu_is_watching+0x15/0xb0 [ 819.488041][ T5619] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.488065][ T5619] do_syscall_64+0x353/0x580 [ 819.488092][ T5619] ? trace_irq_disable+0x3b/0x140 [ 819.488122][ T5619] ? clear_bhb_loop+0x40/0x90 [ 819.488150][ T5619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.488173][ T5619] RIP: 0033:0x7f8e6c21e097 [ 819.488196][ T5619] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 819.488215][ T5619] RSP: 002b:00007ffd876d89a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 819.488240][ T5619] RAX: 0000000000000000 RBX: 00007f8e6c2b21ca RCX: 00007f8e6c21e097 [ 819.488256][ T5619] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd876d8a60 [ 819.488271][ T5619] RBP: 00007ffd876d8a60 R08: 00007ffd876d9a60 R09: 00000000ffffffff [ 819.488286][ T5619] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd876d9af0 [ 819.488301][ T5619] R13: 00007f8e6c2b21ca R14: 00000000000c7e12 R15: 00007ffd876d9b30 [ 819.488337][ T5619] [ 819.675301][ T5619] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 820.879201][T21846] loop7: detected capacity change from 0 to 32768 [ 820.903161][T21846] XFS (loop7): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 821.154050][T21846] XFS (loop7): Ending clean mount [ 821.322997][T21888] loop3: detected capacity change from 0 to 512 [ 821.324172][T21888] ext4: Unknown parameter 'noacl' [ 822.378181][T17103] XFS (loop7): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 822.443086][T21922] loop3: detected capacity change from 0 to 4096 [ 822.565055][T21922] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 824.110949][T15502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 824.797600][T21974] loop2: detected capacity change from 0 to 512 [ 824.826411][T21974] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 824.922120][T21974] EXT4-fs (loop2): 1 truncate cleaned up [ 824.934283][T21974] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 825.161845][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 826.707167][T22003] program syz.7.6800 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 829.405483][T22098] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6840'. [ 829.511442][T22098] unsupported nlmsg_type 40 [ 831.610106][T22128] loop2: detected capacity change from 0 to 40427 [ 831.631644][T22128] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 831.631676][T22128] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 831.662983][T22128] F2FS-fs (loop2): invalid crc value [ 831.823966][T22128] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 831.872384][T22128] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 831.872419][T22128] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 832.613187][T22128] syz.2.6854: attempt to access beyond end of device [ 832.613187][T22128] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 832.613803][T22128] CPU: 0 UID: 0 PID: 22128 Comm: syz.2.6854 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 832.613829][T22128] Tainted: [L]=SOFTLOCKUP [ 832.613835][T22128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 832.613846][T22128] Call Trace: [ 832.613852][T22128] [ 832.613860][T22128] dump_stack_lvl+0xe8/0x150 [ 832.613890][T22128] f2fs_stop_checkpoint+0x3ef/0x5d0 [ 832.613922][T22128] f2fs_write_end_io+0x1274/0x1740 [ 832.613960][T22128] __submit_merged_bio+0x256/0x6a0 [ 832.613986][T22128] ? rcu_is_watching+0x15/0xb0 [ 832.614007][T22128] __submit_merged_write_cond+0x3c9/0x4e0 [ 832.614078][T22128] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 832.614124][T22128] f2fs_write_data_pages+0x287e/0x34f0 [ 832.614173][T22128] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 832.614203][T22128] ? do_raw_spin_lock+0x12b/0x2f0 [ 832.614246][T22128] ? __lock_acquire+0x6b5/0x2d10 [ 832.614273][T22128] ? __lock_acquire+0x6b5/0x2d10 [ 832.614314][T22128] ? do_raw_spin_lock+0x12b/0x2f0 [ 832.614344][T22128] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 832.614366][T22128] ? lockdep_hardirqs_on+0x7a/0x110 [ 832.614386][T22128] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 832.614407][T22128] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 832.614427][T22128] do_writepages+0x32e/0x550 [ 832.614454][T22128] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 832.614471][T22128] ? rt_spin_unlock+0x14f/0x200 [ 832.614495][T22128] filemap_fdatawrite+0x1ec/0x2f0 [ 832.614525][T22128] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 832.614550][T22128] ? __lock_acquire+0x6b5/0x2d10 [ 832.614602][T22128] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 832.614625][T22128] ? rt_spin_unlock+0x160/0x200 [ 832.614642][T22128] f2fs_sync_dirty_inodes+0x30e/0x830 [ 832.614675][T22128] f2fs_write_checkpoint+0x9ce/0x25a0 [ 832.614722][T22128] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 832.614779][T22128] ? rcu_is_watching+0x15/0xb0 [ 832.614799][T22128] f2fs_issue_checkpoint+0x42c/0x700 [ 832.614828][T22128] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 832.614852][T22128] ? filemap_check_errors+0xd2/0x120 [ 832.614880][T22128] ? filemap_write_and_wait_range+0x28d/0x3f0 [ 832.614900][T22128] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 832.614947][T22128] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 832.614969][T22128] ? f2fs_sync_fs+0x1f0/0x3c0 [ 832.614995][T22128] f2fs_symlink+0x71f/0x8f0 [ 832.615030][T22128] ? bpf_lsm_capable+0x9/0x20 [ 832.615059][T22128] ? __pfx_f2fs_symlink+0x10/0x10 [ 832.615087][T22128] ? generic_permission+0x358/0x690 [ 832.615112][T22128] ? inode_permission+0x346/0x5f0 [ 832.615129][T22128] ? bpf_lsm_inode_symlink+0x9/0x20 [ 832.615150][T22128] vfs_symlink+0x195/0x340 [ 832.615175][T22128] ? bpf_lsm_path_symlink+0x9/0x20 [ 832.615195][T22128] filename_symlinkat+0x1cd/0x420 [ 832.615216][T22128] ? __pfx_filename_symlinkat+0x10/0x10 [ 832.615246][T22128] ? do_getname+0x151/0x250 [ 832.615262][T22128] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.615281][T22128] __se_sys_symlink+0x4d/0x2b0 [ 832.615296][T22128] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.615314][T22128] do_syscall_64+0x174/0x580 [ 832.615334][T22128] ? trace_irq_disable+0x3b/0x140 [ 832.615358][T22128] ? clear_bhb_loop+0x40/0x90 [ 832.615378][T22128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.615395][T22128] RIP: 0033:0x7f8e6c21ce59 [ 832.615411][T22128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 832.615426][T22128] RSP: 002b:00007f8e6a46e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 832.615445][T22128] RAX: ffffffffffffffda RBX: 00007f8e6c495fa0 RCX: 00007f8e6c21ce59 [ 832.615457][T22128] RDX: 0000000000000000 RSI: 0000200000001180 RDI: 0000200000000280 [ 832.615469][T22128] RBP: 00007f8e6c2b2d6f R08: 0000000000000000 R09: 0000000000000000 [ 832.615479][T22128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 832.615490][T22128] R13: 00007f8e6c496038 R14: 00007f8e6c495fa0 R15: 00007ffd876d9738 [ 832.615517][T22128] [ 832.615525][T22128] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 835.281039][T22214] loop3: detected capacity change from 0 to 256 [ 835.444072][T22215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 835.566595][T22214] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 835.676708][T22208] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 835.711013][T22214] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 0000fc00) [ 835.711129][T22214] FAT-fs (loop3): Filesystem has been set read-only [ 