last executing test programs: 14.402169552s ago: executing program 1 (id=418): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a0000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000800000001"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000003000)) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0) mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@index_on}, {@metacopy_on}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000240)='./bus\x00', 0x322020, &(0x7f0000000240)=ANY=[], 0x1, 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file7\x00', 0xffffffffffffff9c, &(0x7f00000007c0)='./file1\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000440)='./file2\x00', 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) 12.93233913s ago: executing program 0 (id=421): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 12.687978325s ago: executing program 1 (id=422): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000480)=0x1c) getpid() socket(0x10, 0x803, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) waitid(0x0, r1, &(0x7f00000005c0), 0x20000000, &(0x7f0000000640)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000001a00010028bd7000000800000a", @ANYRES32=0x0, @ANYBLOB="0100e8"], 0x44}}, 0x71d0b8801b5f1c98) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) readv(r6, 0x0, 0x0) ioctl$TIOCVHANGUP(r6, 0x5437, 0x2) 12.388374751s ago: executing program 0 (id=423): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000044850000000e000000650000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socket$vsock_stream(0x28, 0x1, 0x0) pipe2(&(0x7f0000000080), 0x4800) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) socket$packet(0x11, 0xa, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 12.161729685s ago: executing program 0 (id=424): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040080}, 0x240480c0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000140)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 11.685249734s ago: executing program 0 (id=425): bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="000000000000000091aa5c5c8893c40204000000000000000000000000000000e1c6a607509a340a538cba82b25c411f4d44c8be29ee5db9d944c61cb1e45ffaece8e2b740fd919e7010387777d9d87948d287c8e8f19d7f906735377e6bb70aa66e6e84fcfeeb1ac72d0352120b2eecc8696cc16d7304c24275dbaf1879cf6f4b2fd44764942fe174300100a9884792d80d320fc22cf047281e604ab4978fdf2d22bf3520436c4d0798d52027c26437553719b8476802"], 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB], 0x6f4}}, 0x0) 11.250962992s ago: executing program 1 (id=427): bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) chdir(&(0x7f00000003c0)='./bus\x00') r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) syz_clone(0x6a000000, 0x0, 0x0, 0x0, 0x0, 0x0) getdents(r3, &(0x7f0000001fc0)=""/184, 0x20002078) 10.960323918s ago: executing program 0 (id=428): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000340)={'pimreg1\x00', 0x1}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4b"], &(0x7f0000000100)='GPL\x00'}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_clone(0x41200100, 0x0, 0x0, 0x0, 0x0, 0x0) 8.460836137s ago: executing program 1 (id=432): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) ioctl(0xffffffffffffffff, 0x8b1a, 0x0) socket$tipc(0x1e, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002100)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r7, {0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_fw={{0x7}, {0x28, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x10, 0xa}}, @TCA_FW_MASK={0x8, 0x5, 0x6}, @TCA_FW_INDEV={0x14, 0x3, 'veth1_virt_wifi\x00'}]}}]}, 0x54}}, 0x24040084) faccessat(0xffffffffffffffff, 0x0, 0x5) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff) 6.369591407s ago: executing program 1 (id=438): bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) chdir(&(0x7f00000003c0)='./bus\x00') r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) syz_clone(0x6a000000, 0x0, 0x0, 0x0, 0x0, 0x0) getdents(r3, &(0x7f0000001fc0)=""/184, 0x20002078) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x12, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000180000000000000000000000711207000000000095"], &(0x7f0000001200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @cgroup_sock_addr=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.344189346s ago: executing program 2 (id=441): bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) chdir(&(0x7f00000003c0)='./bus\x00') r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) syz_clone(0x6a000000, 0x0, 0x0, 0x0, 0x0, 0x0) getdents(r3, &(0x7f0000001fc0)=""/184, 0x20002078) 5.232322689s ago: executing program 3 (id=442): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="adffa88800000000140012800b0001006d616373656300002a00028008000500", @ANYRES32=r9], 0x44}}, 0x8000) 3.057659861s ago: executing program 3 (id=443): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040080}, 0x240480c0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000140)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.985477312s ago: executing program 2 (id=444): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_usbip_server_init(0x2) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b70400000000000085000000330000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00000005c0)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @echo_reply={0x0, 0x0, 0x0, 0x65, 0x4}}}}}, 0x0) 2.842215085s ago: executing program 3 (id=445): syz_usb_connect(0x2, 0x24, &(0x7f0000000540)={{0x12, 0x1, 0x0, 0xd4, 0xb8, 0xba, 0x40, 0x644, 0x800f, 0x47a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf, 0x0, 0x0, 0x5, 0x8b, 0x88}}]}}]}}, 0x0) 2.481275532s