last executing test programs: 17.851098948s ago: executing program 0 (id=2380): syz_usb_connect(0x0, 0x48, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x56, 0x54, 0x48, 0x20, 0x5e1, 0x408, 0x2511, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x36, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x2e, 0xc2, 0x5d, 0x0, [], [{{0x9, 0x5, 0x2}}, {{0x9, 0x5, 0xc}}, {{0x9, 0x5, 0x3, 0x1}}, {{0x9, 0x5, 0x8}}]}}]}}]}}, 0x0) 14.911215884s ago: executing program 0 (id=2387): syz_usb_connect(0x0, 0x79, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xc4, 0x6f, 0x3d, 0x8, 0x5a9, 0x2640, 0x5512, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x67, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe, 0x1, 0x0, 0x0, [@uac_control={{}, [@input_terminal={0xc}, @feature_unit={0xb, 0x24, 0x6, 0x0, 0x0, 0x2, [0x0, 0x0]}, @extension_unit={0xb, 0x24, 0x8, 0x0, 0x0, 0x0, "083c08d1"}, @output_terminal={0x9, 0x24, 0x3, 0x6}, @feature_unit={0x11, 0x24, 0x6, 0x0, 0x0, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}]}, @uac_as={[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x6}, @format_type_i_continuous={0x8}]}]}}]}}]}}, 0x0) 11.48567441s ago: executing program 3 (id=2394): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) getpid() r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x0, 0x0}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000000)=0x400) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, r2, 0x0) ioctl$SNDCTL_DSP_SPEED(r2, 0x5008, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000000c0)={'vlan0\x00', &(0x7f0000000140)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x2, 0x0, 0x0, 0x0, 0x8], [0xa, 0x3]}}) ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182103, &(0x7f0000000080)={r5}) munlock(&(0x7f00005a5000/0x1000)=nil, 0x1000) munlock(&(0x7f00001f1000/0x2000)=nil, 0x2000) munlock(&(0x7f0000b21000/0x2000)=nil, 0x2000) mremap(&(0x7f0000a36000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil) close(r0) socket$inet_mptcp(0x2, 0x1, 0x106) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a1400"], 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000640)=ANY=[@ANYBLOB="20000000150a0309"], 0x20}}, 0x0) socket$kcm(0x10, 0x2, 0x0) 11.262596308s ago: executing program 1 (id=2395): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000440)=@framed={{}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c003d000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$netrom(r1, &(0x7f0000000600)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x7}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x48) syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="020000231a1f0001000e00030000000002000400000000001000ff00"/40], 0x28) process_madvise(0xffffffffffffffff, &(0x7f0000000200), 0x1000000000000276, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@deltfilter={0x34, 0x2d, 0x1, 0x0, 0x0, {}, [@filter_kind_options=@f_flow={{0x9}, {0xfffffe14}}]}, 0x34}}, 0x0) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0xac, r6, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x64}, @IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x5}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7ff}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'macsec0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x8}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x4000000}, 0x24008018) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000340)) mount(&(0x7f0000000500)=@sr0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580)='qnx4\x00', 0x40, &(0x7f00000005c0)=',\x00') getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00'}, 0x10) r7 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0\x00', 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f0000000080)=[{0x4}, {0x6}]}) execveat(r7, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x800) 11.262085173s ago: executing program 0 (id=2396): syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040efaff0520"], 0x7) 11.090756407s ago: executing program 0 (id=2397): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sched_setaffinity(0x0, 0xfffffffffffffe58, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df000000a7d9de16c708db7200"}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x40030000000000}, 0x0) ioctl$int_in(r1, 0x0, &(0x7f0000000300)=0x208) bind$inet6(r1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00'}) ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, &(0x7f0000000200)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x6, 0x0, &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x50, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x14, &(0x7f0000000600), 0x10}, 0x90) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0x0, 0x204}}) ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x0, 0x0, 0x101}}) 9.872985079s ago: executing program 1 (id=2398): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x44, 0x10, 0x20, 0xfffffffd, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_PMTUDISC={0x5, 0xa, 0xff}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x44}}, 0x4001) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read$dsp(r3, &(0x7f00000000c0)=""/108, 0x6c) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0) sendmsg$TIPC_NL_KEY_FLUSH(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000000d64f039027a44aca738dbc68749902d8183a3fbfcd6365b27274724012041c0c0b7207e687deb5846cec3b21b8959752397a5c9553026e94b85a91e879dd8400c88ba56033391cb30205649340c15362fe6deb34094bff6861ed4a5e7e70b9c10e94001a74179042ad32cb0ee97c841065325f8d1a241b0b1e81aaf02cb9b9cdd3c22958771ff18cc6c6e6343f951999bd2faa1b356f9abdb40eecf02065", @ANYRES16=0x0, @ANYBLOB="00012cbd7000fbdbdf2518000000"], 0x14}}, 0x48001) listen(r1, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/62, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000006c0)=""/88, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000e40)) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x20000) ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000040)=0x200000000) readv(r4, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/119, 0x77}], 0x1) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, &(0x7f00000005c0)=ANY=[@ANYRES64=r3]) r5 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x0, &(0x7f0000000180), 0x4) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000080)) r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000240)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x40, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @private1, @remote, [@dstopts={0x0, 0x0, '\x00', [@generic]}]}}}}}}}, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000001000010800"/20, @ANYRES32=r7, @ANYBLOB="000000000000000014002b8008000300190000f5070001"], 0x3c}}, 0x0) ioctl$BLKTRACETEARDOWN(r6, 0x2202, 0x0) syz_open_procfs$pagemap(0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a3200000000000000000100000008000b40000000002400048020000180070001006374000014000280080001400000001208000240000000000900010073797a3000000000030000001100010000000000000000000000000a"], 0xc0}}, 0x0) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) 9.740512469s ago: executing program 3 (id=2399): open(&(0x7f0000000040)='./file0\x00', 0x4ca42, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56561, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_MEMORY_LIMIT={0xffffffffffffff4f}]}}]}, 0x40}}, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='devpts\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x90020, &(0x7f0000000300)=ANY=[@ANYBLOB='mode=00000000000000000004000,']) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) socket$packet(0x11, 0x2, 0x300) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2041002, &(0x7f00000000c0)={[{@quota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@stripe={'stripe', 0x3d, 0x4}}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=") r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_proto_private(r4, 0x8942, &(0x7f0000000000)="4be25934c3db55f03a") syz_emit_ethernet(0x86, 0x0, 0x0) add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r5, 0x0) r6 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x0, 0x0, 0x2, 0x9c159fada6902b91}, 0x20) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r7 = socket$inet6(0xa, 0x3, 0x9) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000000)={@empty}, 0x20) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r8, 0x29, 0x31, &(0x7f0000000000), 0x4) setsockopt$inet6_int(r8, 0x29, 0x33, &(0x7f00000000c0), 0x4) getsockopt$inet6_buf(r8, 0x29, 0x6, &(0x7f0000000440)=""/19, &(0x7f0000000240)=0x71) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ptrace$poke(0x4, 0x0, &(0x7f00000000c0), 0x833) 7.718398026s ago: executing program 1 (id=2403): syz_usb_connect(0x2, 0x7a, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x7a, 0xac, 0x4f, 0x10, 0x1199, 0x24, 0x390f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x98, 0x91, 0x94, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "d77b5d2898"}]}}]}}]}}]}}, 0x0) 7.613563996s ago: executing program 3 (id=2404): syz_emit_vhci(&(0x7f0000000a40)=ANY=[@ANYBLOB="02c82081007d00010004070400ffff000007ff"], 0x86) 7.380588909s ago: executing program 3 (id=2407): syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e04fd0a20"], 0x7) 7.215073081s ago: executing program 3 (id=2408): syz_usb_connect(0x0, 0x273, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002ffd26f10cb060600eb9a0102030109026102040000000009040000014fa266000905000000000000000904000001c107df00cc"], 0x0) 7.019601326s ago: executing program 4 (id=2410): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x10, 0xa, &(0x7f0000000500)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000007657dcd09b1c3ef30000850000007a000000b70000000000000018270000a21c7fef212aa6b2667f9110266241f2a4140e5e", @ANYRES32=r2, @ANYBLOB="000000000c000000950000"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_type(r5, &(0x7f00000000c0), 0x2, 0x0) preadv(r6, &(0x7f0000000040)=[{&(0x7f0000000100)=""/185, 0xb9}], 0x1, 0x0, 0x0) sysinfo(&(0x7f00000003c0)=""/67) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000920000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r7 = userfaultfd(0x80001) fremovexattr(r7, 0xfffffffffffffffd) unshare(0x44000680) 4.40777169s ago: executing program 4 (id=2412): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000400)={'sit0\x00', &(0x7f00000003c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x4, 0x29, 0x0, @rand_addr, @private}}}}) 4.075053708s ago: executing program 2 (id=2414): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x3c, 0x39, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x8, 0x2, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0x10, 0x5, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x3c}}, 0x0) 4.0743418s ago: executing program 4 (id=2415): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0xc1c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file5\x00', 0x61c0, 0x700) symlinkat(&(0x7f00000001c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file6\x00') r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file2\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200) unlinkat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103) renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000600)='./file7\x00', 0x81c0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000640)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000680)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000740)='./file7\x00', 0xc1c0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file3\x00', 0xffffffffffffff9c, &(0x7f00000007c0)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000800)='./file3\x00', 0xffffffffffffff9c, &(0x7f0000000840)='./file7\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000880)='./file7\x00', 0x11c0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f00000008c0)='./file4\x00', 0xffffffffffffff9c, &(0x7f0000000900)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000940)='./file4\x00', 0xffffffffffffff9c, &(0x7f0000000980)='./file7\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000009c0)='./file7\x00', 0x61c0, 0x700) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file5\x00', 0xffffffffffffff9c, &(0x7f0000000a40)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000a80)='./file5\x00', 0xffffffffffffff9c, &(0x7f0000000ac0)='./file7\x00', 0x0) symlinkat(&(0x7f0000000b00)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000b40)='./file7\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000b80)='./file6\x00', 0xffffffffffffff9c, &(0x7f0000000bc0)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000c00)='./file6\x00', 0xffffffffffffff9c, &(0x7f0000000c40)='./file7\x00', 0x0) 3.928644847s ago: executing program 1 (id=2416): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x328, 0x140, 0x140, 0xfeffffff, 0xa8, 0x0, 0x290, 0x290, 0xffffffff, 0x290, 0x290, 0x5, 0x0, {[{{@ip={@broadcast, @remote, 0x0, 0x0, 'geneve1\x00', 'geneve0\x00'}, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x6800, {0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @port, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1e8}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @gre_key, @gre_key}}}}, {{@ip={@dev, @multicast2, 0x0, 0x0, 'veth1_virt_wifi\x00', 'pim6reg0\x00'}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @local, @loopback, @port, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x388) 3.83102948s ago: executing program 4 (id=2417): prlimit64(0x0, 0x0, 0x0, 0x0) r0 = getpid() tkill(r0, 0x12) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@nfs_export_on}, {@metacopy_on}]}) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x0, 0x300) socket$inet(0x2, 0x4000000000000001, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={0x0, &(0x7f0000000540)=""/246, 0x42, 0xf6}, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000008c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000600)=0x1) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2c, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private}, {@multicast1}, {@remote}, {@dev}, {@broadcast}, {@empty}, {@multicast1}, {@private}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@dev={0xac, 0x14, 0x14, 0x26}}, {@remote}, {@multicast1}, {@private}, {@private=0xa010100}, {@broadcast}, {@multicast2, 0x7fffffff}]}, @noop, @noop, @noop]}}}}}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0xff, 0x8, 0x8}, 0x48) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="040e18050510"], 0xe) r4 = socket$inet6(0xa, 0x3, 0x40) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000000)={@private1, 0x0, r5}) write(0xffffffffffffffff, &(0x7f0000000000)='\"', 0x1) socket(0x1f, 0x3, 0x0) 3.754851491s ago: executing program 2 (id=2418): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000140)}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000002c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0x1}], 0x1, &(0x7f0000000300)=ANY=[@ANYRESDEC=r0, @ANYRES32=0x0], 0x30}], 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r4, &(0x7f0000000080), 0xe) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) capset(&(0x7f0000000000), &(0x7f0000000280)) ioctl$KDSETMODE(r5, 0x5608, 0x0) writev(r4, &(0x7f0000000240), 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fcntl$notify(0xffffffffffffffff, 0x402, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYRES16=0x0, @ANYBLOB], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) bind$inet(r7, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f0000000600), 0x4) 2.743704091s ago: executing program 4 (id=2419): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x80, 0x3, 0x1}, 0x8) 2.698860105s ago: executing program 1 (id=2420): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x16, 0x0, 0x5, 0x0, 0x0, r0, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x5}, 0x48) r6 = fcntl$dupfd(r0, 0x0, r5) setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x468, 0xc, 0x5002004a, 0xb, 0x310, 0xea13, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4c8) r7 = io_uring_setup(0x33b2, &(0x7f0000000180)={0x0, 0x0, 0x2}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_setup(0x75e5, &(0x7f00000000c0)={0x0, 0x0, 0x22, 0x0, 0x0, 0x0, r7}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000791000000000000095000000000000009e44c9a5aa90687ff07cb04a39bfc405c659bb1f7af4ad95167a66a1028ee9acd798b45a7b844a1ee5b89470e6f3c79a68c8edbb5e89f6e871a7a1e65f36018da97043bb2e701ed070537d41fbcd850d19cc6fc80827bd7bcfef28c533eca5bbbf70b86f61716c7fc947cad692d047052010e134169f4baa098b19f25aab31956fc9e22ad158f35948ba1991d66ca4542ff03a114fa676ae2faeb5b2a418edcbe5255b81629b97922d6acf2f45b4aadb7763a8176d6df6cc65115d7f9438e2d59f5ca7c593e0ac49994ba6a46e026aa08d340bdb3abee091e157f3"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000000033fe20902e6c62aebfa2000000000021c22dce58dc9c3effb703000008000000b70400000000000085000000030000009500000000000000355a23b9e71f2e3b47a591aa0b46d5323cc2411f8f"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.649903443s ago: executing program 2 (id=2421): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_enc_key_size={{0x7}, {0x0, 0xc9}}}}, 0xa) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1f}, @NFTA_META_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x180da5f60c08e663, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100007, 0x20104, 0x0, 0x1}, 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000015c0), 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet(0x2, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)=0x7f, 0x4) syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) r4 = landlock_create_ruleset(&(0x7f0000000a40)={0x20}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, &(0x7f0000000a80), 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)='D', 0x1}], 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r5, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d8000000400cc000800054001000000140004"], 0x58}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x2c}}, 0x0) fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) 2.632301868s ago: executing program 0 (id=2422): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000001000)=0x43aa, 0x4) setsockopt$inet6_int(r0, 0x29, 0x32, &(0x7f0000000000)=0x41000b6, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x28, 0x5, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$qrtr(0x2a, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) socket$nl_xfrm(0x10, 0x3, 0x6) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r7, 0xc0182101, &(0x7f0000000180)={r8}) r9 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x10000, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r9, 0xc100565c, &(0x7f0000000200)={0x0, 0x20, 0x2, {0x1, @sliced={0xf801, [0x7, 0x4, 0x5a43, 0x9, 0x1ff, 0x4, 0x1, 0x401, 0x1, 0x8000, 0x4, 0xbd3f, 0xc, 0x10, 0xff00, 0x8, 0x808, 0x6, 0x2, 0x6, 0x9, 0x6, 0xfb2a, 0x1, 0x2, 0xfff9, 0x6, 0x100, 0x5, 0x85ab, 0x3, 0x0, 0xfffd, 0x7, 0x5b, 0x2, 0xff, 0xb04d, 0x6, 0x4a, 0x401, 0x40, 0xfff7, 0x6, 0x800, 0x8, 0x5, 0x96cc], 0xffffffff}}}) ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000300)={0x1, @sdr}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000002780)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x40182103, &(0x7f0000000080)={r10, 0x3, r7, 0x5}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r4, 0x0, r6, 0x0, 0x88000cc, 0x0) fcntl$setpipe(r5, 0x407, 0x100004) write$eventfd(r5, &(0x7f0000000240), 0xffffff14) sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=@newtfilter={0x24, 0x2e, 0x205, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000fe1f702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000007000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.554690407s ago: executing program 3 (id=2423): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x10, 0xa, &(0x7f0000000500)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000007657dcd09b1c3ef30000850000007a000000b70000000000000018270000a21c7fef212aa6b2667f9110266241f2a4140e5e", @ANYRES32=r2, @ANYBLOB="000000000c000000950000"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_type(r5, &(0x7f00000000c0), 0x2, 0x0) preadv(r6, &(0x7f0000000040)=[{&(0x7f0000000100)=""/185, 0xb9}], 0x1, 0x0, 0x0) sysinfo(&(0x7f00000003c0)=""/67) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000920000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r7 = userfaultfd(0x80001) fremovexattr(r7, 0xfffffffffffffffd) unshare(0x44000680) 2.346980233s ago: executing program 4 (id=2424): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_open_dev$loop(0x0, 0x1, 0x8041) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000048040)=""/102400, 0x19000) shutdown(0xffffffffffffffff, 0x2) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0xa, 0x80, 0x0, 0x6}, {0x2, 0xb, 0x1, 0xff}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x5, 0x0) futex(0x0, 0x0, 0x3d, 0x0, 0x0, 0x0) futex(0x0, 0x8, 0x1, &(0x7f0000000280)={0x77359400}, 0x0, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="005ac7540ae722ed6b3a94001f"], 0xd00) socket$packet(0x11, 0x0, 0x300) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x0, 0x0}) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000004c0)) mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x9) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x1000, 0x3}) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r3 = syz_clone(0x0, 0x0, 0x5a, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, r3) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000004c0)=@bpf_ext={0x1c, 0x3, &(0x7f0000000240), &(0x7f0000000340)='syzkaller\x00', 0xfffffffe, 0xb8, &(0x7f00000003c0)=""/173, 0x41000, 0x76, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xc, 0x5, 0x23ad}, 0x10, 0xcc3e, 0xffffffffffffffff, 0x0, &(0x7f0000000780)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0xa}, 0x90) 1.311525578s ago: executing program 1 (id=2425): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r1}, 0x10) lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB="0400000000008000080000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB], 0x5c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) getxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=@known='system.posix_acl_default\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000780)='/sys/power/pm_freeze_timeout', 0x42, 0x0) sendfile(r7, r7, 0x0, 0xa) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x1c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) 1.310915645s ago: executing program 2 (id=2426): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x38, 0x1407, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x60, 'siw\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x38}}, 0x0) 1.014950674s ago: executing program 2 (id=2427): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_SREG={0x8}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}}, 0x0) 897.675316ms ago: executing program 0 (id=2428): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="600000000206010800000000000000000000000014000780080012400008000005001500050000000500010006000000050005000a00000005000400000000000900020073797a300000000011000300686173683a69702c706f7274"], 0x60}}, 0x0) 0s ago: executing program 2 (id=2429): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sched_setaffinity(0x0, 0xfffffffffffffe58, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df000000a7d9de16c708db7200"}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x40030000000000}, 0x0) ioctl$int_in(r1, 0x0, &(0x7f0000000300)=0x208) bind$inet6(r1, &(0x7f0000000000), 0x1c) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00'}) ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, &(0x7f0000000200)) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x6, 0x0, &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x50, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x14, &(0x7f0000000600), 0x10}, 0x90) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0x0, 0x204}}) ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x0, 0x0, 0x101}}) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4000000020042, 0x0) dup(r6) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r7 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {}]}, 0x10) r8 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000005840), &(0x7f0000005880)=0x14) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000000)=0xf3e, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYRES64=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x24}, 0x90) creat(&(0x7f0000000100)='./file0\x00', 0x0) kernel console output (not intermixed with test programs): yz.4.1983: attempt to clear invalid blocks 1024 len 1 [ 1403.161496][T16699] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1403.162973][T16940] EXT4-fs (loop4): Remounting filesystem read-only [ 1403.176539][T16940] EXT4-fs (loop4): 1 truncate cleaned up [ 1403.177540][T16940] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1403.207546][T16699] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1403.559951][T16951] input: syz0 as /devices/virtual/input/input26 [ 1404.122792][T16605] veth0_vlan: entered promiscuous mode [ 1404.208662][ T29] audit: type=1326 audit(2000000176.270:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.1.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f9b799b9 code=0x7ffc0000 [ 1404.208720][ T29] audit: type=1326 audit(2000000176.270:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.1.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f9b799b9 code=0x7ffc0000 [ 1404.208762][ T29] audit: type=1326 audit(2000000176.270:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.1.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7ff5f9b799b9 code=0x7ffc0000 [ 1404.208802][ T29] audit: type=1326 audit(2000000176.270:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.1.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f9b799b9 code=0x7ffc0000 [ 1404.208842][ T29] audit: type=1326 audit(2000000176.270:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.1.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f9b799b9 code=0x7ffc0000 [ 1404.208882][ T29] audit: type=1326 audit(2000000176.270:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.1.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5f9b799b9 code=0x7ffc0000 [ 1404.208922][ T29] audit: type=1326 audit(2000000176.270:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.1.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f9b799b9 code=0x7ffc0000 [ 1404.208971][ T29] audit: type=1326 audit(2000000176.270:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.1.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f9b799b9 code=0x7ffc0000 [ 1404.209013][ T29] audit: type=1326 audit(2000000176.270:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.1.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5f9b799b9 code=0x7ffc0000 [ 1404.209053][ T29] audit: type=1326 audit(2000000176.270:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.1.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f9b799b9 code=0x7ffc0000 [ 1404.860197][T16605] veth1_vlan: entered promiscuous mode [ 1405.433182][T15957] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1405.458611][T16962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1987'. [ 1405.647917][T16605] veth0_macvtap: entered promiscuous mode [ 1405.744076][T16605] veth1_macvtap: entered promiscuous mode [ 1405.812768][T11044] IPVS: stop unused estimator thread 0... [ 1405.848277][T16699] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1405.873099][T16605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1405.873123][T16605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1405.873135][T16605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1405.873146][T16605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1405.873157][T16605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1405.873168][T16605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1405.873179][T16605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1405.873190][T16605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1405.874110][T16605] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1405.891163][T16605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1405.891193][T16605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1405.891209][T16605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1405.891226][T16605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1405.891241][T16605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1405.891258][T16605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1405.891273][T16605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1405.891295][T16605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1405.892429][T16605] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1405.983694][T16699] 8021q: adding VLAN 0 to HW filter on device team0 [ 1406.034340][T16605] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1406.034376][T16605] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1406.034400][T16605] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1406.034423][T16605] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1406.116643][T11058] bridge0: port 1(bridge_slave_0) entered blocking state [ 1406.116696][T11058] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1406.117865][T11058] bridge0: port 2(bridge_slave_1) entered blocking state [ 1406.117914][T11058] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1406.232798][ T5432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1406.232819][ T5432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1406.450947][ T2513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1406.450976][ T2513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1406.944978][T16699] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1407.355019][T16699] veth0_vlan: entered promiscuous mode [ 1407.460459][T16699] veth1_vlan: entered promiscuous mode [ 1407.641942][T16699] veth0_macvtap: entered promiscuous mode [ 1407.664373][T16699] veth1_macvtap: entered promiscuous mode [ 1407.950245][T16699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1408.026381][T16699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1408.102618][T16699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1408.152105][T16699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1408.245620][T16699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1408.293150][T16699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1408.380839][T16699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1408.468394][T16699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1408.670415][T16699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1409.408746][T16699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1409.453329][T16699] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1409.532578][T16699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1409.547178][T17007] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1993'. [ 1409.559329][T16699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1409.570716][T16699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1409.582113][T16699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1409.596564][T16699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1409.646960][T16699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1409.666755][T16699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1409.677589][T16699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1409.693742][T16699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1409.704980][T16699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1409.735567][T16699] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1409.885831][T17009] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 1409.977535][T16699] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1410.032946][T16699] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1410.074280][T16699] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1410.122960][T16699] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1410.494640][T11032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1410.538241][T11032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1410.619472][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1410.658559][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1410.675243][T17022] loop4: detected capacity change from 0 to 4096 [ 1410.735109][T17022] ntfs3: loop4: Different NTFS sector size (1024) and media sector size (512). [ 1410.925503][T17030] netlink: 'syz.0.1996': attribute type 1 has an invalid length. [ 1411.009991][T17030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1996'. [ 1411.070938][T17030] tap0: tun_chr_ioctl cmd 1074025677 [ 1411.076490][T17030] tap0: linktype set to 270 [ 1411.798444][T17022] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 1411.989693][T17022] veth0_to_team: entered allmulticast mode [ 1412.138345][ T5274] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 1412.339114][ T5274] usb 2-1: Using ep0 maxpacket: 8 [ 1412.349415][T11329] Bluetooth: hci4: ISO packet too small [ 1412.361035][T17046] pim6reg1: entered promiscuous mode [ 1412.365728][ T5274] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1412.375816][ T5274] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1412.399469][ T5274] usb 2-1: config 0 descriptor?? [ 1412.405154][T17046] pim6reg1: entered allmulticast mode [ 1412.450594][T11329] Bluetooth: hci0: unexpected event for opcode 0x2039 [ 1414.091208][ T5274] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1415.108703][ T5274] asix 2-1:0.0: probe with driver asix failed with error -71 [ 1415.163948][T11329] Bluetooth: hci3: command 0x0406 tx timeout [ 1415.173374][ T5274] usb 2-1: USB disconnect, device number 41 [ 1415.804079][T17101] loop0: detected capacity change from 0 to 164 [ 1416.653229][T17101] rock: directory entry would overflow storage [ 1416.659505][T17101] rock: sig=0x5245, size=8, remaining=3 [ 1416.703819][T17097] netlink: 'syz.1.2005': attribute type 11 has an invalid length. [ 1416.899338][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 1416.899355][ T29] audit: type=1326 audit(2000000188.990:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17092 comm="syz.2.2008" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x0 [ 1416.991036][T17103] netlink: 'syz.3.2006': attribute type 11 has an invalid length. [ 1417.019647][T17111] loop0: detected capacity change from 0 to 256 [ 1417.041042][T17103] netlink: 'syz.3.2006': attribute type 11 has an invalid length. [ 1417.066933][T17103] debugfs: Directory 'netdev:' with parent 'phy81' already present! [ 1417.122019][T17111] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001023f, chksum : 0x0e440cfe, utbl_chksum : 0xe619d30d) [ 1417.232071][T17111] fuse: blksize only supported for fuseblk [ 1417.499248][T17111] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2009'. [ 1420.758617][T15567] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1420.770548][T15567] Bluetooth: hci4: Injecting HCI hardware error event [ 1420.784061][T15567] Bluetooth: hci4: hardware error 0x00 [ 1420.818971][T17139] loop0: detected capacity change from 0 to 512 [ 1420.849971][ T29] audit: type=1326 audit(2000000192.940:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17135 comm="syz.3.2015" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9df9d799b9 code=0x0 [ 1420.993366][T17139] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1421.084817][T11329] Bluetooth: hci2: Malformed Event: 0x02 [ 1421.110300][T17139] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1421.203529][T17158] netlink: 'syz.1.2017': attribute type 3 has an invalid length. [ 1421.212385][T11329] Bluetooth: hci0: unexpected event for opcode 0x2010 [ 1421.220612][T17158] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2017'. [ 1422.845044][ T29] audit: type=1800 audit(2000000193.850:913): pid=17162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2014" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 1423.015682][T11329] Bluetooth: hci3: unexpected event for opcode 0x1408 [ 