838.246137][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 843.780284][ T3411] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 847.705357][ T3411] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.934414][ T3411] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 852.178720][T22505] netlink: 208 bytes leftover after parsing attributes in process `syz.3.7009'. [ 852.326132][T22509] bond1: entered allmulticast mode [ 852.333182][T22509] 8021q: adding VLAN 0 to HW filter on device bond1 [ 852.399288][T22509] macvlan2: entered promiscuous mode [ 852.399317][T22509] macvlan2: entered allmulticast mode [ 852.402271][T22509] bond1: (slave macvlan2): Opening slave failed [ 855.346139][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 855.366144][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 855.376160][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 855.386120][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 855.396134][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 855.406123][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 855.416124][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 855.426121][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 855.436115][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 855.832277][ T3411] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 857.313972][T17528] IPVS: starting estimator thread 0... [ 857.612344][T22600] IPVS: using max 10 ests per chain, 24000 per kthread [ 858.680757][T22613] IPv6: NLM_F_REPLACE set, but no existing node found! [ 861.877724][ T3411] bridge_slave_1: left allmulticast mode [ 861.877760][ T3411] bridge_slave_1: left promiscuous mode [ 861.878051][ T3411] bridge0: port 2(bridge_slave_1) entered disabled state [ 862.007958][T22659] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7068'. [ 862.205589][ T3411] bridge_slave_0: left allmulticast mode [ 862.205622][ T3411] bridge_slave_0: left promiscuous mode [ 862.261020][ T3411] bridge0: port 1(bridge_slave_0) entered disabled state [ 864.464693][T22709] netlink: 48 bytes leftover after parsing attributes in process `syz.7.7082'. [ 867.313294][ T3411] bond0 (unregistering): left promiscuous mode [ 867.313324][ T3411] bond_slave_0: left promiscuous mode [ 867.313599][ T3411] bond_slave_1: left promiscuous mode [ 867.467636][ T3411] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 867.745541][ T3411] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 867.902683][ T3411] bond0 (unregistering): Released all slaves [ 868.240493][ T5270] 8021q: adding VLAN 0 to HW filter on device eth5 [ 868.362899][T22782] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7113'. [ 870.298734][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.298848][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 873.278925][ T3411] tipc: Disabling bearer [ 873.279933][ T3411] tipc: Left network mode [ 875.079770][T22836] netlink: 40 bytes leftover after parsing attributes in process `syz.7.7137'. [ 875.083483][T22836] netlink: 64 bytes leftover after parsing attributes in process `syz.7.7137'. [ 879.351048][T22894] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7152'. [ 880.079475][ T5270] 8021q: adding VLAN 0 to HW filter on device eth6 [ 883.654668][ T3411] batadv0: left promiscuous mode [ 883.921949][ T3411] hsr_slave_0: left promiscuous mode [ 884.041619][ T3411] hsr_slave_1: left promiscuous mode [ 884.042758][ T3411] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 884.042782][ T3411] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 884.103745][ T3411] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 884.103775][ T3411] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 885.935222][ T3411] veth1_macvtap: left promiscuous mode [ 885.935333][ T3411] veth0_macvtap: left promiscuous mode [ 885.935632][ T3411] veth1_vlan: left promiscuous mode [ 885.935848][ T3411] veth0_vlan: left promiscuous mode [ 890.604558][T23071] loop2: detected capacity change from 0 to 8 [ 891.728346][T23071] squashfs image failed sanity check [ 892.174034][ T4924] Bluetooth: hci1: unexpected event for opcode 0x1003 [ 896.398726][ T4924] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 896.399317][ T4924] Bluetooth: hci1: Injecting HCI hardware error event [ 896.509279][ T5625] Bluetooth: hci1: hardware error 0x00 [ 896.652538][ T3411] team0 (unregistering): Port device team_slave_1 removed [ 896.710791][ T3411] team0 (unregistering): Port device team_slave_0 removed [ 899.868719][ T5625] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 900.948143][T23161] random: crng reseeded on system resumption [ 902.727066][ T5270] 8021q: adding VLAN 0 to HW filter on device eth7 [ 905.095442][T23200] loop2: detected capacity change from 0 to 2048 [ 905.778241][T23200] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 905.858807][T23200] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 906.317100][T23200] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 908.236407][T23218] GUP no longer grows the stack in syz.7.7267 (23218): 200000005000-200000008000 (200000004000) [ 908.236451][T23218] CPU: 1 UID: 0 PID: 23218 Comm: syz.7.7267 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 908.236484][T23218] Tainted: [L]=SOFTLOCKUP [ 908.236492][T23218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 908.236506][T23218] Call Trace: [ 908.236515][T23218] [ 908.236526][T23218] dump_stack_lvl+0xe8/0x150 [ 908.236564][T23218] fixup_user_fault+0x637/0x6f0 [ 908.236597][T23218] fault_in_user_writeable+0x71/0xd0 [ 908.236635][T23218] futex_lock_pi+0x816/0xb10 [ 908.236678][T23218] ? __pfx_futex_lock_pi+0x10/0x10 [ 908.236746][T23218] ? __pfx_futex_wake_mark+0x10/0x10 [ 908.236790][T23218] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 908.236830][T23218] do_futex+0x361/0x4f0 [ 908.236859][T23218] ? __pfx_do_futex+0x10/0x10 [ 908.236896][T23218] ? __vm_munmap+0x2e6/0x3d0 [ 908.236940][T23218] __se_sys_futex+0x3a8/0x450 [ 908.236971][T23218] ? __pfx___se_sys_futex+0x10/0x10 [ 908.236991][T23218] ? rcu_is_watching+0x15/0xb0 [ 908.237020][T23218] ? __x64_sys_futex+0x21/0xf0 [ 908.237042][T23218] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 908.237066][T23218] do_syscall_64+0x174/0x580 [ 908.237093][T23218] ? trace_irq_disable+0x3b/0x140 [ 908.237123][T23218] ? clear_bhb_loop+0x40/0x90 [ 908.237151][T23218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 908.237172][T23218] RIP: 0033:0x7f915cf9ce59 [ 908.237192][T23218] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 908.237211][T23218] RSP: 002b:00007f915b1f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 908.237237][T23218] RAX: ffffffffffffffda RBX: 00007f915d215fa0 RCX: 00007f915cf9ce59 [ 908.237254][T23218] RDX: 0000000000000001 RSI: 000000000000008d RDI: 0000200000004000 [ 908.237267][T23218] RBP: 00007f915d032d6f R08: 0000000000000000 R09: 0000000000000001 [ 908.237282][T23218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 908.237296][T23218] R13: 00007f915d216038 R14: 00007f915d215fa0 R15: 00007ffff750adb8 [ 908.237331][T23218] [ 909.083273][T23233] netlink: 64 bytes leftover after parsing attributes in process `syz.2.7270'. [ 910.267770][T23259] netlink: 'syz.3.7281': attribute type 1 has an invalid length. [ 917.492478][ T5270] 8021q: adding VLAN 0 to HW filter on device eth8 [ 921.776018][T23413] loop2: detected capacity change from 0 to 512 [ 931.559475][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.559596][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 