1423.068427][T15567] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1423.232705][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.239773][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.365039][T16156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1423.720766][T17189] loop0: detected capacity change from 0 to 512 [ 1423.931477][T17189] EXT4-fs (loop0): blocks per group (71) and clusters per group (32768) inconsistent [ 1424.323145][T17189] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2021'. [ 1425.500840][T17201] fuse: Bad value for 'fd' [ 1425.804561][T17205] x_tables: duplicate underflow at hook 3 [ 1425.964832][T17207] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1429.695667][T17231] loop0: detected capacity change from 0 to 1024 [ 1430.159678][ T2513] hfsplus: b-tree write err: -5, ino 4 [ 1431.337217][T15567] Bluetooth: hci0: unexpected event for opcode 0x1408 [ 1431.464397][T17238] netlink: 'syz.0.2033': attribute type 11 has an invalid length. [ 1433.054270][T11329] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1433.080607][T11329] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1433.093316][T11329] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1433.106891][T11329] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1433.123180][T11329] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1433.133566][T11329] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1433.229006][T17262] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2039'. [ 1433.359759][T15567] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1433.372150][T15567] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1433.381584][T15567] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1433.396274][T15567] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1433.407102][T15567] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1433.417222][T15567] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1433.573289][T11058] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1433.923144][T11058] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1433.950384][T17271] loop4: detected capacity change from 0 to 128 [ 1434.128309][T17271] ext4: Unknown parameter 'hash' [ 1434.357053][T17275] loop0: detected capacity change from 0 to 512 [ 1435.145542][T17275] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 1435.153828][T17275] System zones: 0-2, 18-18, 34-35 [ 1435.186015][T17275] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1435.198724][T17275] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1435.232915][T15567] Bluetooth: hci1: command tx timeout [ 1435.349960][T11058] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1435.368065][T15567] Bluetooth: Wrong link type (-57) [ 1435.493229][T16156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1435.527921][T11058] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1435.564532][T15567] Bluetooth: hci4: command tx timeout [ 1436.150676][T17293] loop0: detected capacity change from 0 to 1024 [ 1436.931710][T17264] chnl_net:caif_netlink_parms(): no params data found [ 1437.138450][T11032] hfsplus: b-tree write err: -5, ino 4 [ 1437.266158][T11058] team0: left allmulticast mode [ 1437.271962][T11058] team_slave_0: left allmulticast mode [ 1437.277486][T11058] team_slave_1: left allmulticast mode [ 1437.283729][T11058] bridge0: port 3(team0) entered disabled state [ 1437.308925][T15567] Bluetooth: hci1: command tx timeout [ 1437.316430][T11058] bridge_slave_1: left allmulticast mode [ 1437.329993][T17298] loop0: detected capacity change from 0 to 512 [ 1437.352447][T11058] bridge_slave_1: left promiscuous mode [ 1437.372301][T11058] bridge0: port 2(bridge_slave_1) entered disabled state [ 1437.431930][T17298] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1437.445687][T11058] bridge_slave_0: left allmulticast mode [ 1437.451803][T11058] bridge_slave_0: left promiscuous mode [ 1437.457572][T11058] bridge0: port 1(bridge_slave_0) entered disabled state [ 1437.469883][T17298] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1437.628347][T15567] Bluetooth: hci4: command tx timeout [ 1438.018391][ T29] audit: type=1800 audit(2000000210.050:914): pid=17309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2045" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 1438.796877][ T29] audit: type=1804 audit(2000000210.810:915): pid=17310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2045" name="/newroot/44/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 1438.853431][T16156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1439.112308][T17315] loop0: detected capacity change from 0 to 1024 [ 1439.135543][T17315] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1439.301334][T17315] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.2048: Invalid block bitmap block 0 in block_group 0 [ 1439.386875][T17315] Quota error (device loop0): write_blk: dquota write failed [ 1439.399826][T15567] Bluetooth: hci1: command tx timeout [ 1439.441730][T17315] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 1439.460887][T17315] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.2048: Failed to acquire dquot type 0 [ 1439.477558][T17315] EXT4-fs error (device loop0): ext4_free_blocks:6590: comm syz.0.2048: Freeing blocks not in datazone - block = 0, count = 4096 [ 1439.515366][T17315] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.2048: Invalid inode bitmap blk 0 in block_group 0 [ 1439.532918][T11044] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-8 [ 1439.547298][T11044] EXT4-fs error (device loop0): ext4_release_dquot:6871: comm kworker/u8:17: Failed to release dquot type 0 [ 1439.566892][T17315] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem [ 1439.579126][T17315] EXT4-fs (loop0): 1 orphan inode deleted [ 1439.592459][T17315] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1439.674270][T17315] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 1439.706480][T15567] Bluetooth: hci0: unexpected event for opcode 0x0c05 [ 1439.713517][T11329] Bluetooth: hci4: command tx timeout [ 1439.964468][T16156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1440.145661][T17324] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2049'. [ 1440.300454][T11058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1440.328916][T11058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1440.352650][T11058] bond0 (unregistering): Released all slaves [ 1440.397327][T17326] loop4: detected capacity change from 0 to 8192 [ 1440.622120][T11058] tipc: Disabling bearer [ 1440.659179][T11058] tipc: Disabling bearer [ 1440.679995][T11058] tipc: Left network mode [ 1440.772594][T17264] bridge0: port 1(bridge_slave_0) entered blocking state [ 1440.805507][T17264] bridge0: port 1(bridge_slave_0) entered disabled state [ 1440.828536][T17264] bridge_slave_0: entered allmulticast mode [ 1440.858623][T17264] bridge_slave_0: entered promiscuous mode [ 1440.866215][T17335] bridge0: port 3(veth0) entered blocking state [ 1440.881827][T17335] bridge0: port 3(veth0) entered disabled state [ 1440.901664][T17335] veth0: entered allmulticast mode [ 1440.929979][T17335] veth0: entered promiscuous mode [ 1440.943776][T17335] bridge0: port 3(veth0) entered blocking state [ 1440.943789][T17346] loop0: detected capacity change from 0 to 256 [ 1440.944278][T17346] vfat: Unknown parameter 'ç9-»gq‰#l>«™Î˜’4åúIð¶ŸSbF#7AŸ[DƒÁú3’)íWêæš1‡¢*2' [ 1440.950229][T17335] bridge0: port 3(veth0) entered forwarding state [ 1441.068567][T17257] chnl_net:caif_netlink_parms(): no params data found [ 1441.112663][T17264] bridge0: port 2(bridge_slave_1) entered blocking state [ 1441.120490][T17264] bridge0: port 2(bridge_slave_1) entered disabled state [ 1441.127911][T17264] bridge_slave_1: entered allmulticast mode [ 1441.157304][T17264] bridge_slave_1: entered promiscuous mode [ 1441.455225][T17356] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2053'. [ 1441.469048][T15567] Bluetooth: hci1: command tx timeout [ 1441.485792][T17264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1441.534668][T17264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1441.789272][T15567] Bluetooth: hci4: command tx timeout [ 1441.882831][T11058] hsr_slave_0: left promiscuous mode [ 1441.899452][T11058] hsr_slave_1: left promiscuous mode [ 1441.907721][T11058] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1441.927919][T11058] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1441.947997][T11058] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1441.957222][T11058] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1442.043259][T11058] veth1_macvtap: left promiscuous mode [ 1442.054703][T11058] veth0_macvtap: left promiscuous mode [ 1442.064961][T11058] veth1_vlan: left promiscuous mode [ 1442.074383][T11058] veth0_vlan: left promiscuous mode [ 1442.308210][T17369] loop4: detected capacity change from 0 to 1024 [ 1442.986217][T11032] hfsplus: b-tree write err: -5, ino 4 [ 1443.752402][T11058] team_slave_1 (unregistering): left promiscuous mode [ 1443.786980][T11058] team0 (unregistering): Port device team_slave_1 removed [ 1443.896656][T11058] team_slave_0 (unregistering): left promiscuous mode [ 1443.930393][T11058] team0 (unregistering): Port device team_slave_0 removed [ 1443.982839][T17370] dccp_close: ABORT with 1790 bytes unread [ 1445.272843][T17264] team0: Port device team_slave_0 added [ 1445.281564][T17264] team0: Port device team_slave_1 added [ 1445.546363][T17384] loop4: detected capacity change from 0 to 512 [ 1445.583587][T17384] ext4: Unknown parameter 'euid' [ 1445.679944][T17257] bridge0: port 1(bridge_slave_0) entered blocking state [ 1445.694012][T17257] bridge0: port 1(bridge_slave_0) entered disabled state [ 1445.697613][T17384] input: syz1 as /devices/virtual/input/input27 [ 1445.702170][T17257] bridge_slave_0: entered allmulticast mode [ 1445.725704][T17257] bridge_slave_0: entered promiscuous mode [ 1445.764758][T17264] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1445.774675][T17264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1445.823752][T17264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1445.835816][T17257] bridge0: port 2(bridge_slave_1) entered blocking state [ 1445.855448][T17257] bridge0: port 2(bridge_slave_1) entered disabled state [ 1445.864104][T17257] bridge_slave_1: entered allmulticast mode [ 1445.871903][T17257] bridge_slave_1: entered promiscuous mode [ 1445.887881][T17384] loop4: detected capacity change from 0 to 512 [ 1445.890998][T17264] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1445.909869][T17264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1445.940635][T17264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1445.978841][T17384] EXT4-fs (loop4): blocks per group (95) and clusters per group (32768) inconsistent [ 1446.169580][T17257] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1446.247402][T17257] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1446.339823][T17397] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2059'. [ 1446.449448][T14224] kernel write not supported for file [eventfd] (pid: 14224 comm: kworker/1:0) [ 1446.484807][T17264] hsr_slave_0: entered promiscuous mode [ 1446.512561][T17264] hsr_slave_1: entered promiscuous mode [ 1446.521415][T17264] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1446.538247][T17264] Cannot create hsr debugfs directory [ 1446.584978][T17257] team0: Port device team_slave_0 added [ 1446.776389][T17257] team0: Port device team_slave_1 added [ 1447.164064][T17418] loop4: detected capacity change from 0 to 1024 [ 1447.359300][T15567] Bluetooth: hci0: unexpected event 0x04 length: 14 > 10 [ 1447.359406][T15567] Bluetooth: hci0: connection err: -111 [ 1447.795445][T17420] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1448.198988][ T2513] hfsplus: b-tree write err: -5, ino 4 [ 1448.426483][T17257] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1448.644199][T17257] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1448.690156][T17257] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1449.408067][ T8430] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 1449.472388][T11058] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1449.509886][T17257] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1449.525120][T17257] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1449.552377][T17257] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1449.640144][ T8430] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1449.661500][ T8430] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1449.695583][ T8430] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1449.723866][ T8430] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1449.759867][ T8430] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1449.770205][ T8430] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1449.778885][ T8430] usb 5-1: Manufacturer: syz [ 1450.660822][T17257] hsr_slave_0: entered promiscuous mode [ 1450.695270][ T8430] usb 5-1: config 0 descriptor?? [ 1450.705598][T17257] hsr_slave_1: entered promiscuous mode [ 1450.723304][T17257] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1450.738089][T17257] Cannot create hsr debugfs directory [ 1450.801555][T11058] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1450.989437][T17440] netlink: 'syz.2.2067': attribute type 11 has an invalid length. [ 1451.005872][T11058] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1451.201691][T11058] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1453.120110][T17453] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2070'. [ 1453.406456][ T8430] usbhid 5-1:0.0: can't add hid device: -71 [ 1453.413536][ T8430] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1453.423843][ T8430] usb 5-1: USB disconnect, device number 20 [ 1453.541779][T17464] loop0: detected capacity change from 0 to 8 [ 1453.579200][T17464] SQUASHFS error: Failed to read block 0x1ec: -5 [ 1453.585729][T17464] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 1453.602958][T17460] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2071'. [ 1454.105355][T11058] bridge_slave_1: left allmulticast mode [ 1454.170550][T11058] bridge_slave_1: left promiscuous mode [ 1454.179130][T11058] bridge0: port 2(bridge_slave_1) entered disabled state [ 1454.514714][T17481] loop4: detected capacity change from 0 to 1024 [ 1454.576096][T11058] bridge_slave_0: left allmulticast mode [ 1454.880429][T11058] bridge_slave_0: left promiscuous mode [ 1454.918754][T11058] bridge0: port 1(bridge_slave_0) entered disabled state [ 1455.024410][ T2513] hfsplus: b-tree write err: -5, ino 4 [ 1455.219677][T17491] loop4: detected capacity change from 0 to 512 [ 1455.285658][T17491] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2075: corrupted in-inode xattr: invalid ea_ino [ 1455.338646][T17491] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2075: couldn't read orphan inode 15 (err -117) [ 1455.399382][T17491] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1456.601284][T17499] fuse: Unknown parameter 'rootíode' [ 1457.619689][T15957] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1457.965867][T17506] syz.4.2077 (17506): attempted to duplicate a private mapping with mremap. This is not supported. [ 1459.003389][T11058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1459.015525][T11058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1459.031188][T11058] bond0 (unregistering): Released all slaves [ 1459.074613][T17483] vlan2: entered allmulticast mode [ 1459.091415][T17483] bond0: entered allmulticast mode [ 1459.096621][T17483] bond_slave_0: entered allmulticast mode [ 1459.102490][T17483] bond_slave_1: entered allmulticast mode [ 1459.134684][T17483] bond0: left allmulticast mode [ 1459.140178][T17483] bond_slave_0: left allmulticast mode [ 1459.145705][T17483] bond_slave_1: left allmulticast mode [ 1459.226384][T17504] vxcan2: entered allmulticast mode [ 1459.329545][T17511] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2079'. [ 1459.411236][T17513] loop4: detected capacity change from 0 to 8 [ 1459.446807][T17513] cramfs: Unknown parameter 'â@C3žˆ™‰fnFO¼¨Nþg¾' [ 1460.481686][T11058] hsr_slave_0: left promiscuous mode [ 1460.507212][T11058] hsr_slave_1: left promiscuous mode [ 1460.558706][T11058] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1460.569378][T11058] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1460.594483][T11058] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1460.603872][T11058] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1460.658972][T11058] veth1_macvtap: left promiscuous mode [ 1460.664544][T11058] veth0_macvtap: left promiscuous mode [ 1460.688394][T11058] veth1_vlan: left promiscuous mode [ 1460.693722][T11058] veth0_vlan: left promiscuous mode [ 1462.123337][T17533] loop4: detected capacity change from 0 to 1024 [ 1462.616467][T11044] hfsplus: b-tree write err: -5, ino 4 [ 1462.897765][T11058] team0 (unregistering): Port device team_slave_1 removed [ 1463.035702][T11058] team0 (unregistering): Port device team_slave_0 removed [ 1463.695936][T17527] coredump: 1(syz.0.2082): interrupted: fatal signal pending [ 1463.725595][T17527] coredump: 1(syz.0.2082): written to core: VMAs: 41, size 99651584; core: 33887610 bytes, pos 58834944 [ 1465.292920][T17264] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1465.360111][T17264] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1465.514522][T17264] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1465.544576][T17264] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1465.639655][T15567] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 1466.010804][T15567] Bluetooth: hci0: unexpected event 0x1c length: 11 > 5 [ 1466.836949][T17264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1466.927220][T17264] 8021q: adding VLAN 0 to HW filter on device team0 [ 1466.980338][T17567] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1467.020977][T17568] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2089'. [ 1467.102462][ T5432] bridge0: port 1(bridge_slave_0) entered blocking state [ 1467.109675][ T5432] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1467.127869][ T5432] bridge0: port 2(bridge_slave_1) entered blocking state [ 1467.135072][ T5432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1467.183648][T17257] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1467.270933][T17257] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1467.332247][T17257] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1468.631611][T17264] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1468.667164][T17264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1468.714976][T17257] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1468.733848][T17576] loop4: detected capacity change from 0 to 2048 [ 1468.787011][T17576] loop4: p3 < > p4 < > [ 1468.792416][T17576] loop4: partition table partially beyond EOD, truncated [ 1468.827950][T17576] loop4: p3 start 4284289 is beyond EOD, truncated [ 1468.865012][T17581] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2092'. [ 1469.110448][T17257] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1469.254409][T17257] 8021q: adding VLAN 0 to HW filter on device team0 [ 1469.348068][ T5433] bridge0: port 1(bridge_slave_0) entered blocking state [ 1469.355269][ T5433] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1469.413173][ T5433] bridge0: port 2(bridge_slave_1) entered blocking state [ 1469.420432][ T5433] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1469.463970][ T29] audit: type=1326 audit(2000000241.530:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17590 comm="syz.0.2094" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda09f799b9 code=0x0 [ 1469.576881][T17264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1469.581912][T17593] loop4: detected capacity change from 0 to 2048 [ 1469.746001][T17264] veth0_vlan: entered promiscuous mode [ 1469.892603][T17264] veth1_vlan: entered promiscuous mode [ 1470.862241][T17264] veth0_macvtap: entered promiscuous mode [ 1470.909278][T17264] veth1_macvtap: entered promiscuous mode [ 1470.960727][T17611] fuse: Bad value for 'fd' [ 1470.996378][T17264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1471.039841][T17611] fuse: Bad value for 'fd' [ 1471.065382][T17264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1471.100426][T17264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1471.103405][T17614] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2099'. [ 1471.132581][T17264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1471.168245][T17264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1471.193978][T17264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1471.207288][T17264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1471.227807][T17264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1471.254056][T17264] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1471.333659][T17264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1471.376293][T17264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1471.408297][T17264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1471.431411][T17264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1471.459313][T17264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1471.482059][T17264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1471.507394][T17264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1472.371365][T17264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1472.407618][T17264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1472.480526][T17264] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1472.516908][T17264] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1472.551547][T17264] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1472.572798][T17264] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1472.628005][T17639] loop4: detected capacity change from 0 to 2048 [ 1472.645158][T17257] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1472.701480][T17644] loop0: detected capacity change from 0 to 256 [ 1472.721289][T17639] loop4: p3 < > p4 < > [ 1472.725523][T17639] loop4: partition table partially beyond EOD, truncated [ 1472.749796][T17639] loop4: p3 start 4284289 is beyond EOD, truncated [ 1472.814472][ T4682] loop4: p3 < > p4 < > [ 1472.823854][ T4682] loop4: partition table partially beyond EOD, truncated [ 1472.857283][ T4682] loop4: p3 start 4284289 is beyond EOD, truncated [ 1472.975070][T17257] veth0_vlan: entered promiscuous mode [ 1473.011191][T17649] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2104'. [ 1473.047401][T15567] Bluetooth: hci0: unexpected event for opcode 0x2044 [ 1473.158734][T17257] veth1_vlan: entered promiscuous mode [ 1473.176187][T17654] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2106'. [ 1473.349188][ T5432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1473.357882][ T5432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1473.498358][ T5432] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1473.530680][ T5432] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1473.587239][T17257] veth0_macvtap: entered promiscuous mode [ 1473.645751][T17257] veth1_macvtap: entered promiscuous mode [ 1473.722652][T17257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1473.741669][T17257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1473.764800][T17257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1473.962230][T17257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1474.038296][T17257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1474.058663][T17257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1474.495989][T17681] loop4: detected capacity change from 0 to 2048 [ 1474.865086][T17257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1474.881164][T17681] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1474.893709][T17681] ext4 filesystem being mounted at /56/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1474.920587][T17257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1474.930917][T10649] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 1474.971158][T17257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1475.038422][T17257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1475.082336][T17257] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1475.157614][T15957] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1475.175191][T10649] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1475.193583][T17257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1475.205139][T17257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1475.238259][T10649] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1475.256798][T17257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1475.278016][T17257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1475.296181][T17257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1475.318355][T10649] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 1475.319472][T17257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1475.327533][T10649] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1475.327567][T10649] usb 4-1: SerialNumber: syz [ 1475.350780][T10649] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 1475.351148][T10649] usb-storage 4-1:1.0: USB Mass Storage device detected [ 1475.452042][T17257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1475.474279][T17257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1475.505200][T17257] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1475.510111][T10649] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 1475.517209][T17257] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1475.535342][T17257] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1475.620083][T10649] scsi host1: usb-storage 4-1:1.0 [ 1475.692019][T17257] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1475.708774][T17701] dccp_close: ABORT with 1790 bytes unread [ 1475.738486][T17706] loop0: detected capacity change from 0 to 1024 [ 1475.768592][T17257] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1475.871305][T17706] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1475.900780][T17257] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1475.934148][T17257] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1476.046998][T17706] EXT4-fs (loop0): shut down requested (0) [ 1476.231843][T10649] usb 4-1: USB disconnect, device number 24 [ 1476.344024][T17450] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1476.399437][T17450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1476.507310][T17450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1476.549202][T17450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1476.699047][T17730] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2113'. [ 1476.984274][T16156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1478.008924][T17730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2113'. [ 1479.425726][T15567] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1479.435214][T15567] Bluetooth: hci2: Injecting HCI hardware error event [ 1479.457070][T15567] Bluetooth: hci2: hardware error 0x00 [ 1481.207422][T11329] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 1481.628625][T15567] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1482.170997][T15567] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 1483.548442][ T29] audit: type=1326 audit(2000000255.630:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17773 comm="syz.0.2122" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda09f799b9 code=0x0 [ 1483.685706][T17781] kAFS: unable to lookup cell '(>.Dz£û‚ʃ€¹sf¿Iêv¼N›úhÿÌ\û«ˆD%ÁÉa²¨¨âD'©+iÝ8ÄBc²ÂNÄo~F^ÁŸŠÜ(›$•)¬úÍ3kÿ 8S¦7<±—Lé°+Gw¤ [ 1483.685706][T17781] %ͳÁ5…•Ýè>2ÞÕóÙgÕ‘fo$ .~' [ 1483.788376][ T29] audit: type=1326 audit(2000000255.870:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17773 comm="syz.0.2122" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda09f799b9 code=0x0 [ 1483.810495][ C1] vkms_vblank_simulate: vblank timer overrun [ 1483.901892][T17784] binder: 17773:17784 ioctl c0306201 0 returned -14 [ 1483.911604][T17790] netlink: 'syz.3.2125': attribute type 11 has an invalid length. [ 1484.005119][T17792] loop4: detected capacity change from 0 to 1024 [ 1484.624087][T17792] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1484.848819][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.855194][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.833072][T17792] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1486.545977][T17792] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2126: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1486.574606][ T29] audit: type=1326 audit(2000000258.650:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17806 comm="syz.2.2129" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x0 [ 1486.575183][T17792] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2126: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1486.657682][T17800] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2128'. [ 1487.129033][T15957] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1488.085233][ T29] audit: type=1326 audit(2000000260.170:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17823 comm="syz.4.2132" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x0 [ 1488.329369][T17836] loop0: detected capacity change from 0 to 1764 [ 1488.407588][T17836] ISOFS: unable to read i-node block [ 1488.417329][T17836] isofs_fill_super: get root inode failed [ 1488.543211][T17836] mac80211_hwsim hwsim77 wlan1: entered allmulticast mode [ 1488.686997][T17849] netlink: 'syz.4.2132': attribute type 3 has an invalid length. [ 1489.444773][T17873] loop4: detected capacity change from 0 to 2048 [ 1489.472935][T15567] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 1489.540721][T17873] loop4: p3 < > p4 < > [ 1489.555316][T17873] loop4: partition table partially beyond EOD, truncated [ 1489.593102][ T8430] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 1489.611652][T17873] loop4: p3 start 4284289 is beyond EOD, truncated [ 1489.656887][ T4682] loop4: p3 < > p4 < > [ 1489.673396][ T4682] loop4: partition table partially beyond EOD, truncated [ 1489.689693][ T4682] loop4: p3 start 4284289 is beyond EOD, truncated [ 1489.834119][ T8430] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1490.637789][T17888] loop0: detected capacity change from 0 to 2048 [ 1490.712223][ T8430] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1490.724739][ T8430] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1490.734323][ T8430] usb 2-1: Product: syz [ 1490.740528][ T8430] usb 2-1: Manufacturer: syz [ 1490.745730][ T8430] usb 2-1: SerialNumber: syz [ 1490.750624][T17888] UDF-fs: error (device loop0): udf_read_inode: (ino 1312) failed !bh [ 1490.771332][T17888] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1490.784681][T17888] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1490.795904][T17888] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 1490.806149][T17888] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 1490.816827][T17888] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1490.836773][T17888] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 1490.846485][T17888] UDF-fs: warning (device loop0): udf_fill_super: No partition found (1) [ 1491.345255][T17890] loop0: detected capacity change from 0 to 64 [ 1491.617702][T17894] loop4: detected capacity change from 0 to 164 [ 1492.823508][T17899] syz.4.2146: attempt to access beyond end of device [ 1492.823508][T17899] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 1492.853940][ T8430] cdc_ncm 2-1:1.0: failed to get mac address [ 1492.881576][ T29] audit: type=1400 audit(2000000264.960:921): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=17896 comm="syz.2.2147" [ 1492.900629][T17899] syz.4.2146: attempt to access beyond end of device [ 1492.900629][T17899] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 1492.922167][ T8430] cdc_ncm 2-1:1.0: bind() failure [ 1492.940196][ T8430] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 1492.954305][T17897] wg0 speed is unknown, defaulting to 1000 [ 1492.963234][ T8430] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 1492.982972][T17897] wg0 speed is unknown, defaulting to 1000 [ 1493.002523][ T29] audit: type=1800 audit(2000000265.090:922): pid=17899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2146" name="file0" dev="loop4" ino=1862 res=0 errno=0 [ 1493.028636][ T8430] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 1493.060861][ T29] audit: type=1326 audit(2000000265.130:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17900 comm="syz.0.2148" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda09f799b9 code=0x0 [ 1493.091935][T17897] wg0 speed is unknown, defaulting to 1000 [ 1493.118780][ T8430] usb 2-1: USB disconnect, device number 42 [ 1493.172515][T17897] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 1493.274451][T17897] wg0 speed is unknown, defaulting to 1000 [ 1493.297734][T17897] wg0 speed is unknown, defaulting to 1000 [ 1493.307947][T17897] wg0 speed is unknown, defaulting to 1000 [ 1493.321592][T17897] wg0 speed is unknown, defaulting to 1000 [ 1493.353927][T17897] wg0 speed is unknown, defaulting to 1000 [ 1493.369389][T17897] wg0 speed is unknown, defaulting to 1000 [ 1494.767052][T15567] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 1495.014937][T17935] netlink: 'syz.2.2154': attribute type 9 has an invalid length. [ 1495.040934][T17935] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2154'. [ 1495.252831][ T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1495.699271][T17930] netlink: 'syz.2.2154': attribute type 9 has an invalid length. [ 1495.762704][T17930] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2154'. [ 1495.824328][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1495.840339][T17937] loop0: detected capacity change from 0 to 2048 [ 1495.854071][ T9] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1495.900313][ T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1495.938783][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1495.947508][T17942] deleting an unspecified loop device is not supported. [ 1495.983979][T17905] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1495.991547][T17937] loop0: p3 < > p4 < > [ 1495.997193][T17937] loop0: partition table partially beyond EOD, truncated [ 1496.010535][T17937] loop0: p3 start 4284289 is beyond EOD, truncated [ 1496.047656][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1496.357615][ T9] usb 5-1: USB disconnect, device number 21 [ 1497.771315][T17965] netlink: zone id is out of range [ 1497.851075][T17965] netlink: zone id is out of range [ 1497.960181][T17965] netlink: zone id is out of range [ 1497.965248][T17968] loop4: detected capacity change from 0 to 256 [ 1497.965490][T17965] netlink: zone id is out of range [ 1497.982917][T17965] netlink: zone id is out of range [ 1498.944483][T17968] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 1498.984824][T17965] netlink: set zone limit has 4 unknown bytes [ 1499.096591][T17989] IPVS: set_ctl: invalid protocol: 103 224.0.0.1:20000 [ 1499.165618][T17965] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2160'. [ 1500.327692][T18000] loop4: detected capacity change from 0 to 1024 [ 1500.395636][T18000] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1500.453195][T18003] loop0: detected capacity change from 0 to 8 [ 1500.573907][T18000] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1500.783913][T18003] SQUASHFS error: Failed to read block 0x1ec: -5 [ 1501.382150][T18000] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2168: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1501.401084][T18000] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2168: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1501.426782][T18003] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 1501.576576][T15957] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1501.966620][T18021] loop4: detected capacity change from 0 to 16 [ 1501.973752][T18021] erofs: Unknown parameter '×H '–b{>º¥-a9¦¡ÓeøyPUžWn„/Æ©Ke“«:&³Ä¹ÑJ&' [ 1501.998770][ T29] audit: type=1326 audit(2000000274.026:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18018 comm="syz.4.2171" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x0 [ 1506.018504][T18047] netlink: 'syz.3.2179': attribute type 10 has an invalid length. [ 1506.145077][ T29] audit: type=1326 audit(2000000278.089:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1506.297269][T18047] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2179'. [ 1506.313577][ T29] audit: type=1326 audit(2000000278.089:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1506.714147][T18052] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 1506.720742][T18052] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1507.639978][ T29] audit: type=1326 audit(2000000278.089:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4ace978350 code=0x7ffc0000 [ 1507.676799][T18052] vhci_hcd vhci_hcd.0: Device attached [ 1508.394393][ T29] audit: type=1326 audit(2000000278.089:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1508.500558][ T29] audit: type=1326 audit(2000000278.098:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1508.528673][T18059] loop0: detected capacity change from 0 to 1024 [ 1508.552952][T18059] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1508.575694][T18059] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1508.588532][T18047] team0: Port device geneve0 added [ 1508.599119][T18053] vhci_hcd: connection closed [ 1508.599583][ T12] vhci_hcd: stop threads [ 1508.618444][ T29] audit: type=1326 audit(2000000278.098:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1508.627592][ T12] vhci_hcd: release socket [ 1508.653513][ T12] vhci_hcd: disconnect device [ 1508.659762][ T29] audit: type=1326 audit(2000000278.098:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1508.685327][ T29] audit: type=1326 audit(2000000278.098:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1508.709367][T10649] vhci_hcd: vhci_device speed not set [ 1508.978562][ T29] audit: type=1326 audit(2000000278.098:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1509.003159][ T29] audit: type=1326 audit(2000000278.098:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1509.047921][ T29] audit: type=1326 audit(2000000278.098:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1509.330417][ T29] audit: type=1326 audit(2000000278.098:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18043 comm="syz.2.