938.761573][T23596] fuse: fd is not a fuse device [ 941.985015][T23635] loop2: detected capacity change from 0 to 16 [ 942.011300][T23635] erofs: Unknown parameter 'ãé' [ 942.582819][T23636] kAFS: unable to lookup cell 'ÿ' [ 945.527677][ T4924] Bluetooth: hci4: command 0x0406 tx timeout [ 949.023266][T23748] loop2: detected capacity change from 0 to 512 [ 949.884210][T23748] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 949.884353][T23748] ext4 filesystem being mounted at /1034/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 949.976199][ T38] audit: type=1326 audit(1781139640.123:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23745 comm="syz.2.7443" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 949.976263][ T38] audit: type=1326 audit(1781139640.123:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23745 comm="syz.2.7443" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 949.976315][ T38] audit: type=1326 audit(1781139640.123:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23745 comm="syz.2.7443" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 949.976366][ T38] audit: type=1326 audit(1781139640.123:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23745 comm="syz.2.7443" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 949.976419][ T38] audit: type=1326 audit(1781139640.123:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23745 comm="syz.2.7443" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 949.976471][ T38] audit: type=1326 audit(1781139640.123:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23745 comm="syz.2.7443" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 949.976533][ T38] audit: type=1326 audit(1781139640.123:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23745 comm="syz.2.7443" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 949.976585][ T38] audit: type=1326 audit(1781139640.123:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23745 comm="syz.2.7443" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 949.976637][ T38] audit: type=1326 audit(1781139640.123:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23745 comm="syz.2.7443" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 949.976689][ T38] audit: type=1326 audit(1781139640.123:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23745 comm="syz.2.7443" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8e6c1dd68e code=0x7ffc0000 [ 951.250969][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 980.964939][T24045] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 980.964998][T24045] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 981.932757][T24045] vhci_hcd vhci_hcd.0: Device attached [ 982.080764][T24048] vhci_hcd: connection closed [ 982.120295][T19465] vhci_hcd vhci_hcd.0: stop threads [ 982.120326][T19465] vhci_hcd vhci_hcd.0: release socket [ 982.120426][T19465] vhci_hcd vhci_hcd.0: disconnect device [ 982.148445][ T37] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 982.148519][ T37] usb 33-1: enqueue for inactive port 0 [ 982.317787][ T37] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 988.082172][ T5625] Bluetooth: hci4: unexpected event 0x35 length: 7 > 6 [ 989.383963][T24148] lo speed is unknown, defaulting to 1000 [ 989.385551][T24148] lo speed is unknown, defaulting to 1000 [ 989.398596][T24148] lo speed is unknown, defaulting to 1000 [ 989.400568][T24148] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 989.400606][T24148] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 989.400653][T24148] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 989.414557][T24148] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 989.540029][T24148] lo speed is unknown, defaulting to 1000 [ 989.543687][T24148] lo speed is unknown, defaulting to 1000 [ 989.547391][T24148] lo speed is unknown, defaulting to 1000 [ 989.551037][T24148] lo speed is unknown, defaulting to 1000 [ 989.554647][T24148] lo speed is unknown, defaulting to 1000 [ 989.558367][T24148] lo speed is unknown, defaulting to 1000 [ 993.261636][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.268834][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 995.382993][T24229] loop2: detected capacity change from 0 to 8 [ 997.564637][T24251] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7627'. [ 999.643116][ T38] kauditd_printk_skb: 31 callbacks suppressed [ 999.643140][ T38] audit: type=1326 audit(1781139689.483:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24278 comm="syz.7.7638" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f915cf9ce59 code=0x0 [ 1002.299339][T24322] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7652'. [ 1010.569066][T24431] overlayfs: failed to clone upperpath [ 1019.245190][T24524] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1020.127772][T24534] binder: 24533:24534 ioctl 4018620d 0 returned -22 [ 1023.137872][T24555] fuse: blksize only supported for fuseblk [ 1032.398290][T24656] ptrace attach of "ci-upstream-linux-next-kasan-gce-root/syz-executor exec"[17103] was attempted by ""[24656] [ 1036.165254][T24710] bridge0: port 3(syz_tun) entered blocking state [ 1036.165676][T24710] bridge0: port 3(syz_tun) entered disabled state [ 1036.183858][T24710] syz_tun: entered allmulticast mode [ 1036.265071][T24710] syz_tun: entered promiscuous mode [ 1036.279570][T24710] bridge0: port 3(syz_tun) entered blocking state [ 1036.279749][T24710] bridge0: port 3(syz_tun) entered forwarding state [ 1038.048337][T24749] netlink: 332 bytes leftover after parsing attributes in process `syz.7.7827'. [ 1038.742134][T24767] loop2: detected capacity change from 0 to 8 [ 1039.618363][T24786] SQUASHFS error: lzo decompression failed, data probably corrupt [ 1039.618632][T24786] SQUASHFS error: Failed to read block 0x1c0: -5 [ 1039.618709][T24786] SQUASHFS error: Unable to read metadata cache entry [1be] [ 1040.349951][T24800] loop2: detected capacity change from 0 to 8 [ 1041.211842][T24811] SQUASHFS error: lzo decompression failed, data probably corrupt [ 1041.211878][T24811] SQUASHFS error: Failed to read block 0x1c0: -5 [ 1041.211898][T24811] SQUASHFS error: Unable to read metadata cache entry [1be] [ 1041.214665][T24811] netlink: 'syz.2.7844': attribute type 1 has an invalid length. [ 1041.214687][T24811] netlink: 'syz.2.7844': attribute type 2 has an invalid length. [ 1051.608908][T24895] binder: 24890:24895 ioctl c0306201 0 returned -14 [ 1054.621677][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.670365][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 1062.092286][T24999] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7918'. [ 1065.940452][T25049] overlayfs: overlapping lowerdir path [ 1066.839944][T25059] kAFS: unable to lookup cell 'ÿ' [ 1069.624737][T25118] geneve2: left promiscuous mode [ 1069.624773][T25118] geneve2: left allmulticast mode [ 1069.625668][T25118] bond2: left promiscuous mode [ 1069.625687][T25118] bridge2: left promiscuous mode [ 1069.633845][T25118] team1: left promiscuous mode [ 1069.633876][T25118] team1: left allmulticast mode [ 1069.639454][ T4370] bridge0: port 2(bridge_slave_1) entered blocking state [ 1069.639690][ T4370] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1069.643655][T19465] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1069.644406][T19465] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1069.843517][T19465] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1069.863322][T17893] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1070.949948][ T56] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1071.072443][ T56] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1071.232086][ T32] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1071.447085][ T32] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1071.654453][ T32] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1073.478420][ T4924] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1074.094844][ T4924] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1074.104641][ T4924] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1074.139146][ T4924] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1074.176623][ T4924] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1075.095455][T25187] loop2: detected capacity change from 0 to 40427 [ 1075.182991][T25187] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1075.183021][T25187] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1075.267684][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1075.564462][T25187] F2FS-fs (loop2): invalid crc value [ 1076.290939][T25187] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1076.349339][T25187] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1076.349373][T25187] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1076.646802][ T5625] Bluetooth: hci6: command tx timeout [ 1076.798639][ T38] audit: type=1800 audit(1781139766.943:622): pid=25212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.7989" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 1078.765181][ T5625] Bluetooth: hci6: command tx timeout [ 1079.632182][T25170] wg1 speed is unknown, defaulting to 1000 [ 1079.674767][T25170] lo speed is unknown, defaulting to 1000 [ 1080.223819][T21853] IPVS: starting estimator thread 0... [ 1080.375533][T25248] IPVS: using max 10 ests per chain, 24000 per kthread [ 1080.828949][ T5625] Bluetooth: hci6: command tx timeout [ 1082.601373][T25170] bridge0: port 1(bridge_slave_0) entered blocking state [ 1082.603220][T25170] bridge0: port 1(bridge_slave_0) entered disabled state [ 1082.603588][T25170] bridge_slave_0: entered allmulticast mode [ 1082.618533][T25170] bridge_slave_0: entered promiscuous mode [ 1082.633657][T25170] bridge0: port 2(bridge_slave_1) entered blocking state [ 1082.634608][T25170] bridge0: port 2(bridge_slave_1) entered disabled state [ 1082.635595][T25170] bridge_slave_1: entered allmulticast mode [ 1082.650430][T25170] bridge_slave_1: entered promiscuous mode [ 1082.791831][T25170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1082.839609][T25170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1082.938831][ T5625] Bluetooth: hci6: command tx timeout [ 1083.138791][T25170] team0: Port device team_slave_0 added [ 1083.159384][T25170] team0: Port device team_slave_1 added [ 1083.588837][T25170] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1083.588855][T25170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1083.588888][T25170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1083.782819][T25170] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1083.782840][T25170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1083.782874][T25170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1083.869412][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1084.199103][T25170] hsr_slave_0: entered promiscuous mode [ 1084.235648][T25170] hsr_slave_1: entered promiscuous mode [ 1084.252308][T25170] debugfs: 'hsr0' already exists in 'hsr' [ 1084.252338][T25170] Cannot create hsr debugfs directory [ 1085.251198][T25373] loop2: detected capacity change from 0 to 512 [ 1085.257955][T25373] EXT4-fs: Ignoring removed i_version option [ 1085.257997][T25373] EXT4-fs: Ignoring removed nobh option [ 1085.303575][T25373] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1085.324578][T25373] EXT4-fs (loop2): 1 truncate cleaned up [ 1085.336451][T25373] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1087.938529][ T38] audit: type=1800 audit(1781139778.123:623): pid=25381 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.8068" name="bus" dev="loop2" ino=19 res=0 errno=0 [ 1088.320758][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1095.551180][T25170] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1095.728498][T25170] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1095.734599][T25170] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1098.236810][T25170] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1098.260158][T25170] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1098.350274][T25170] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1098.359365][T25170] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1098.615108][T25170] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1100.309229][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1102.260060][T25170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1103.958207][T25170] 8021q: adding VLAN 0 to HW filter on device team0 [ 1104.042512][T17472] bridge0: port 1(bridge_slave_0) entered blocking state [ 1104.042901][T17472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1104.118158][T17472] bridge0: port 2(bridge_slave_1) entered blocking state [ 1104.118332][T17472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1104.526763][T25618] overlayfs: failed to resolve './bus': -2 [ 1105.709620][T25630] futex_wake_op: syz.2.8160 tries to shift op by 144; fix this program [ 1105.872765][T25630] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8160'. [ 1105.877713][T25630] netlink: 'syz.2.8160': attribute type 2 has an invalid length. [ 1109.466725][T25669] fuse: Bad value for 'fd' [ 1115.468561][T25170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1116.777274][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.777391][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 1124.575634][T25871] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8231'. [ 1124.655891][T25170] veth0_vlan: entered promiscuous mode [ 1125.348694][T25170] veth1_vlan: entered promiscuous mode [ 1125.657993][T25888] loop2: detected capacity change from 0 to 16 [ 1126.429871][T25888] erofs (device loop2): mounted with root inode @ nid 36. [ 1127.355913][T25170] veth0_macvtap: entered promiscuous mode [ 1127.434955][T25170] veth1_macvtap: entered promiscuous mode [ 1127.507358][T25170] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1127.591174][T25170] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1128.078506][T25914] tmpfs: Unsupported parameter 'huge' [ 1130.037571][ T1517] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.043752][T19465] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.050033][T19465] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.057761][T19465] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1133.147899][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1137.180298][T25988] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1137.347914][T25988] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1137.367686][T25988] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1137.442889][T25988] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1137.473455][T25988] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1141.247890][ T5625] Bluetooth: hci7: command tx timeout [ 1143.992000][ T5625] Bluetooth: hci7: command tx timeout [ 1145.132866][ T44] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1146.204922][ T5625] Bluetooth: hci7: command tx timeout [ 1149.188656][ T5625] Bluetooth: hci7: command tx timeout [ 1151.452944][T26150] loop2: detected capacity change from 0 to 512 [ 1151.463104][T26150] EXT4-fs: Ignoring removed nobh option [ 1152.373552][T26150] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1152.475707][T26150] EXT4-fs warning (device loop2): ext4_xattr_inode_get:546: inode #11: comm syz.2.8324: ea_inode file size=1535 entry size=6 [ 1152.476076][T26150] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 1152.476984][T26150] EXT4-fs error (device loop2): ext4_do_update_inode:5741: inode #15: comm syz.2.8324: corrupted inode contents [ 1152.477009][T26150] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 1152.486687][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 1152.486717][ C0] EXT4-fs (loop2): initial error at time 1781139842: ext4_do_update_inode:5741: inode 15 [ 1152.486751][ C0] EXT4-fs (loop2): last error at time 1781139842: ext4_do_update_inode:5741: inode 15 [ 1152.623764][T26150] EXT4-fs error (device loop2): ext4_dirty_inode:6638: inode #15: comm syz.2.8324: mark_inode_dirty error [ 1152.623804][T26150] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 1152.660152][T26150] EXT4-fs error (device loop2): ext4_do_update_inode:5741: inode #15: comm syz.2.8324: corrupted inode contents [ 1152.660191][T26150] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 1152.818094][T26150] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3001: inode #15: comm syz.2.8324: mark_inode_dirty error [ 1152.818209][T26150] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 1152.828118][T26150] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3004: inode #15: comm syz.2.8324: mark inode dirty (error -117) [ 1152.828158][T26150] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 1152.833152][T26150] EXT4-fs warning (device loop2): ext4_evict_inode:287: xattr delete (err -117) [ 1152.833471][T26150] EXT4-fs (loop2): 1 orphan inode deleted [ 1152.839585][T26150] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1152.916165][T26146] binder: 26139:26146 ioctl c0306201 200000000640 returned -22 [ 1153.375567][ T44] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1153.540039][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1153.840177][T25973] wg1 speed is unknown, defaulting to 1000 [ 1153.880087][T25973] lo speed is unknown, defaulting to 1000 [ 1155.349063][ T44] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1157.579992][ T44] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1159.333435][ T5625] Bluetooth: hci4: unexpected event for opcode 0x2003 [ 1161.642716][T25973] bridge0: port 1(bridge_slave_0) entered blocking state [ 1161.643231][T25973] bridge0: port 1(bridge_slave_0) entered disabled state [ 1161.643578][T25973] bridge_slave_0: entered allmulticast mode [ 1161.671278][T25973] bridge_slave_0: entered promiscuous mode [ 1162.682502][T25973] bridge0: port 2(bridge_slave_1) entered blocking state [ 1162.682985][T25973] bridge0: port 2(bridge_slave_1) entered disabled state [ 1162.683399][T25973] bridge_slave_1: entered allmulticast mode [ 1162.690194][T25973] bridge_slave_1: entered promiscuous mode [ 1167.737560][T25973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1167.831841][T25973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1167.950173][T17528] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 1168.099156][T17528] usb 3-1: config 253 has an invalid interface number: 130 but max is 0 [ 1168.099189][T17528] usb 3-1: config 253 has no interface number 0 [ 1168.099235][T17528] usb 3-1: config 253 interface 130 has no altsetting 0 [ 1168.131284][T17528] usb 3-1: New USB device found, idVendor=046d, idProduct=089b, bcdDevice=ea.f6 [ 1168.131321][T17528] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1168.131344][T17528] usb 3-1: Product: syz [ 1168.131360][T17528] usb 3-1: Manufacturer: syz [ 1168.131376][T17528] usb 3-1: SerialNumber: syz [ 1168.447976][T25973] team0: Port device team_slave_0 added [ 1168.499595][T25973] team0: Port device team_slave_1 added [ 1168.500362][T17528] uvcvideo 3-1:253.130: Found Unit with invalid ID 0 [ 1168.501513][T17528] uvcvideo 3-1:253.130: probe with driver uvcvideo failed with error -22 [ 1168.551008][T17528] usb 3-1: USB disconnect, device number 24 [ 1168.762904][T25973] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1168.762922][T25973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1168.762952][T25973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1168.923737][T25973] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1168.923755][T25973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1168.923787][T25973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1169.589335][ T5625] Bluetooth: hci4: unexpected cc 0x204b length: 9 > 3 [ 1169.589448][ T5625] Bluetooth: hci4: unexpected event for opcode 0x204b [ 1169.811317][T25973] hsr_slave_0: entered promiscuous mode [ 1169.852789][T25973] hsr_slave_1: entered promiscuous mode [ 1169.869717][T25973] debugfs: 'hsr0' already exists in 'hsr' [ 1169.869738][T25973] Cannot create hsr debugfs directory [ 1169.988078][ T44] bridge_slave_1: left allmulticast mode [ 1169.988125][ T44] bridge_slave_1: left promiscuous mode [ 1170.030650][ T44] bridge0: port 2(bridge_slave_1) entered disabled state [ 1170.209022][T26471] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8464'. [ 1170.379065][ T44] bridge_slave_0: left allmulticast mode [ 1170.379103][ T44] bridge_slave_0: left promiscuous mode [ 1170.379380][ T44] bridge0: port 1(bridge_slave_0) entered disabled state [ 1172.788100][ T44] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1173.218769][ T44] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1174.163657][ T44] bond0 (unregistering): Released all slaves [ 1174.266547][ T5270] 8021q: adding VLAN 0 to HW filter on device eth9 [ 1177.311993][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.312103][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.275325][ T44] hsr_slave_0: left promiscuous mode [ 1178.317582][ T44] hsr_slave_1: left promiscuous mode [ 1178.318825][ T44] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1178.318853][ T44] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1178.383883][ T44] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1178.383913][ T44] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1179.120716][ T44] veth1_macvtap: left promiscuous mode [ 1179.120846][ T44] veth0_macvtap: left promiscuous mode [ 1179.121169][ T44] veth1_vlan: left promiscuous mode [ 1179.123667][ T44] veth0_vlan: left promiscuous mode [ 1179.305408][T26720] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1187.815565][T26844] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1187.862517][T26844] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 1187.862798][T26844] overlayfs: failed to look up (tracing) for ino (-66) [ 1188.909539][ T44] team0 (unregistering): Port device team_slave_1 removed [ 1189.162586][ T44] team0 (unregistering): Port device team_slave_0 removed [ 1194.151364][ T5270] 8021q: adding VLAN 0 to HW filter on device eth10 [ 1194.186377][ T5625] Bluetooth: hci4: command 0x0406 tx timeout [ 1194.479426][T26957] loop2: detected capacity change from 0 to 256 [ 1194.569606][ T5625] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1194.730440][ T5625] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1194.762478][ T5625] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1194.781636][ T5625] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1194.784640][ T5625] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1198.793053][ T5625] Bluetooth: hci6: command tx timeout [ 1200.160152][T26954] wg1 speed is unknown, defaulting to 1000 [ 1200.163443][T26954] lo speed is unknown, defaulting to 1000 [ 1200.874789][ T5625] Bluetooth: hci6: command tx timeout [ 1202.933814][ T5625] Bluetooth: hci6: command tx timeout [ 1203.253776][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1204.407992][ T44] bridge_slave_1: left allmulticast mode [ 1204.408032][ T44] bridge_slave_1: left promiscuous mode [ 1204.408337][ T44] bridge0: port 2(bridge_slave_1) entered disabled state [ 1204.991103][ T5625] Bluetooth: hci6: command tx timeout [ 1205.536651][ T44] bridge_slave_0: left allmulticast mode [ 1205.536692][ T44] bridge_slave_0: left promiscuous mode [ 1205.536986][ T44] bridge0: port 1(bridge_slave_0) entered disabled state [ 1208.771858][ T44] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1209.007973][ T44] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1209.386993][ T44] bond0 (unregistering): Released all slaves [ 1210.861297][ T5270] 8021q: adding VLAN 0 to HW filter on device eth11 [ 1213.387060][ T44] hsr_slave_0: left promiscuous mode [ 1213.501031][ T44] hsr_slave_1: left promiscuous mode [ 1213.502307][ T44] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1213.607858][ T44] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1214.874330][ T38] audit: type=1326 audit(1781139905.053:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27256 comm="syz.2.8793" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 1214.874378][ T38] audit: type=1326 audit(1781139905.053:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27256 comm="syz.2.8793" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 1214.947052][ T38] audit: type=1326 audit(1781139905.053:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27256 comm="syz.2.8793" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 1214.947111][ T38] audit: type=1326 audit(1781139905.053:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27256 comm="syz.2.8793" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 1214.947161][ T38] audit: type=1326 audit(1781139905.053:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27256 comm="syz.2.8793" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 1214.947207][ T38] audit: type=1326 audit(1781139905.133:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27256 comm="syz.2.8793" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 1214.947255][ T38] audit: type=1326 audit(1781139905.133:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27256 comm="syz.2.8793" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 1214.947300][ T38] audit: type=1326 audit(1781139905.133:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27256 comm="syz.2.8793" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 1214.947352][ T38] audit: type=1326 audit(1781139905.133:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27256 comm="syz.2.8793" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 1215.302628][ T38] audit: type=1326 audit(1781139905.483:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27256 comm="syz.2.8793" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c21ce59 code=0x7ffc0000 [ 1217.432342][T27265] loop2: detected capacity change from 0 to 1024 [ 1217.438499][T27265] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1217.439515][T27265] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 1218.293892][ T39] INFO: task syz.3.7902:24962 blocked for more than 144 seconds. [ 1218.293923][ T39] Tainted: G L syzkaller #0 [ 1218.293935][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1218.293946][ T39] task:syz.3.7902 state:D stack:28120 pid:24962 tgid:24957 ppid:15502 task_flags:0x400040 flags:0x00080002 [ 1218.294018][ T39] Call Trace: [ 1218.294026][ T39] [ 1218.294041][ T39] __schedule+0x172b/0x5550 [ 1218.294073][ T39] ? __lock_acquire+0x6b5/0x2d10 [ 1218.294113][ T39] ? do_raw_spin_lock+0x12b/0x2f0 [ 1218.294147][ T39] ? do_raw_spin_lock+0x12b/0x2f0 [ 1218.294191][ T39] ? __pfx___schedule+0x10/0x10 [ 1218.294230][ T39] ? schedule+0x90/0x360 [ 1218.294261][ T39] schedule+0x164/0x360 [ 1218.294291][ T39] cgroup_lock_and_drain_offline+0x516/0x650 [ 1218.294338][ T39] ? __pfx_cgroup_lock_and_drain_offline+0x10/0x10 [ 1218.294370][ T39] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1218.294419][ T39] cgroup_kn_lock_live+0x120/0x230 [ 1218.294450][ T39] cgroup_subtree_control_write+0x4b3/0x10a0 [ 1218.294498][ T39] ? __pfx_cgroup_subtree_control_write+0x10/0x10 [ 1218.294528][ T39] ? kernfs_root+0x1c/0x230 [ 1218.294549][ T39] ? kernfs_root+0x1c/0x230 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1218.294573][ [ 1218.294573][ T39] ? kernfs_root+0x1ea/0x230 [ 1218.294606][ T39] ? __pfx_cgroup_subtree_control_write+0x10/0x10 [ 1218.294632][ T39] cgroup_file_write+0x331/0x8f0 [ 1218.294660][ T39] ? __pfx_cgroup_file_write+0x10/0x10 [ 1218.294681][ T39] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1218.294706][ T39] ? lockdep_hardirqs_on+0x7a/0x110 [ 1218.294739][ T39] ? __pfx_cgroup_file_write+0x10/0x10 [ 1218.294760][ T39] kernfs_fop_write_iter+0x3b0/0x540 [ 1218.294795][ T39] vfs_write+0x629/0xba0 [ 1218.294830][ T39] ? __pfx_vfs_write+0x10/0x10 [ 1218.294858][ T39] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1218.294882][ T39] ? lockdep_hardirqs_on+0x7a/0x110 [ 1218.294908][ T39] ? mutex_lock_nested+0x152/0x1d0 [ 1218.294937][ T39] ? fdget_pos+0x252/0x320 [ 1218.294967][ T39] ksys_write+0x156/0x270 [ 1218.294995][ T39] ? __pfx_ksys_write+0x10/0x10 [ 1218.295029][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1218.295051][ T39] do_syscall_64+0x174/0x580 [ 1218.295075][ T39] ? trace_irq_disable+0x3b/0x140 [ 1218.295227][ T39] ? clear_bhb_loop+0x40/0x90 [ 1218.295255][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1218.295276][ T39] RIP: 0033:0x7f425882ce59 [ 1218.295294][ T39] RSP: 002b:00007f4256a44028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1218.295315][ T39] RAX: ffffffffffffffda RBX: 00007f4258aa6180 RCX: 00007f425882ce59 [ 1218.295330][ T39] RDX: 0000000000000008 RSI: 0000200000000040 RDI: 0000000000000008 [ 1218.295342][ T39] RBP: 00007f42588c2d6f R08: 0000000000000000 R09: 0000000000000000 [ 1218.295355][ T39] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1218.295366][ T39] R13: 00007f4258aa6218 R14: 00007f4258aa6180 R15: 00007ffe95e6ac88 [ 1218.295397][ T39] [ 1218.295436][ T39] [ 1218.295436][ T39] Showing all locks held in the system: [ 1218.295449][ T39] 6 locks held by ktimers/1/30: [ 1218.295461][ T39] #0: ffffffff8de61520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 1218.295609][ T39] #1: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 1218.295658][ T39] #2: ffff8880b8726260 (&base->expiry_lock){+...}-{3:3}, at: __run_timer_base+0x120/0x9f0 [ 1218.295714][ T39] #3: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 1218.295759][ T39] #4: ffffc90000a4fa80 ((&ndev->rs_timer)){+...