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1509.364118][T18059] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.2181: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1509.382584][T18059] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.2181: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1509.469894][T18072] netlink: 'syz.4.2184': attribute type 27 has an invalid length. [ 1509.525736][T16156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1509.827903][T18078] loop0: detected capacity change from 0 to 2048 [ 1509.885384][T18078] loop0: p3 < > p4 < > [ 1509.908810][T18078] loop0: partition table partially beyond EOD, truncated [ 1509.941174][T18078] loop0: p3 start 4284289 is beyond EOD, truncated [ 1509.971712][T18094] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.2187'. [ 1510.002394][T18094] netlink: zone id is out of range [ 1510.017420][T18094] netlink: zone id is out of range [ 1510.042086][T18094] netlink: zone id is out of range [ 1510.128202][T18099] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2187'. [ 1510.138032][T18094] netlink: zone id is out of range [ 1510.191044][T18094] netlink: zone id is out of range [ 1510.213033][T18072] bridge0: port 2(bridge_slave_1) entered disabled state [ 1510.220906][T18072] bridge0: port 1(bridge_slave_0) entered disabled state [ 1510.232039][T18094] netlink: zone id is out of range [ 1510.244815][T18094] netlink: zone id is out of range [ 1510.260449][T18094] netlink: zone id is out of range [ 1510.271383][T18094] netlink: zone id is out of range [ 1510.295894][T18094] netlink: zone id is out of range [ 1510.577774][T18072] veth0_to_team: left allmulticast mode [ 1510.642534][T18072] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1510.688080][T18072] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1511.135915][T18072] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1511.169182][T18072] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1511.215090][T18072] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1511.324791][T18119] input: syz0 as /devices/virtual/input/input28 [ 1511.772870][T18072] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1512.104050][T18085] wg0 speed is unknown, defaulting to 1000 [ 1515.416592][ T29] kauditd_printk_skb: 22 callbacks suppressed [ 1515.416629][ T29] audit: type=1326 audit(2000000287.312:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18128 comm="syz.1.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1515.904757][ T29] audit: type=1326 audit(2000000287.312:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18128 comm="syz.1.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1516.001091][ T29] audit: type=1326 audit(2000000287.312:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18128 comm="syz.1.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffaf3378350 code=0x7ffc0000 [ 1516.071175][ T29] audit: type=1326 audit(2000000287.312:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18128 comm="syz.1.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1516.110636][ T29] audit: type=1326 audit(2000000287.322:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18128 comm="syz.1.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1516.133948][ T29] audit: type=1326 audit(2000000287.322:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18128 comm="syz.1.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1516.157993][ T29] audit: type=1326 audit(2000000287.322:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18128 comm="syz.1.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1516.196523][T18150] overlay: Unknown parameter '\' [ 1516.202233][ T29] audit: type=1326 audit(2000000287.322:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18128 comm="syz.1.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1516.236742][ T29] audit: type=1326 audit(2000000287.322:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18128 comm="syz.1.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1516.306064][ T29] audit: type=1326 audit(2000000287.322:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18128 comm="syz.1.2194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1516.672867][T18145] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2197'. [ 1516.816828][T18159] xt_time: unknown flags 0x4 [ 1517.360524][T18180] loop4: detected capacity change from 0 to 512 [ 1517.393055][T18110] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1517.436331][T18180] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.2205: bad orphan inode 17 [ 1517.569071][T18180] ext4_test_bit(bit=16, block=4) = 1 [ 1517.584572][T18110] usb 4-1: device descriptor read/64, error -71 [ 1517.591912][T18180] is_bad_inode(inode)=0 [ 1517.597256][T18180] NEXT_ORPHAN(inode)=0 [ 1517.601518][T18180] max_ino=32 [ 1517.610923][T18180] i_nlink=1 [ 1517.635435][T18180] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1518.905839][T18190] input: syz1 as /devices/virtual/input/input29 [ 1519.126337][T18193] EXT4-fs error (device loop4): __ext4_iget:4982: inode #12: block 2: comm syz.4.2205: invalid block [ 1519.247137][T18194] xt_hashlimit: max too large, truncated to 1048576 [ 1519.283973][T18194] EXT4-fs error (device loop4): ext4_find_dest_de:2067: inode #2: block 13: comm syz.4.2205: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 1519.552100][T18184] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 7: invalid block bitmap [ 1519.565270][T18110] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1519.707758][T15957] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1519.755958][T18110] usb 4-1: device descriptor read/64, error -71 [ 1520.037645][T18110] usb usb4-port1: attempt power cycle [ 1520.139524][T18199] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2207'. [ 1521.002154][T18110] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1521.060173][T18110] usb 4-1: device descriptor read/8, error -71 [ 1521.420254][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 1521.585321][ T29] audit: type=1326 audit(2000000293.290:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18197 comm="syz.4.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1521.957246][ T29] audit: type=1326 audit(2000000293.290:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18197 comm="syz.4.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1522.019677][ T29] audit: type=1326 audit(2000000293.290:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18197 comm="syz.4.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe378d78350 code=0x7ffc0000 [ 1522.106067][ T29] audit: type=1326 audit(2000000293.290:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18197 comm="syz.4.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1522.188305][T18210] netlink: 'syz.1.2209': attribute type 11 has an invalid length. [ 1522.293796][ T29] audit: type=1326 audit(2000000293.290:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18197 comm="syz.4.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1522.398874][ T29] audit: type=1326 audit(2000000293.300:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18197 comm="syz.4.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1522.409581][T18218] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2210'. [ 1522.550136][T18111] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 1522.550228][ T29] audit: type=1326 audit(2000000293.300:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18197 comm="syz.4.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1522.806563][T18111] usb 5-1: Using ep0 maxpacket: 16 [ 1522.838751][T18111] usb 5-1: New USB device found, idVendor=0458, idProduct=700e, bcdDevice=b4.75 [ 1523.655761][T18111] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1523.703168][T18111] usb 5-1: Product: syz [ 1523.726016][ T29] audit: type=1326 audit(2000000293.300:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18197 comm="syz.4.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1523.729609][T18111] usb 5-1: Manufacturer: syz [ 1523.754293][T18111] usb 5-1: SerialNumber: syz [ 1523.942599][T18111] usb 5-1: config 0 descriptor?? [ 1523.967899][T18111] usb 5-1: Found UVC 0.00 device syz (0458:700e) [ 1523.977693][T18111] usb 5-1: No valid video chain found. [ 1524.002866][ T29] audit: type=1326 audit(2000000293.300:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18197 comm="syz.4.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1524.144501][ T29] audit: type=1326 audit(2000000293.300:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18197 comm="syz.4.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1524.366318][T18229] loop0: detected capacity change from 0 to 512 [ 1524.393927][T18229] EXT4-fs (loop0): blocks per group (95) and clusters per group (32768) inconsistent [ 1525.748410][T18102] usb 5-1: USB disconnect, device number 22 [ 1525.790022][T18235] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2216'. [ 1525.981230][T18247] fuse: Unknown parameter 'erup_id' [ 1528.479331][T18263] netlink: 'syz.2.2222': attribute type 11 has an invalid length. [ 1529.994422][T18289] syz.0.2230[18289] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1529.994539][T18289] syz.0.2230[18289] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1530.258281][T18276] loop4: detected capacity change from 0 to 8192 [ 1531.045854][T18295] syz.0.2230[18295] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1531.045967][T18295] syz.0.2230[18295] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1531.086607][T18295] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2230'. [ 1531.328947][T18302] loop4: detected capacity change from 0 to 512 [ 1531.369987][T18302] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 1531.377771][T18302] UDF-fs: Scanning with blocksize 512 failed [ 1531.396010][T18302] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 1531.403665][T18302] UDF-fs: Scanning with blocksize 1024 failed [ 1531.414237][T18302] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 1531.422022][T18302] UDF-fs: Scanning with blocksize 2048 failed [ 1531.439305][T18302] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 1531.499452][T18302] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1532.334937][T18307] loop4: detected capacity change from 0 to 1024 [ 1532.353030][T18307] EXT4-fs: Ignoring removed oldalloc option [ 1532.367115][T18305] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2232'. [ 1532.408399][T18307] EXT4-fs: quotafile must be on filesystem root [ 1532.486334][T18305] netlink: 'syz.2.2232': attribute type 1 has an invalid length. [ 1534.272002][T18328] wg0 speed is unknown, defaulting to 1000 [ 1535.122046][T18332] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2239'. [ 1535.253064][T18336] netlink: 'syz.3.2239': attribute type 11 has an invalid length. [ 1535.279906][T18334] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2240'. [ 1535.327356][T18334] bridge_slave_1: left allmulticast mode [ 1535.341510][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 1535.341531][ T29] audit: type=1800 audit(2000000307.196:1027): pid=18325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2235" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 1535.377689][T18334] bridge_slave_1: left promiscuous mode [ 1535.403702][T18334] bridge0: port 2(bridge_slave_1) entered disabled state [ 1535.455054][T18334] bridge_slave_0: left allmulticast mode [ 1535.456676][ T29] audit: type=1326 audit(2000000307.295:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.2.2241" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x0 [ 1535.492673][T18334] bridge_slave_0: left promiscuous mode [ 1535.527950][T18334] bridge0: port 1(bridge_slave_0) entered disabled state [ 1535.659586][T18088] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1535.843271][T18088] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 1535.898631][T18088] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 1535.954391][T18088] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1536.799420][T18088] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1536.811852][T18345] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1536.880327][ T29] audit: type=1326 audit(2000000308.720:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18352 comm="syz.2.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1536.915425][ T29] audit: type=1326 audit(2000000308.720:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18352 comm="syz.2.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1536.953590][T18351] loop0: detected capacity change from 0 to 2048 [ 1536.970820][ T29] audit: type=1326 audit(2000000308.720:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18352 comm="syz.2.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1537.010108][T18351] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 1537.066061][T18355] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2244'. [ 1537.089232][ T29] audit: type=1326 audit(2000000308.720:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18352 comm="syz.2.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1537.155879][ T29] audit: type=1326 audit(2000000308.720:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18352 comm="syz.2.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1537.229858][ T29] audit: type=1326 audit(2000000308.720:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18352 comm="syz.2.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1537.341353][ T29] audit: type=1326 audit(2000000308.720:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18352 comm="syz.2.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1537.400271][ T29] audit: type=1326 audit(2000000308.720:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18352 comm="syz.2.2245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ace9799b9 code=0x7ffc0000 [ 1537.709438][T18334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1538.273128][T18334] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1538.690819][T18364] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2246'. [ 1538.691286][T18334] loop4: detected capacity change from 0 to 1024 [ 1538.780297][T18374] netlink: 'syz.3.2248': attribute type 1 has an invalid length. [ 1539.379183][T18334] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1539.447603][T18334] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1539.485919][T18364] veth3: entered promiscuous mode [ 1539.505848][T18334] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1539.512231][T18364] veth3: entered allmulticast mode [ 1539.722605][T18088] aiptek 5-1:17.0: Aiptek using 400 ms programming speed [ 1539.761977][T18088] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input30 [ 1539.793836][T18386] xt_limit: Overflow, try lower: 1073741824/4 [ 1539.866894][T18088] usb 5-1: USB disconnect, device number 23 [ 1539.872841][ C0] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 1540.009795][T18386] overlayfs: metacopy with no lower data found - abort lookup (/file1) [ 1540.044792][T18386] overlayfs: failed to look up (file1) for ino (-5) [ 1540.070163][T11329] Bluetooth: hci0: unexpected event for opcode 0x1408 [ 1540.079171][T18392] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2254'. [ 1540.273876][T18394] netlink: 'syz.0.2254': attribute type 11 has an invalid length. [ 1540.329203][T15957] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1541.818877][T18407] loop0: detected capacity change from 0 to 32768 [ 1541.885187][T18407] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1542.532109][T18407] XFS (loop0): Ending clean mount [ 1542.542358][T18407] XFS (loop0): Quotacheck needed: Please wait. [ 1543.857067][T18407] XFS (loop0): Quotacheck: Done. [ 1544.556916][T18425] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 1544.579192][T18425] pim6reg0: linktype set to 0 [ 1545.093604][T18432] loop4: detected capacity change from 0 to 1024 [ 1546.575608][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.614264][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.752536][T18432] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1546.864897][T18432] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1547.561515][T18428] wg0 speed is unknown, defaulting to 1000 [ 1547.577077][T18432] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2262: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1547.595770][T18432] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2262: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1547.617969][T18444] x_tables: unsorted entry at hook 3 [ 1547.653665][T16156] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1547.663218][T18442] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2263'. [ 1547.730910][T15957] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1547.785940][T18444] netlink: 'syz.1.2263': attribute type 2 has an invalid length. [ 1547.838508][ T29] kauditd_printk_skb: 66 callbacks suppressed [ 1547.838529][ T29] audit: type=1400 audit(2000000319.639:1103): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18445 comm="syz.4.2265" [ 1547.900124][T18446] loop4: detected capacity change from 0 to 2048 [ 1547.929110][T18446] overlayfs: failed to resolve './file0/../file0': -2 [ 1548.314495][T18450] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1548.323962][T18450] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1548.333015][T18450] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1548.342044][T18450] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1549.769139][T18459] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2268'. [ 1550.017383][T18466] loop4: detected capacity change from 0 to 512 [ 1550.038474][T18467] netlink: 'syz.2.2268': attribute type 11 has an invalid length. [ 1550.109135][T18466] EXT4-fs: Ignoring removed bh option [ 1550.118144][T18466] EXT4-fs: Ignoring removed mblk_io_submit option [ 1550.134867][T18466] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1550.175677][T18466] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 1550.325456][T18461] loop4: detected capacity change from 0 to 128 [ 1550.417157][T18461] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1550.451076][T18461] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1550.585797][T18478] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2264'. [ 1550.819642][T18482] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2272'. [ 1551.424786][ T29] audit: type=1326 audit(2000000323.217:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18460 comm="syz.4.2269" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x0 [ 1551.469334][T18478] loop0: detected capacity change from 0 to 8 [ 1553.191672][T18496] fuse: Bad value for 'fd' [ 1553.214061][T15957] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1554.396255][ T29] audit: type=1326 audit(2000000325.450:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.2276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1555.346854][ T29] audit: type=1326 audit(2000000325.480:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.2276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1555.472012][ T29] audit: type=1326 audit(2000000325.500:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.2276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffaf3378350 code=0x7ffc0000 [ 1555.503705][T18507] loop4: detected capacity change from 0 to 1024 [ 1555.555551][T18507] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1555.615861][ T29] audit: type=1326 audit(2000000325.630:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.2276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1555.627766][T18507] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1555.692686][ T29] audit: type=1326 audit(2000000325.650:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.2276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1555.760336][ T29] audit: type=1326 audit(2000000325.719:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.2276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1556.221633][ T29] audit: type=1326 audit(2000000325.739:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.2276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1556.400356][T18513] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2277: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1556.516013][ T29] audit: type=1326 audit(2000000325.769:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.2276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1556.945523][T18514] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2277: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1556.976620][ T29] audit: type=1326 audit(2000000325.809:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.2276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1557.080005][ T29] audit: type=1326 audit(2000000325.839:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.2276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1557.386144][T18524] netlink: 'syz.3.2280': attribute type 4 has an invalid length. [ 1557.408417][T18524] tun0: tun_chr_ioctl cmd 1074025675 [ 1557.413775][T18524] tun0: persist disabled [ 1558.350859][T18523] fuse: Bad value for 'fd' [ 1558.793805][T15957] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1558.818467][T18517] Bluetooth: hci4: unexpected event for opcode 0x0000 [ 1558.872770][T18528] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1558.913357][T11329] Bluetooth: hci1: command 0x0406 tx timeout [ 1558.934439][T11329] Bluetooth: hci4: Unknown advertising packet type: 0x70 [ 1558.934662][T11329] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1560.522929][T18538] mkiss: ax0: crc mode is auto. [ 1560.531796][T18542] input: syz0 as /devices/virtual/input/input31 [ 1560.854035][T11329] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1560.886162][T11329] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1560.892359][T11329] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1560.895158][T11329] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1560.896066][T11329] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1560.896881][T11329] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1561.086479][T18546] wg0 speed is unknown, defaulting to 1000 [ 1561.925297][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 1561.931572][ T29] audit: type=1326 audit(2000000333.400:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.4.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1562.748769][ T29] audit: type=1326 audit(2000000333.400:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.4.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1563.031738][ T29] audit: type=1326 audit(2000000333.400:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.4.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe378d78350 code=0x7ffc0000 [ 1563.287778][T11329] Bluetooth: hci5: command tx timeout [ 1563.321625][T15567] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1563.334353][T15567] Bluetooth: hci4: Injecting HCI hardware error event [ 1563.836648][T18517] Bluetooth: hci4: hardware error 0x00 [ 1563.942473][ T29] audit: type=1326 audit(2000000333.400:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.4.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1564.066558][T18546] chnl_net:caif_netlink_parms(): no params data found [ 1564.114562][ T29] audit: type=1326 audit(2000000333.400:1142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.4.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1564.606008][ T29] audit: type=1326 audit(2000000333.400:1143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.4.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1564.737070][ T29] audit: type=1326 audit(2000000333.400:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.4.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1564.854932][T18546] bridge0: port 1(bridge_slave_0) entered blocking state [ 1564.872205][ T29] audit: type=1326 audit(2000000333.418:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.4.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1564.937182][T18546] bridge0: port 1(bridge_slave_0) entered disabled state [ 1564.944585][T18546] bridge_slave_0: entered allmulticast mode [ 1564.977447][ T29] audit: type=1326 audit(2000000333.427:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.4.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1565.014291][T18576] loop4: detected capacity change from 0 to 1024 [ 1565.101137][ T29] audit: type=1326 audit(2000000333.427:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18552 comm="syz.4.2288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe378d799b9 code=0x7ffc0000 [ 1565.132443][T18546] bridge_slave_0: entered promiscuous mode [ 1565.311564][T18546] bridge0: port 2(bridge_slave_1) entered blocking state [ 1565.336546][T18576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2292'. [ 1565.456541][T18546] bridge0: port 2(bridge_slave_1) entered disabled state [ 1565.588586][T18546] bridge_slave_1: entered allmulticast mode [ 1565.601795][T18576] hfsplus: can't free extent [ 1565.607036][T18546] bridge_slave_1: entered promiscuous mode [ 1565.639844][ T5433] hfsplus: b-tree write err: -5, ino 4 [ 1566.344084][T15567] Bluetooth: hci5: command tx timeout [ 1566.354826][T18517] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1566.435835][T18583] loop4: detected capacity change from 0 to 512 [ 1566.464291][T18583] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 1566.495456][T18546] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1566.661352][T18583] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.2294: iget: bad i_size value: -67835469387268086 [ 1566.677858][T18583] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2294: couldn't read orphan inode 15 (err -117) [ 1566.693091][T18583] EXT4-fs (loop4): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1566.705512][T18583] ext2 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1566.723269][T18583] EXT4-fs error (device loop4): ext4_add_entry:2435: inode #2: comm syz.4.2294: Directory hole found for htree leaf block 0 [ 1568.134084][T18595] EXT4-fs error (device loop4): ext4_add_entry:2435: inode #2: comm syz.4.2294: Directory hole found for htree leaf block 0 [ 1568.363884][T18583] EXT4-fs error (device loop4): ext4_add_entry:2435: inode #2: comm syz.4.2294: Directory hole found for htree leaf block 0 [ 1569.106803][T18517] Bluetooth: hci5: command tx timeout [ 1569.318667][T15957] EXT4-fs (loop4): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 1569.318776][T18546] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1569.517892][T18546] team0: Port device team_slave_0 added [ 1570.532905][ T5433] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1570.637803][T18546] team0: Port device team_slave_1 added [ 1571.967905][T18517] Bluetooth: hci5: command tx timeout [ 1572.800467][ T5433] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1572.874301][T18546] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1572.891314][T18546] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1573.109221][T18630] IPVS: set_ctl: invalid protocol: 255 172.20.20.13:20000 [ 1574.191275][T18546] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1574.590458][T18106] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 1574.741308][T18546] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1574.772924][T18546] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1574.872599][T18546] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1575.020425][T18106] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1575.021497][ T5433] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1575.078585][T18106] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 895 [ 1575.147582][T18106] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1575.166283][T18106] usb 2-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice= 0.00 [ 1575.186440][T18106] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1575.204257][T18106] usb 2-1: SerialNumber: syz [ 1575.407603][T18106] usb 2-1: config 0 descriptor?? [ 1575.413428][T18637] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1575.446401][T10656] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1575.497319][T18106] port100 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 1575.652413][ T5433] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1575.663048][T10656] usb 5-1: Using ep0 maxpacket: 16 [ 1575.684504][T10656] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 1575.694973][T10656] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 1575.717597][T10656] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 1575.727657][T10656] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1575.760542][T10656] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 1575.770667][T10656] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1575.782208][T10656] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 1575.791906][T10656] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1575.850755][T10656] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 1576.041868][T18546] hsr_slave_0: entered promiscuous mode [ 1576.311746][T10656] scsi host1: usb-storage 5-1:1.0 [ 1576.336591][T18546] hsr_slave_1: entered promiscuous mode [ 1576.362932][T18546] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1576.373014][T18546] Cannot create hsr debugfs directory [ 1576.873750][ T5433] bridge_slave_1: left allmulticast mode [ 1576.883833][ T5433] bridge_slave_1: left promiscuous mode [ 1576.896824][ T5433] bridge0: port 2(bridge_slave_1) entered disabled state [ 1576.921175][ T5433] bridge_slave_0: left allmulticast mode [ 1576.929292][ T5433] bridge_slave_0: left promiscuous mode [ 1576.935434][ T5433] bridge0: port 1(bridge_slave_0) entered disabled state [ 1577.479124][T11036] scsi 1:0:0:0: Direct-Access Sandisk ImageMate SDDR09 0177 PQ: 0 ANSI: 0 [ 1577.573765][T18106] usb 2-1: USB disconnect, device number 43 [ 1577.669832][T11036] sd 1:0:0:0: Attached scsi generic sg1 type 0 [ 1577.871088][T18652] sddr09: could not read card info [ 1577.872717][T18106] usb 5-1: USB disconnect, device number 24 [ 1577.931111][ T52] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B) [ 1577.952488][ T52] sd 1:0:0:0: [sdb] 0-byte physical blocks [ 1577.978698][ T52] sd 1:0:0:0: [sdb] Write Protect is off [ 1577.985858][T18665] net_ratelimit: 116 callbacks suppressed [ 1577.985881][T18665] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1578.004262][ T52] sd 1:0:0:0: [sdb] Asking for cache data failed [ 1578.011221][ T52] sd 1:0:0:0: [sdb] Assuming drive cache: write through [ 1578.069313][ T52] sd 1:0:0:0: [sdb] Attached SCSI removable disk [ 1578.473125][T18529] udevd[18529]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory [ 1579.992674][ T5433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1580.092625][T18682] loop4: detected capacity change from 0 to 736 [ 1580.120351][ T5433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1580.166808][ T5433] bond0 (unregistering): Released all slaves [ 1581.343761][ T5433] hsr_slave_0: left promiscuous mode [ 1581.386756][ T5433] hsr_slave_1: left promiscuous mode [ 1581.463345][ T5433] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1581.600188][ T5433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1581.612039][T18088] usb 5-1: new full-speed USB device number 25 using dummy_hcd [ 1581.637095][ T5433] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1581.649966][ T5433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1582.267234][T18088] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1582.576197][T18088] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1582.610617][T18088] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 1582.628822][ T5433] veth1_macvtap: left promiscuous mode [ 1582.635397][T18088] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1582.644912][ T5433] veth0_macvtap: left promiscuous mode [ 1582.652734][T18088] usb 5-1: SerialNumber: syz [ 1582.662589][ T5433] veth1_vlan: left promiscuous mode [ 1582.674459][T18088] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 1582.683977][ T5433] veth0_vlan: left promiscuous mode [ 1582.691212][T18088] usb-storage 5-1:1.0: USB Mass Storage device detected [ 1582.726095][T18088] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 1582.736784][T18088] scsi host1: usb-storage 5-1:1.0 [ 1583.049711][T18722] loop4: detected capacity change from 0 to 512 [ 1583.089121][T18722] EXT4-fs: Ignoring removed bh option [ 1583.146098][T18722] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1583.161165][T18722] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 1583.191003][T18722] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.2321: invalid indirect mapped block 8 (level 2) [ 1583.215668][T18722] EXT4-fs (loop4): Remounting filesystem read-only [ 1583.222510][T18722] EXT4-fs (loop4): 1 truncate cleaned up [ 1583.307872][T18722] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1585.036425][ T5433] team0 (unregistering): Port device team_slave_1 removed [ 1585.193757][ T5433] team0 (unregistering): Port device team_slave_0 removed [ 1586.939446][T18737] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2325'. [ 1587.121028][T18739] team0: entered promiscuous mode [ 1587.146952][T15957] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1587.156828][T18739] team_slave_0: entered promiscuous mode [ 1587.180160][T18739] team_slave_1: entered promiscuous mode [ 1587.383863][T18737] team_slave_0: entered allmulticast mode [ 1588.873674][T18737] team0: Port device team_slave_0 removed [ 1588.893468][T18107] usb 5-1: USB disconnect, device number 25 [ 1589.068073][T18733] team0: left promiscuous mode [ 1589.123525][T18733] team_slave_1: left promiscuous mode [ 1589.165541][T18546] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1589.298800][T18546] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1590.204401][T18546] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1590.218258][T18762] loop4: detected capacity change from 0 to 8 [ 1590.415539][T18546] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1590.456890][T18762] cramfs: Unknown parameter 'â@C3žˆ™‰fnFO¼¨Nþg¾' [ 1590.527206][T18768] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 1593.011331][T18546] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1593.030347][ T5275] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1593.066570][T18546] 8021q: adding VLAN 0 to HW filter on device team0 [ 1593.154004][ T5433] bridge0: port 1(bridge_slave_0) entered blocking state [ 1593.161212][ T5433] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1593.199652][ T5433] bridge0: port 2(bridge_slave_1) entered blocking state [ 1593.206921][ T5433] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1593.292529][ T5275] usb 4-1: config 0 has an invalid interface number: 199 but max is 1 [ 1593.300781][ T5275] usb 4-1: config 0 has no interface number 1 [ 1593.335769][T18546] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1593.357737][ T5275] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1593.385615][ T5275] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1593.418537][ T5275] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 1593.439125][ T5275] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1593.450007][ T5275] usb 4-1: SerialNumber: syz [ 1593.474072][ T5275] usb 4-1: config 0 descriptor?? [ 1593.513268][ T5275] usb 4-1: can't set config #0, error -71 [ 1593.627012][ T5275] usb 4-1: USB disconnect, device number 29 [ 1594.877095][T18546] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1595.780607][T18546] veth0_vlan: entered promiscuous mode [ 1595.807776][T18546] veth1_vlan: entered promiscuous mode [ 1595.849700][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 1595.849720][ T29] audit: type=1400 audit(2000000364.772:1171): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A0A994F13051CA817FA97844BAA977532BDAD5A3D174B3B1A18F96A11DC04562D34DE812A8A50C8704F71C73A1FC74446E8CF9241B377C91B0B53F5534161F48AC6622327EB36968AF0475A7B4630BCD33388C7DCC896E8A18B2E4167D6E25801CA3608AFFEF1FD22809551 pid=18794 comm="syz.1.2337" [ 1595.871812][T18546] veth0_macvtap: entered promiscuous mode [ 1595.920894][T18546] veth1_macvtap: entered promiscuous mode [ 1595.929158][ T5275] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1595.997215][T18546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1596.020532][T18546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1596.030611][T18546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1596.051516][T18546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1596.063442][T18546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1596.080041][T18546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1596.090552][T18546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1596.109419][T18546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1596.125577][T18546] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1596.163375][ T5275] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1596.245692][T18546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1596.280754][T18546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1596.310981][T18546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1596.341769][T18546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1596.359955][T18546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1596.376996][T18546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1596.385894][ T5275] usb 4-1: config 1 interface 0 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1596.397433][T18546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1596.400301][ T5275] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1596.412262][T18546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1596.430763][T18546] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1596.439145][T18797] wg0 speed is unknown, defaulting to 1000 [ 1596.468960][T18546] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1596.490480][T18546] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1596.503973][T18546] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1596.517246][T18546] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1596.670091][ T5275] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1596.679405][ T5275] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1596.691178][ T5275] usb 4-1: SerialNumber: syz [ 1596.705642][ T5275] cdc_ether 4-1:1.0: skipping garbage [ 1596.756079][ T5275] cdc_ether 4-1:1.0: skipping garbage [ 1596.774289][ T5275] usb 4-1: bad CDC descriptors [ 1600.237509][T18809] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1600.266883][T18113] usb 4-1: USB disconnect, device number 30 [ 1600.281246][T18809] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1600.628332][T18834] netlink: 'syz.1.2346': attribute type 1 has an invalid length. [ 1601.196900][T11058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1601.311295][T11058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1601.346467][T18831] smc: net device batadv_slave_1 applied user defined pnetid SYZ2 [ 1601.512362][ T29] audit: type=1326 audit(2000000369.997:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18840 comm="syz.1.2348" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x0 [ 1601.634548][T18846] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 1601.882929][T18847] mkiss: ax0: crc mode is auto. [ 1601.902180][T18854] netlink: 'syz.0.2282': attribute type 11 has an invalid length. [ 1601.987624][T18855] fuse: Bad value for 'fd' [ 1603.038571][T18858] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2349'. [ 1603.116055][T18856] mkiss: ax0: crc mode is auto. [ 1603.121496][T18852] wg0 speed is unknown, defaulting to 1000 [ 1604.405854][T18873] wg0 speed is unknown, defaulting to 1000 [ 1604.539432][T18517] Bluetooth: hci3: command 0x0406 tx timeout [ 1607.094869][T18888] loop0: detected capacity change from 0 to 256 [ 1607.359973][ T29] audit: type=1800 audit(2000000375.396:1173): pid=18888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2358" name="file2" dev="loop0" ino=1048889 res=0 errno=0 [ 1607.461544][T18110] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1608.316815][T18110] usb 4-1: config 0 has an invalid interface number: 185 but max is 0 [ 1608.361748][T18110] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1608.380925][T18110] usb 4-1: config 0 has no interface number 0 [ 1608.398725][T18110] usb 4-1: config 0 interface 185 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 1608.423211][T18110] usb 4-1: config 0 interface 185 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 16 [ 1608.453446][T18110] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=d2.82 [ 1608.462773][T18110] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1608.479348][T18110] usb 4-1: Product: syz [ 1608.486495][T18110] usb 4-1: Manufacturer: syz [ 1608.501497][T18110] usb 4-1: SerialNumber: syz [ 1608.537932][T18110] usb 4-1: config 0 descriptor?? [ 1608.562140][T18110] cdc_ether 4-1:0.185: skipping garbage [ 1608.588754][T18110] usb 4-1: bad CDC descriptors [ 1608.605750][T18110] usb 4-1: unsupported MDLM descriptors [ 1608.843207][T18106] usb 4-1: USB disconnect, device number 31 [ 1612.243285][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 1612.250829][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 1612.834695][T18929] netlink: 'syz.2.2367': attribute type 27 has an invalid length. [ 1612.848941][T18926] loop4: detected capacity change from 0 to 128 [ 1612.923298][T18926] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1612.941073][T18926] ext4 filesystem being mounted at /106/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1613.952413][T15957] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1614.078526][T18929] bridge0: port 3(veth0) entered disabled state [ 1614.085159][T18929] bridge0: port 2(bridge_slave_1) entered disabled state [ 1614.092728][T18929] bridge0: port 1(bridge_slave_0) entered disabled state [ 1615.668077][T18929] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1615.701353][T18929] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1615.985123][T18929] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1616.002074][T18929] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1616.022281][T18929] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1616.042172][T18929] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1616.139723][T18950] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 1616.203467][T10649] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1616.824936][T10649] usb 5-1: Using ep0 maxpacket: 8 [ 1616.934520][T10649] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1616.952355][T18111] wg0 speed is unknown, defaulting to 1000 [ 1617.097102][T10649] usb 5-1: New USB device found, idVendor=090a, idProduct=1200, bcdDevice=89.36 [ 1617.121870][T10649] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1617.161652][T10649] usb 5-1: Product: syz [ 1617.179471][T10649] usb 5-1: Manufacturer: syz [ 1617.198527][T10649] usb 5-1: SerialNumber: syz [ 1617.205804][T18950] usb 1-1: device descriptor read/all, error -71 [ 1617.237827][T10649] usb 5-1: config 0 descriptor?? [ 1617.277378][T10649] usb-storage 5-1:0.0: USB Mass Storage device detected [ 1617.475157][T18091] usb 5-1: USB disconnect, device number 26 [ 1618.078470][T10649] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 1618.295935][T10649] usb 2-1: Using ep0 maxpacket: 8 [ 1618.303347][T10649] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1618.311171][T10649] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1618.468538][T10649] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1618.478698][T10649] usb 2-1: config 168 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 0 [ 1618.489081][T18950] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 1618.490369][T10649] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1618.680942][T10649] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1618.725050][T10649] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1618.756207][T10649] usb 2-1: config 168 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 0 [ 1618.859282][T18950] usb 1-1: Using ep0 maxpacket: 32 [ 1618.866827][T18950] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1618.876316][T10649] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1618.894238][T18950] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 1618.909301][T10649] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1618.932788][T10649] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1618.934865][T18950] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1618.983416][T18950] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 1619.010056][T18950] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 1619.017772][T10649] usb 2-1: config 168 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 0 [ 1619.031779][T18950] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1619.047506][T10649] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1619.059747][T10649] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1619.073409][T10649] usb 2-1: Product: syz [ 1619.074915][T18985] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2383'. [ 1619.078886][T10649] usb 2-1: Manufacturer: syz [ 1619.092013][T10649] usb 2-1: SerialNumber: syz [ 1619.096976][T18950] usb 1-1: Product: syz [ 1619.117895][T18985] bridge_slave_1: left allmulticast mode [ 1619.133367][T18950] usb 1-1: Manufacturer: syz [ 1619.141183][T18985] bridge_slave_1: left promiscuous mode [ 1619.157450][T18950] usb 1-1: SerialNumber: syz [ 1619.239682][T18950] usb 1-1: config 0 descriptor?? [ 1619.251507][T18985] bridge0: port 2(bridge_slave_1) entered disabled state [ 1619.264341][T18950] usb 1-1: no audio or video endpoints found [ 1619.304294][T18985] bridge_slave_0: left allmulticast mode [ 1619.316088][T18985] bridge_slave_0: left promiscuous mode [ 1619.322047][T18985] bridge0: port 1(bridge_slave_0) entered disabled state [ 1619.423759][T10649] adutux 2-1:168.0: interrupt endpoints not found [ 1619.464217][T10649] usb 2-1: USB disconnect, device number 44 [ 1619.473692][T18950] usb 1-1: USB disconnect, device number 42 [ 1620.526375][T18988] loop4: detected capacity change from 0 to 32768 [ 1620.551697][T18988] XFS: noikeep mount option is deprecated. [ 1620.610473][T18988] XFS (loop4): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent. [ 1620.648898][T18113] XFS (loop4): Metadata CRC error detected at xfs_inobt_read_verify+0x41/0xd0, xfs_finobt block 0x10 [ 1620.677875][T18113] XFS (loop4): Unmount and run xfs_repair [ 1620.706610][T18113] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 1620.788068][T18113] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 1620.796998][T18113] 00000010: 00 00 00 00 00 00 00 10 00 00 00 03 00 00 00 80 ................ [ 1620.810261][T18113] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 1620.819203][T18113] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 1620.838301][T18113] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 1620.847499][T18113] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1620.858720][T18950] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1620.866445][ T5275] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 1620.880481][T18113] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1620.891464][T18113] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1620.906800][T18988] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x10 len 4 error 74 [ 1620.922308][T18988] XFS (loop4): Failed to initialize disk quotas. [ 1621.040224][T15957] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1621.064120][T15957] XFS (loop4): Uncorrected metadata errors detected; please run xfs_repair. [ 1621.082423][T18950] usb 1-1: Using ep0 maxpacket: 8 [ 1621.087720][ T5275] usb 2-1: Using ep0 maxpacket: 8 [ 1621.115742][T18950] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 1621.125731][ T5275] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 1621.134841][ T5275] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 1621.143280][T18950] usb 1-1: New USB device found, idVendor=05a9, idProduct=2640, bcdDevice=55.12 [ 1621.153303][ T5275] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 1621.179459][T18950] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1621.188603][ T5275] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1623.206151][T18950] usb 1-1: config 0 descriptor?? [ 1623.225309][ T5275] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 1623.305258][T19022] wg0 speed is unknown, defaulting to 1000 [ 1623.799615][ T5275] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1623.811327][T18950] usb 1-1: Found UVC 0.00 device (05a9:2640) [ 1623.818256][T18950] usb 1-1: No valid video chain found. [ 1623.875868][ T5275] usb 2-1: Product: syz [ 1623.880154][ T5275] usb 2-1: Manufacturer: syz [ 1623.884783][ T5275] usb 2-1: SerialNumber: syz [ 1623.960760][T13945] usb 1-1: USB disconnect, device number 43 [ 1624.001724][ T5275] usb 2-1: config 0 descriptor?? [ 1624.022599][ T5275] usb 2-1: can't set config #0, error -71 [ 1624.133237][ T5275] usb 2-1: USB disconnect, device number 45 [ 1624.316399][T19032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2394'. [ 1624.419646][T19026] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2394'. [ 1624.521512][T19038] loop4: detected capacity change from 0 to 128 [ 1624.596891][T19039] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2395'. [ 1624.614189][T15567] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 1624.876803][ T29] audit: type=1326 audit(2000000391.318:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19028 comm="syz.1.2395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1625.489586][T15567] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1625.501053][T15567] Bluetooth: hci1: Injecting HCI hardware error event [ 1625.513279][T15567] Bluetooth: hci1: hardware error 0x00 [ 1625.563419][ T29] audit: type=1326 audit(2000000391.318:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19028 comm="syz.1.2395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1625.633889][T19038] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 1625.654261][ T29] audit: type=1326 audit(2000000391.318:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19028 comm="syz.1.2395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1625.837769][T19046] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2399'. [ 1625.858158][ T29] audit: type=1326 audit(2000000391.318:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19028 comm="syz.1.2395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1625.948130][ T29] audit: type=1326 audit(2000000391.318:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19028 comm="syz.1.2395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1626.294203][T19043] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2398'. [ 1626.303366][T19043] netlink: 'syz.1.2398': attribute type 1 has an invalid length. [ 1626.325040][ T29] audit: type=1326 audit(2000000391.327:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19028 comm="syz.1.2395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1627.395336][ T29] audit: type=1326 audit(2000000391.327:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19028 comm="syz.1.2395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1627.556348][ T52] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 1627.559695][ T29] audit: type=1326 audit(2000000391.327:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19028 comm="syz.1.2395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1627.699799][ T29] audit: type=1326 audit(2000000391.327:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19028 comm="syz.1.2395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ffaf33799b9 code=0x7ffc0000 [ 1627.790683][T18517] Bluetooth: hci3: unexpected event for opcode 0x1005 [ 1627.821138][ T29] audit: type=1326 audit(2000000391.327:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19028 