}-{0:0}, at: call_timer_fn+0xd4/0x5e0 [ 1218.295805][ T39] #5: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x215/0x1670 [ 1218.295864][ T39] 1 lock held by khungtaskd/39: [ 1218.295876][ T39] #0: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1218.366401][ T39] 4 locks held by kworker/u8:2/44: [ 1218.366444][ T39] #0: ffff88801b69e138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.366588][ T39] #1: ffffc90000b57c40 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.366777][ T39] #2: ffffffff8f384200 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 1218.366922][ T39] #3: ffffffff8f3937b8 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xe5/0x9e0 [ 1218.376325][ T39] 3 locks held by kworker/u8:8/749: [ 1218.376420][ T39] #0: ffff888032cf0938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.376571][ T39] #1: ffffc90005057c40 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.376714][ T39] #2: ffffffff8f3937b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 1218.376943][ T39] 11 locks held by kworker/u8:14/3411: [ 1218.376984][ T39] #0: ffff88802acde938 ((wq_completion)wg-kex-wg0#19){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.377100][ T39] #1: ffffc9000ff37c40 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.377250][ T39] #2: ffffffff8de61520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 1218.377321][ T39] #3: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 1218.377375][ T39] #4: ffff88805fb6b790 (&peer->endpoint_lock){++..}-{3:3}, at: wg_socket_send_skb_to_peer+0x6e/0x200 [ 1218.377548][ T39] #5: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: rt_read_lock+0x277/0x4b0 [ 1218.608538][ T39] #6: ffffffff8de61520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 1218.608919][ T39] #7: ffffffff8dfcb300 (rcu_read_lock_bh){....}-{1:3}, at: send6+0x255/0x910 [ 1218.609260][ T39] #8: ffffe8ffffdb1010 ((&({ do { const void *__vpp_verify = (typeof((dst_cache->cache) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((dst_cache->cache))) *)(( unsigned long)((dst_cache->cache)))))((unsigned long)((__typeof_unqual__(*((dst_cache->cache))) *)(( unsigned long)((dst_cache->cache)))) + (((__per_cpu_offset[(i)]))))); })->bh_lock)){+...}-{3:3}, at: dst_cache_set_ip6+0xb9/0x580 [ 1218.609709][ T39] #9: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 1218.610038][ T39] #10: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: dst_cache_set_ip6+0x170/0x580 [ 1218.610354][ T39] 2 locks held by dhcpcd/5269: [ 1218.610397][ T39] #0: ffffffff8f373c38 (vlan_ioctl_mutex){+.+.}-{4:4}, at: sock_ioctl+0x644/0x7f0 [ 1218.610648][ T39] #1: ffffffff8f3937b8 (rtnl_mutex){+.+.}-{4:4}, at: vlan_ioctl_handler+0xf0/0x630 [ 1218.611109][ T39] 2 locks held by getty/5366: [ 1218.611235][ T39] #0: ffff88823be880a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1218.611521][ T39] #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x465/0x1490 [ 1218.611997][ T39] 3 locks held by sshd-session/5595: [ 1218.612038][ T39] #0: ffff88803341e1d8 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x21/0x50 [ 1218.612398][ T39] #1: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: __ip_queue_xmit+0x5c/0x1bb0 [ 1218.612698][ T39] #2: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: ip_route_output_key_hash+0xd8/0x2a0 [ 1218.613181][ T39] 2 locks held by syz-executor/5596: [ 1218.614256][ T39] #0: ffff888033b8f030 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x194/0x9e0 [ 1218.614587][ T39] #1: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 1218.615522][ T39] 3 locks held by kworker/1:3/5598: [ 1218.615840][ T39] #0: ffff88813fe4e538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.622275][ T39] #1: ffffc90004587c40 ((gc_work).work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.625332][ T39] #2: ffffffff8ead1f58 ("ratelimiter_table_lock"){+.+.}-{3:3}, at: wg_ratelimiter_gc_entries+0x5d/0x480 [ 1218.655588][ T39] 1 lock held by syz-executor/5623: [ 1218.655696][ T39] #0: ffff888035bda500 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 1218.658011][ T39] 8 locks held by kworker/u8:7/14184: [ 1218.658108][ T39] #0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.658396][ T39] #1: ffffc9000ade7c40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.658852][ T39] #2: ffff8880554e08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xbe/0x440 [ 1218.659384][ T39] #3: ffff8880b873baa0 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 [ 1218.659646][ T39] #4: ffff8880b8724540 (psi_seq){-...}-{0:0}, at: psi_task_switch+0x53/0x880 [ 1218.660119][ T39] #5: ffff8880b8724540 (psi_seq){-...}-{0:0}, at: debug_object_activate+0xa8/0x3a0 [ 1218.661190][ T39] #6: ffff8880b8728458 (hrtimer_bases.lock){-...}-{2:2}, at: psi_task_switch+0x53/0x880 [ 1218.661605][ T39] #7: ffffffff9985d748 (&____s->seqcount#2){--..}-{0:0}, at: ktime_get+0x45/0x220 [ 1218.663244][ T39] 1 lock held by syz-executor/17103: [ 1218.663522][ T39] #0: ffff888037616528 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x252/0x320 [ 1218.665712][ T39] 9 locks held by kworker/u8:12/17472: [ 1218.666615][ T39] #0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.668838][ T39] #1: ffffc9000700fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.679966][ T39] #2: ffff88803ad26310 (&devlink->lock_key#8){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0 [ 1218.683024][ T39] #3: ffff88801f29c520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0 [ 1218.685528][ T39] #4: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 1218.690118][ T39] #5: ffffffff8de61520 (local_bh){.+.+}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 1218.709963][ T39] #6: ffff8880b873baa0 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 [ 1218.710290][ T39] #7: ffff8880b8724540 (psi_seq){-...}-{0:0}, at: hrtimer_start_range_ns+0x8c/0x3f0 [ 1218.711432][ T39] #8: ffffffff99a82250 (&obj_hash[i].lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 [ 1218.712081][ T39] 6 locks held by kworker/u8:17/17890: [ 1218.712124][ T39] #0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.712514][ T39] #1: ffffc9000685fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.712760][ T39] #2: ffff888034458310 (&devlink->lock_key#9){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0 [ 1218.713815][ T39] #3: ffff88803c759d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0 [ 1218.716918][ T39] #4: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 1218.719689][ T39] #5: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 1218.723067][ T39] 6 locks held by kworker/u8:20/17893: [ 1218.723555][ T39] #0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.727152][ T39] #1: ffffc90005cdfc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.731196][ T39] #2: ffff8880339f4310 (&devlink->lock_key){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0 [ 1218.734295][ T39] #3: ffff88805eb28920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0 [ 1218.737281][ T39] #4: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 1218.742020][ T39] #5: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 1218.748163][ T39] 2 locks held by kworker/u8:25/19463: [ 1218.748775][ T39] #0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.751863][ T39] #1: ffffc900084d7c40 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.760143][ T39] 3 locks held by kworker/u8:26/19465: [ 1218.760626][ T39] #0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.762136][ T39] #1: ffffc900084f7c40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.764536][ T39] #2: ffff88802c8708d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xbe/0x440 [ 1218.767795][ T39] 3 locks held by kworker/u8:28/19467: [ 1218.768540][ T39] #0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 1218.770576][ T39] #1: ffffc90008527c40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 1218.773213][ T39] #2: ffff88806e7b08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xbe/0x440 [ 1218.790703][ T39] 3 locks held by syz.3.7902/24962: [ 1218.791741][ T39] #0: ffff88802b8cd128 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x252/0x320 [ 1218.947828][ T39] #1: ffff8880374bc500 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 1218.948093][ T39] #2: ffff888061319478 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 1218.948355][ T39] 1 lock held by syz-executor/26954: [ 1218.948413][ T39] #0: ffffffff8f3937b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 1218.948665][ T39] 1 lock held by syz.2.8805/27283: [ 1218.948706][ T39] #0: ffff88804051b8b8 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x89/0x250 [ 1218.948983][ T39] 5 locks held by syz.2.8805/27287: [ 1218.949023][ T39] #0: ffff888063d4b3f0 (&u->iolock){+.