comm="syz.1.2395" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffaf33799b9 code=0x0 [ 1628.000292][T15567] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1628.079206][T13945] usb 2-1: new full-speed USB device number 46 using dummy_hcd [ 1628.297813][T13945] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1628.308895][T13945] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 1628.324104][T13945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 10333, setting to 64 [ 1628.357979][T13945] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1628.416964][T13945] usb 2-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=39.0f [ 1628.426211][ T9] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1628.443736][T13945] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1628.456226][T13945] usb 2-1: Product: syz [ 1628.460723][T13945] usb 2-1: Manufacturer: syz [ 1628.465529][T13945] usb 2-1: SerialNumber: syz [ 1628.475513][T13945] usb 2-1: config 0 descriptor?? [ 1628.482952][T19060] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1628.494021][T13945] sierra 2-1:0.0: Sierra USB modem converter detected [ 1628.934150][T19078] wg0 speed is unknown, defaulting to 1000 [ 1629.070438][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 1629.789818][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1630.739756][T13945] usb 2-1: Sierra USB modem converter now attached to ttyUSB0 [ 1630.748296][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 1630.777756][T13945] usb 2-1: USB disconnect, device number 46 [ 1630.813783][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1630.926291][ T9] usb 4-1: Duplicate descriptor for config 0 interface 0 altsetting 0, skipping [ 1630.937208][T13945] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 1630.951084][ T9] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 1630.972362][T13945] sierra 2-1:0.0: device disconnected [ 1630.979295][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1630.995300][ T9] usb 4-1: Product: syz [ 1631.030645][ T9] usb 4-1: Manufacturer: syz [ 1631.041594][ T9] usb 4-1: SerialNumber: syz [ 1631.070657][ T9] usb 4-1: config 0 descriptor?? [ 1631.117675][ T9] usb 4-1: selecting invalid altsetting 1 [ 1631.146207][T19085] netlink: 'syz.2.2413': attribute type 1 has an invalid length. [ 1631.150369][ T9] usb 4-1: Can not set alternate setting to 1, error: -22 [ 1631.162682][ T9] synaptics_usb 4-1:0.0: probe with driver synaptics_usb failed with error -22 [ 1631.183601][T19085] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.2413'. [ 1631.196291][T19085] netlink: 'syz.2.2413': attribute type 1 has an invalid length. [ 1631.329896][T19087] netlink: 'syz.2.2414': attribute type 5 has an invalid length. [ 1631.374667][T13945] usb 4-1: USB disconnect, device number 32 [ 1631.490395][T19087] : entered promiscuous mode [ 1631.624118][T19091] x_tables: ip_tables: REDIRECT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 1631.848530][T15567] Bluetooth: hci3: unexpected event for opcode 0x1005 [ 1632.946399][T19104] netlink: 'syz.2.2421': attribute type 11 has an invalid length. [ 1634.118668][T19127] netlink: 'syz.2.2426': attribute type 96 has an invalid length. [ 1634.874375][T13945] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 1635.375167][T13945] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 1635.400580][T13945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1635.439575][T19133] ------------[ cut here ]------------ [ 1635.445935][T19133] WARNING: CPU: 1 PID: 19133 at include/linux/memcontrol.h:373 folio_memcg+0x111/0x220 [ 1635.458004][T13945] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1635.458041][T13945] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1635.458066][T13945] usb 2-1: Manufacturer: syz [ 1635.481618][T19133] Modules linked in: [ 1635.483498][T13945] usb 2-1: config 0 descriptor?? [ 1635.485555][T19133] CPU: 1 UID: 0 PID: 19133 Comm: syz.0.2428 Not tainted 6.11.0-rc3-next-20240816-syzkaller #0 [ 1635.501205][T19133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1635.511440][T19133] RIP: 0010:folio_memcg+0x111/0x220 [ 1635.516705][T19133] Code: 10 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 e2 2f f8 ff 48 8b 1b 48 89 d8 5b 41 5c 41 5e 41 5f c3 cc cc cc cc 90 <0f> 0b 90 eb ce 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 55 ff ff ff [ 1635.536747][T19133] RSP: 0018:ffffc90004c26960 EFLAGS: 00010246 [ 1635.542985][T19133] RAX: 0000000000000000 RBX: ffff888068e2ba80 RCX: 0000000080000000 [ 1635.551292][T19133] RDX: 0000000000000000 RSI: ffffffff8c0adfc0 RDI: ffffffff8c60a8c0 [ 1635.559608][T19133] RBP: ffffea0001150008 R08: ffffffff9018c5af R09: 1ffffffff20318b5 [ 1635.567805][T19133] R10: dffffc0000000000 R11: fffffbfff20318b6 R12: dffffc0000000000 [ 1635.575874][T19133] R13: 0000000000400018 R14: ffffea0001150000 R15: ffffea0001150030 [ 1635.583999][T19133] FS: 00007efc7ccfa6c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 1635.593239][T19133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1635.600124][T19133] CR2: 00000000200044c0 CR3: 000000006ae6c000 CR4: 00000000003506f0 [ 1635.608177][T19133] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1635.616269][T19133] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1635.624545][T19133] Call Trace: [ 1635.627927][T19133] [ 1635.631039][T19133] ? __warn+0x163/0x4e0 [ 1635.635317][T19133] ? folio_memcg+0x111/0x220 [ 1635.637857][T19112] wg0 speed is unknown, defaulting to 1000 [ 1635.639976][T19133] ? report_bug+0x2b3/0x500 [ 1635.640015][T19133] ? folio_memcg+0x111/0x220 [ 1635.655183][T19133] ? handle_bug+0x60/0x90 [ 1635.659639][T19133] ? exc_invalid_op+0x1a/0x50 [ 1635.664522][T19133] ? asm_exc_invalid_op+0x1a/0x20 [ 1635.669671][T19133] ? folio_memcg+0x111/0x220 [ 1635.674442][T19133] split_page_memcg+0x58/0x3f0 [ 1635.679295][T19133] ? split_page+0x205/0x230 [ 1635.683925][T19133] __vmalloc_node_range_noprof+0xa63/0x1400 [ 1635.690036][T19133] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1635.696557][T19133] ? rcu_is_watching+0x15/0xb0 [ 1635.701586][T19133] ? trace_kmalloc+0x1f/0xd0 [ 1635.709001][T19133] ? __kmalloc_node_noprof+0x247/0x440 [ 1635.714640][T19133] ? __kvmalloc_node_noprof+0x72/0x1b0 [ 1635.720228][T19133] __kvmalloc_node_noprof+0x142/0x1b0 [ 1635.725758][T19133] ? hash_ipport_create+0x801/0x1670 [ 1635.731210][T19133] hash_ipport_create+0x801/0x1670 [ 1635.736436][T19133] ? __pfx_lock_acquire+0x10/0x10 [ 1635.741671][T19133] ? __pfx_hash_ipport_create+0x10/0x10 [ 1635.747339][T19133] ? __nla_parse+0x40/0x60 [ 1635.751937][T19133] ? __pfx_hash_ipport_create+0x10/0x10 [ 1635.757557][T19133] ip_set_create+0xa5c/0x1900 [ 1635.762438][T19133] ? ip_set_create+0x45e/0x1900 [ 1635.767350][T19133] ? __pfx___mutex_trylock_common+0xa/0x10 [ 1635.773363][T19133] ? __pfx_ip_set_create+0x10/0x10 [ 1635.778576][T19133] ? trace_contention_end+0x3c/0x120 [ 1635.784159][T19133] ? nfnetlink_rcv_msg+0x225/0x1180 [ 1635.789470][T19133] nfnetlink_rcv_msg+0xbec/0x1180 [ 1635.794706][T19133] ? nfnetlink_rcv_msg+0x225/0x1180 [ 1635.800048][T19133] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1635.805764][T19133] ? stack_trace_save+0x118/0x1d0 [ 1635.811095][T19133] ? dev_hard_start_xmit+0x27a/0x7e0 [ 1635.816747][T19133] ? __dev_queue_xmit+0x1b63/0x3e90 [ 1635.822046][T19133] ? __netlink_deliver_tap+0x54d/0x7c0 [ 1635.827703][T19133] ? netlink_deliver_tap+0x19d/0x1b0 [ 1635.833120][T19133] ? netlink_unicast+0x7c4/0x990 [ 1635.838211][T19133] ? netlink_sendmsg+0x8e4/0xcb0 [ 1635.843259][T19133] ? __sock_sendmsg+0x221/0x270 [ 1635.848303][T19133] ? ____sys_sendmsg+0x525/0x7d0 [ 1635.853349][T19133] ? __sys_sendmsg+0x298/0x390 [ 1635.858320][T19133] netlink_rcv_skb+0x1e3/0x430 [ 1635.863185][T19133] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1635.868801][T19133] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1635.874198][T19133] ? apparmor_capable+0x13b/0x1b0 [ 1635.879342][T19133] ? bpf_lsm_capable+0x9/0x10 [ 1635.884174][T19133] ? security_capable+0x90/0xb0 [ 1635.889140][T19133] nfnetlink_rcv+0x297/0x2ad0 [ 1635.894046][T19133] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1635.899880][T19133] ? __dev_queue_xmit+0x2da/0x3e90 [ 1635.905203][T19133] ? __dev_queue_xmit+0x1763/0x3e90 [ 1635.910456][T19133] ? kasan_save_track+0x51/0x80 [ 1635.915477][T19133] ? do_syscall_64+0xf3/0x230 [ 1635.920414][T19133] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1635.925916][T19133] ? __dev_queue_xmit+0x2da/0x3e90 [ 1635.931133][T19133] ? __pfx___dev_queue_xmit+0x10/0x10 [ 1635.936700][T19133] ? ref_tracker_free+0x643/0x7e0 [ 1635.941824][T19133] ? __asan_memcpy+0x40/0x70 [ 1635.946526][T19133] ? __pfx_ref_tracker_free+0x10/0x10 [ 1635.951998][T19133] ? netlink_deliver_tap+0x2e/0x1b0 [ 1635.957386][T19133] ? skb_clone+0x240/0x390 [ 1635.961898][T19133] ? __pfx_lock_release+0x10/0x10 [ 1635.967145][T19133] ? __netlink_deliver_tap+0x77e/0x7c0 [ 1635.972702][T19133] ? netlink_deliver_tap+0x2e/0x1b0 [ 1635.978065][T19133] netlink_unicast+0x7f6/0x990 [ 1635.982932][T19133] ? __pfx_netlink_unicast+0x10/0x10 [ 1635.988391][T19133] ? __virt_addr_valid+0x183/0x530 [ 1635.988795][T13945] rc_core: IR keymap rc-hauppauge not found [ 1635.993566][T19133] ? __check_object_size+0x49c/0x900 [ 1635.993609][T19133] ? bpf_lsm_netlink_send+0x9/0x10 [ 1635.993649][T19133] netlink_sendmsg+0x8e4/0xcb0 [ 1635.993697][T19133] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1636.009899][T13945] Registered IR keymap rc-empty [ 1636.010178][T19133] ? __import_iovec+0x536/0x820 [ 1636.030097][T19133] ? aa_sock_msg_perm+0x91/0x160 [ 1636.035311][T19133] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1636.040655][T19133] ? security_socket_sendmsg+0x87/0xb0 [ 1636.046386][T19133] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1636.051726][T19133] __sock_sendmsg+0x221/0x270 [ 1636.056755][T19133] ____sys_sendmsg+0x525/0x7d0 [ 1636.061579][T19133] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1636.067006][T19133] __sys_sendmsg+0x298/0x390 [ 1636.071645][T19133] ? __pfx___sys_sendmsg+0x10/0x10 [ 1636.076929][T19133] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1636.083314][T19133] ? do_syscall_64+0x100/0x230 [ 1636.088208][T19133] ? do_syscall_64+0xb6/0x230 [ 1636.092974][T19133] do_syscall_64+0xf3/0x230 [ 1636.097578][T19133] ? clear_bhb_loop+0x35/0x90 [ 1636.102364][T19133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1636.108401][T19133] RIP: 0033:0x7efc7bf799b9 [ 1636.112864][T19133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1636.132599][T19133] RSP: 002b:00007efc7ccfa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1636.133915][T13945] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 1636.141150][T19133] RAX: ffffffffffffffda RBX: 00007efc7c115f80 RCX: 00007efc7bf799b9 [ 1636.141176][T19133] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1636.141193][T19133] RBP: 00007efc7bfe78d8 R08: 0000000000000000 R09: 0000000000000000 [ 1636.141210][T19133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1636.141227][T19133] R13: 0000000000000000 R14: 00007efc7c115f80 R15: 00007ffc89d54668 [ 1636.141271][T19133] [ 1636.141299][T19133] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1636.141315][T19133] CPU: 1 UID: 0 PID: 19133 Comm: syz.0.2428 Not tainted 6.11.0-rc3-next-20240816-syzkaller #0 [ 1636.141343][T19133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1636.141358][T19133] Call Trace: [ 1636.141367][T19133] [ 1636.141377][T19133] dump_stack_lvl+0x241/0x360 [ 1636.141420][T19133] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1636.141453][T19133] ? __pfx__printk+0x10/0x10 [ 1636.141494][T19133] ? vscnprintf+0x5d/0x90 [ 1636.141522][T19133] panic+0x349/0x870 [ 1636.141558][T19133] ? __warn+0x172/0x4e0 [ 1636.141586][T19133] ? __pfx_panic+0x10/0x10 [ 1636.141639][T19133] __warn+0x346/0x4e0 [ 1636.141664][T19133] ? folio_memcg+0x111/0x220 [ 1636.141693][T19133] report_bug+0x2b3/0x500 [ 1636.141723][T19133] ? folio_memcg+0x111/0x220 [ 1636.141753][T19133] handle_bug+0x60/0x90 [ 1636.141788][T19133] exc_invalid_op+0x1a/0x50 [ 1636.141825][T19133] asm_exc_invalid_op+0x1a/0x20 [ 1636.141849][T19133] RIP: 0010:folio_memcg+0x111/0x220 [ 1636.141874][T19133] Code: 10 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 e2 2f f8 ff 48 8b 1b 48 89 d8 5b 41 5c 41 5e 41 5f c3 cc cc cc cc 90 <0f> 0b 90 eb ce 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 55 ff ff ff [ 1636.141896][T19133] RSP: 0018:ffffc90004c26960 EFLAGS: 00010246 [ 1636.141920][T19133] RAX: 0000000000000000 RBX: ffff888068e2ba80 RCX: 0000000080000000 [ 1636.141938][T19133] RDX: 0000000000000000 RSI: ffffffff8c0adfc0 RDI: ffffffff8c60a8c0 [ 1636.141957][T19133] RBP: ffffea0001150008 R08: ffffffff9018c5af R09: 1ffffffff20318b5 [ 1636.141977][T19133] R10: dffffc0000000000 R11: fffffbfff20318b6 R12: dffffc0000000000 [ 1636.141996][T19133] R13: 0000000000400018 R14: ffffea0001150000 R15: ffffea0001150030 [ 1636.142036][T19133] split_page_memcg+0x58/0x3f0 [ 1636.142075][T19133] ? split_page+0x205/0x230 [ 1636.142104][T19133] __vmalloc_node_range_noprof+0xa63/0x1400 [ 1636.142163][T19133] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1636.142192][T19133] ? rcu_is_watching+0x15/0xb0 [ 1636.142232][T19133] ? trace_kmalloc+0x1f/0xd0 [ 1636.142270][T19133] ? __kmalloc_node_noprof+0x247/0x440 [ 1636.142303][T19133] ? __kvmalloc_node_noprof+0x72/0x1b0 [ 1636.142334][T19133] __kvmalloc_node_noprof+0x142/0x1b0 [ 1636.142360][T19133] ? hash_ipport_create+0x801/0x1670 [ 1636.142401][T19133] hash_ipport_create+0x801/0x1670 [ 1636.142442][T19133] ? __pfx_lock_acquire+0x10/0x10 [ 1636.142490][T19133] ? __pfx_hash_ipport_create+0x10/0x10 [ 1636.142533][T19133] ? __nla_parse+0x40/0x60 [ 1636.142566][T19133] ? __pfx_hash_ipport_create+0x10/0x10 [ 1636.142606][T19133] ip_set_create+0xa5c/0x1900 [ 1636.142639][T19133] ? ip_set_create+0x45e/0x1900 [ 1636.142671][T19133] ? __pfx___mutex_trylock_common+0xa/0x10 [ 1636.142708][T19133] ? __pfx_ip_set_create+0x10/0x10 [ 1636.142738][T19133] ? trace_contention_end+0x3c/0x120 [ 1636.142801][T19133] ? nfnetlink_rcv_msg+0x225/0x1180 [ 1636.142852][T19133] nfnetlink_rcv_msg+0xbec/0x1180 [ 1636.142887][T19133] ? nfnetlink_rcv_msg+0x225/0x1180 [ 1636.142967][T19133] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1636.143001][T19133] ? stack_trace_save+0x118/0x1d0 [ 1636.143061][T19133] ? dev_hard_start_xmit+0x27a/0x7e0 [ 1636.143085][T19133] ? __dev_queue_xmit+0x1b63/0x3e90 [ 1636.143111][T19133] ? __netlink_deliver_tap+0x54d/0x7c0 [ 1636.143144][T19133] ? netlink_deliver_tap+0x19d/0x1b0 [ 1636.143175][T19133] ? netlink_unicast+0x7c4/0x990 [ 1636.143203][T19133] ? netlink_sendmsg+0x8e4/0xcb0 [ 1636.143252][T19133] ? __sock_sendmsg+0x221/0x270 [ 1636.143282][T19133] ? ____sys_sendmsg+0x525/0x7d0 [ 1636.143305][T19133] ? __sys_sendmsg+0x298/0x390 [ 1636.143345][T19133] netlink_rcv_skb+0x1e3/0x430 [ 1636.143378][T19133] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1636.143415][T19133] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1636.143461][T19133] ? apparmor_capable+0x13b/0x1b0 [ 1636.143490][T19133] ? bpf_lsm_capable+0x9/0x10 [ 1636.143519][T19133] ? security_capable+0x90/0xb0 [ 1636.143562][T19133] nfnetlink_rcv+0x297/0x2ad0 [ 1636.143604][T19133] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1636.143643][T19133] ? __dev_queue_xmit+0x2da/0x3e90 [ 1636.143671][T19133] ? __dev_queue_xmit+0x1763/0x3e90 [ 1636.143696][T19133] ? kasan_save_track+0x51/0x80 [ 1636.143729][T19133] ? do_syscall_64+0xf3/0x230 [ 1636.143764][T19133] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1636.143817][T19133] ? __dev_queue_xmit+0x2da/0x3e90 [ 1636.143848][T19133] ? __pfx___dev_queue_xmit+0x10/0x10 [ 1636.143893][T19133] ? ref_tracker_free+0x643/0x7e0 [ 1636.143924][T19133] ? __asan_memcpy+0x40/0x70 [ 1636.143948][T19133] ? __pfx_ref_tracker_free+0x10/0x10 [ 1636.143996][T19133] ? netlink_deliver_tap+0x2e/0x1b0 [ 1636.144028][T19133] ? skb_clone+0x240/0x390 [ 1636.144056][T19133] ? __pfx_lock_release+0x10/0x10 [ 1636.144094][T19133] ? __netlink_deliver_tap+0x77e/0x7c0 [ 1636.144140][T19133] ? netlink_deliver_tap+0x2e/0x1b0 [ 1636.144177][T19133] netlink_unicast+0x7f6/0x990 [ 1636.144218][T19133] ? __pfx_netlink_unicast+0x10/0x10 [ 1636.144252][T19133] ? __virt_addr_valid+0x183/0x530 [ 1636.144282][T19133] ? __check_object_size+0x49c/0x900 [ 1636.144319][T19133] ? bpf_lsm_netlink_send+0x9/0x10 [ 1636.144359][T19133] netlink_sendmsg+0x8e4/0xcb0 [ 1636.144407][T19133] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1636.144445][T19133] ? __import_iovec+0x536/0x820 [ 1636.144480][T19133] ? aa_sock_msg_perm+0x91/0x160 [ 1636.144518][T19133] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1636.144555][T19133] ? security_socket_sendmsg+0x87/0xb0 [ 1636.144586][T19133] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1636.144619][T19133] __sock_sendmsg+0x221/0x270 [ 1636.144655][T19133] ____sys_sendmsg+0x525/0x7d0 [ 1636.144691][T19133] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1636.144736][T19133] __sys_sendmsg+0x298/0x390 [ 1636.144765][T19133] ? __pfx___sys_sendmsg+0x10/0x10 [ 1636.144839][T19133] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1636.144877][T19133] ? do_syscall_64+0x100/0x230 [ 1636.144915][T19133] ? do_syscall_64+0xb6/0x230 [ 1636.144952][T19133] do_syscall_64+0xf3/0x230 [ 1636.144998][T19133] ? clear_bhb_loop+0x35/0x90 [ 1636.145026][T19133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1636.145081][T19133] RIP: 0033:0x7efc7bf799b9 [ 1636.145104][T19133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1636.145124][T19133] RSP: 002b:00007efc7ccfa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1636.145150][T19133] RAX: ffffffffffffffda RBX: 00007efc7c115f80 RCX: 00007efc7bf799b9 [ 1636.145169][T19133] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1636.145186][T19133] RBP: 00007efc7bfe78d8 R08: 0000000000000000 R09: 0000000000000000 [ 1636.145203][T19133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1636.145220][T19133] R13: 0000000000000000 R14: 00007efc7c115f80 R15: 00007ffc89d54668 [ 1636.145261][T19133] [ 1636.151989][T19133] Kernel Offset: disabled