+.}-{4:4}, at: __unix_dgram_recvmsg+0x1e2/0xd60 [ 1218.949253][ T39] #1: ffff888063d4b598 (&u->peer_wait){+.+.}-{3:3}, at: __wake_up_common_lock+0x2f/0x1e0 [ 1218.949500][ T39] #2: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 1218.949729][ T39] #3: ffff8880316ee7f8 (&p->pi_lock){-...}-{2:2}, at: try_to_wake_up+0x6c/0x1450 [ 1218.949954][ T39] #4: ffff8880b873baa0 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 [ 1218.950149][ T39] 1 lock held by syz-executor/27285: [ 1218.950190][ T39] #0: ffffffff8dfcb2a0 (rcu_read_lock){....}-{1:3}, at: path_init+0x12d/0x14d0 [ 1218.950424][ T39] 1 lock held by syz.7.8796/27286: [ 1218.950476][ T39] #0: ffff88804053ccf8 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x89/0x250 [ 1218.995760][ T39] [ 1218.995837][ T39] ============================================= [ 1218.995837][ T39] [ 1218.998001][ T39] NMI backtrace for cpu 1 [ 1218.998027][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1218.998058][ T39] Tainted: [L]=SOFTLOCKUP [ 1218.998066][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1218.998080][ T39] Call Trace: [ 1218.998089][ T39] [ 1218.998098][ T39] dump_stack_lvl+0xe8/0x150 [ 1218.998136][ T39] nmi_cpu_backtrace+0x274/0x2d0 [ 1218.998161][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1218.998196][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x380 [ 1218.998223][ T39] sys_info+0x135/0x170 [ 1218.998257][ T39] watchdog+0xfd3/0x1030 [ 1218.998296][ T39] ? watchdog+0x1c9/0x1030 [ 1218.998332][ T39] kthread+0x388/0x470 [ 1218.998363][ T39] ? __pfx_watchdog+0x10/0x10 [ 1218.998390][ T39] ? __pfx_kthread+0x10/0x10 [ 1218.998421][ T39] ret_from_fork+0x514/0xb70 [ 1218.998455][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 1218.998497][ T39] ? __switch_to+0xc79/0x1410 [ 1218.998525][ T39] ? __pfx_kthread+0x10/0x10 [ 1218.998555][ T39] ret_from_fork_asm+0x1a/0x30 [ 1218.998605][ T39] [ 1218.998655][ T39] Sending NMI from CPU 1 to CPUs 0: [ 1218.998704][ C0] NMI backtrace for cpu 0 [ 1218.998720][ C0] CPU: 0 UID: 0 PID: 27287 Comm: syz.2.8805 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1218.998745][ C0] Tainted: [L]=SOFTLOCKUP [ 1218.998752][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1218.998762][ C0] RIP: 0010:rcu_is_watching+0x10/0xb0 [ 1218.998783][ C0] Code: 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 53 65 ff 05 80 34 cc 10 5b 86 89 09 89 c3 83 f8 08 73 65 49 bf 00 00 00 00 00 fc ff df [ 1218.998799][ C0] RSP: 0018:ffffc9000c5ff5e0 EFLAGS: 00000282 [ 1218.998815][ C0] RAX: 0000000000000001 RBX: 1ffff920018bfec4 RCX: ffff888038628000 [ 1218.998828][ C0] RDX: 000000009375e803 RSI: ffffffff8d8bbd05 RDI: ffffffff8baa4380 [ 1218.998841][ C0] RBP: ffffc9000c5ff6c0 R08: ffffffff8b35db20 R09: ffffffff8dfcb2a0 [ 1218.998855][ C0] R10: dffffc0000000000 R11: fffffbfff1f1ac5f R12: ffff888038628000 [ 1218.998868][ C0] R13: dffffc0000000000 R14: ffff888063d4ad40 R15: ffffc9000c5ff640 [ 1218.998881][ C0] FS: 00007f8e6a44d6c0(0000) GS:ffff888125ebb000(0000) knlGS:0000000000000000 [ 1218.998897][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1218.998909][ C0] CR2: 00007f8e6c26a540 CR3: 000000002a7c2000 CR4: 00000000003526f0 [ 1218.998924][ C0] Call Trace: [ 1218.998930][ C0] [ 1218.998938][ C0] rt_spin_lock+0x20e/0x400 [ 1218.998956][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 1218.998975][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1218.999000][ C0] __skb_try_recv_datagram+0x89/0x1b0 [ 1218.999027][ C0] __unix_dgram_recvmsg+0x2e3/0xd60 [ 1218.999056][ C0] ? __pfx___unix_dgram_recvmsg+0x10/0x10 [ 1218.999080][ C0] ? irqentry_exit+0x218/0x8c0 [ 1218.999103][ C0] ? irqentry_exit+0x218/0x8c0 [ 1218.999123][ C0] ? trace_irq_disable+0x3b/0x140 [ 1218.999156][ C0] ? __lock_acquire+0x6b5/0x2d10 [ 1218.999183][ C0] ? unix_dgram_recvmsg+0xae/0xd0 [ 1218.999201][ C0] ? __pfx_unix_dgram_recvmsg+0x10/0x10 [ 1218.999220][ C0] sock_recvmsg_nosec+0x130/0x170 [ 1218.999250][ C0] ____sys_recvmsg+0x23d/0x4f0 [ 1218.999278][ C0] ? __pfx_____sys_recvmsg+0x10/0x10 [ 1218.999309][ C0] ? import_iovec+0x73/0xa0 [ 1218.999336][ C0] ___sys_recvmsg+0x215/0x5a0 [ 1218.999362][ C0] ? __pfx____sys_recvmsg+0x10/0x10 [ 1218.999388][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 1218.999409][ C0] ? irqentry_exit+0x218/0x8c0 [ 1218.999447][ C0] do_recvmmsg+0x32b/0x7e0 [ 1218.999475][ C0] ? __pfx_do_recvmmsg+0x10/0x10 [ 1218.999498][ C0] ? do_futex+0x43d/0x4f0 [ 1218.999529][ C0] __x64_sys_recvmmsg+0x198/0x250 [ 1218.999573][ C0] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1218.999602][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1218.999623][ C0] do_syscall_64+0x174/0x580 [ 1218.999647][ C0] ? trace_irq_disable+0x3b/0x140 [ 1218.999672][ C0] ? clear_bhb_loop+0x40/0x90 [ 1218.999693][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1218.999712][ C0] RIP: 0033:0x7f8e6c21ce59 [ 1218.999728][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1218.999744][ C0] RSP: 002b:00007f8e6a44d028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1218.999763][ C0] RAX: ffffffffffffffda RBX: 00007f8e6c496090 RCX: 00007f8e6c21ce59 [ 1218.999777][ C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000005 [ 1218.999789][ C0] RBP: 00007f8e6c2b2d6f R08: 0000000000000000 R09: 0000000000000000 [ 1218.999801][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1218.999813][ C0] R13: 00007f8e6c496128 R14: 00007f8e6c496090 R15: 00007ffd876d9738 [ 1218.999837][ C0] [ 1219.110011][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 1219.110046][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1219.110078][ T39] Tainted: [L]=SOFTLOCKUP [ 1219.110087][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1219.110102][ T39] Call Trace: [ 1219.110113][ T39] [ 1219.110125][ T39] vpanic+0x56c/0xa60 [ 1219.110167][ T39] ? __pfx_vpanic+0x10/0x10 [ 1219.110204][ T39] ? irqentry_exit+0x218/0x8c0 [ 1219.110242][ T39] panic+0xc5/0xd0 [ 1219.110274][ T39] ? __pfx_panic+0x10/0x10 [ 1219.110321][ T39] ? __pfx_panic+0x10/0x10 [ 1219.110357][ T39] watchdog+0x102c/0x1030 [ 1219.110398][ T39] ? watchdog+0x1c9/0x1030 [ 1219.110437][ T39] kthread+0x388/0x470 [ 1219.110468][ T39] ? __pfx_watchdog+0x10/0x10 [ 1219.110498][ T39] ? __pfx_kthread+0x10/0x10 [ 1219.110531][ T39] ret_from_fork+0x514/0xb70 [ 1219.110566][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 1219.110597][ T39] ? __switch_to+0xc79/0x1410 [ 1219.110635][ T39] ? __pfx_kthread+0x10/0x10 [ 1219.110668][ T39] ret_from_fork_asm+0x1a/0x30 [ 1219.110723][ T39] [ 1219.111331][ T39] Kernel Offset: disabled