ago: executing program 0 (id=446): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000880)={0x2c, &(0x7f0000000700)={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000d40)={0xc, &(0x7f0000000c00)={0x40, 0x15}, 0x0, 0x0, 0x0, 0x0}) 2.256290596s ago: executing program 3 (id=447): dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000) sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x2b08}}, 0x4000806) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000340)=@ccm_128={{0x303}, "30693241a6f04035", "e0e6d476803da0686d23e136c58671e3", '\x00', "c962b0c0b5d958c9"}, 0x28) recvmmsg(r0, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x2002}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/94, 0x5e}], 0x1}, 0x4}], 0x2, 0x40000002, 0x0) 2.198363597s ago: executing program 1 (id=448): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x20a0, 0x4287, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0x0, 0xfc, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0xbd, 0x10}}}}}]}}]}}, 0x0) socket(0x200000000000011, 0x2, 0x1) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0xff00, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x5}]}}, 0x0}, 0x0) 1.975983532s ago: executing program 2 (id=449): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.843985544s ago: executing program 2 (id=450): openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0x2) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x40000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x5031, 0xffffffffffffffff, 0xc2dcc000) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003a80)=ANY=[@ANYBLOB="883800003f000701feff"], 0x3888}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) futex(&(0x7f0000000040)=0x2, 0xb, 0x2, 0x0, &(0x7f0000000100)=0x1, 0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x6c304000) futex(&(0x7f0000000040)=0x1, 0x6, 0x0, &(0x7f0000000080)={0x77359400}, 0x0, 0x1) 1.692401737s ago: executing program 3 (id=451): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000480)=0x1c) getpid() socket(0x10, 0x803, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) waitid(0x0, r1, &(0x7f00000005c0), 0x20000000, &(0x7f0000000640)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000001a00010028bd7000000800000a", @ANYRES32=0x0, @ANYBLOB="0100e8"], 0x44}}, 0x71d0b8801b5f1c98) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) readv(r7, 0x0, 0x0) ioctl$TIOCVHANGUP(r7, 0x5437, 0x2) 947.373201ms ago: executing program 2 (id=452): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) ioctl(0xffffffffffffffff, 0x8b1a, 0x0) socket$tipc(0x1e, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002100)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r7, {0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_fw={{0x7}, {0x28, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x10, 0xa}}, @TCA_FW_MASK={0x8, 0x5, 0x6}, @TCA_FW_INDEV={0x14, 0x3, 'veth1_virt_wifi\x00'}]}}]}, 0x54}}, 0x24040084) faccessat(0xffffffffffffffff, 0x0, 0x5) socket$nl_route(0x10, 0x3, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) sendfile(0xffffffffffffffff, r8, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff) 557.828099ms ago: executing program 3 (id=453): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040080}, 0x240480c0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000140)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 0s ago: executing program 2 (id=454): close(0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x5a, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699e", 0x0, 0x24, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002380)=ANY=[], &(0x7f0000000340)='syzkaller\x00'}, 0x94) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x28080, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x31, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000018110000e46b3e3ce9dfe76c085cf3f494cff00d8da804146c38e86137c5bc7fccbeaaff6f7a0a526b3d646bbb659ef6f54befe225a53da597de9e39af5ac52772b3a0d428a2040e914802f4892fbb3ec430e94b97334982bb5ee022913db1bb1aecdb0862394863e4fbf5bb1ecababa16aeca92b0ecadee7e7897b1ce1113b10360fa834cbcf2c811a4988cc24ef4573c1d831ce9a1656442337bb8f8417fbaaec0753936a1ec1c990c316632", @ANYRES64=r1, @ANYRES64], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000000)=0x7, &(0x7f0000000040)=0x4) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000040)={0x21, 0x2c, 0x3, 0x1c, 0x7, 0x4, 0x3, 0xd3, 0xffffffffffffffff}) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r5 = socket$netlink(0x10, 0x3, 0x0) writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r5, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.250' (ED25519) to the list of known hosts. [ 64.361806][ T5775] cgroup: Unknown subsys name 'net' [ 64.522521][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.956287][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.977675][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.986787][ T5790] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.006352][ T5790] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.014558][ T5790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.022914][ T5790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.024482][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.030686][ T5790] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.038342][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.045647][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.052555][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.066567][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.074112][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.166415][ T5102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.174663][ T5102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.180274][ T5790] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.189113][ T5102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.190526][ T5790] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.204825][ T5790] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.208902][ T5102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.220338][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.228096][ T5790] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.228213][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.243185][ T5102] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.250998][ T5790] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.466492][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 68.675131][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.682839][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.691073][ T5788] bridge_slave_0: entered allmulticast mode [ 68.698137][ T5788] bridge_slave_0: entered promiscuous mode [ 68.706931][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 68.750165][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.757446][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.764608][ T5788] bridge_slave_1: entered allmulticast mode [ 68.772423][ T5788] bridge_slave_1: entered promiscuous mode [ 68.779387][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 68.867745][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.888973][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.936603][ T5788] team0: Port device team_slave_0 added [ 68.951320][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 68.983313][ T5788] team0: Port device team_slave_1 added [ 69.005237][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.012633][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.020839][ T5794] bridge_slave_0: entered allmulticast mode [ 69.027970][ T5794] bridge_slave_0: entered promiscuous mode [ 69.047398][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.054698][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.061942][ T5784] bridge_slave_0: entered allmulticast mode [ 69.069183][ T5784] bridge_slave_0: entered promiscuous mode [ 69.090960][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.098048][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.124668][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.153008][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.160422][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.167690][ T5794] bridge_slave_1: entered allmulticast mode [ 69.174419][ T5794] bridge_slave_1: entered promiscuous mode [ 69.181098][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.188389][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.196482][ T5784] bridge_slave_1: entered allmulticast mode [ 69.203331][ T5784] bridge_slave_1: entered promiscuous mode [ 69.210383][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.217593][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.243613][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.326124][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.353728][ T5788] hsr_slave_0: entered promiscuous mode [ 69.362325][ T5788] hsr_slave_1: entered promiscuous mode [ 69.371707][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.393426][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.445905][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.459114][ T5794] team0: Port device team_slave_0 added [ 69.482185][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.489817][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.497286][ T5796] bridge_slave_0: entered allmulticast mode [ 69.503956][ T5796] bridge_slave_0: entered promiscuous mode [ 69.513426][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.520740][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.528394][ T5796] bridge_slave_1: entered allmulticast mode [ 69.535111][ T5796] bridge_slave_1: entered promiscuous mode [ 69.562669][ T5794] team0: Port device team_slave_1 added [ 69.618167][ T5784] team0: Port device team_slave_0 added [ 69.651942][ T5784] team0: Port device team_slave_1 added [ 69.667986][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.674945][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.701129][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.725187][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.744405][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.751717][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.777892][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.800788][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.810517][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.817791][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.843753][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.881770][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.888997][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.915025][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.964762][ T5794] hsr_slave_0: entered promiscuous mode [ 69.971492][ T5794] hsr_slave_1: entered promiscuous mode [ 69.977794][ T5794] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.985727][ T5794] Cannot create hsr debugfs directory [ 70.014623][ T5796] team0: Port device team_slave_0 added [ 70.023979][ T5796] team0: Port device team_slave_1 added [ 70.073531][ T5784] hsr_slave_0: entered promiscuous mode [ 70.086099][ T5784] hsr_slave_1: entered promiscuous mode [ 70.086264][ T5787] Bluetooth: hci1: command tx timeout [ 70.097457][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.105078][ T5784] Cannot create hsr debugfs directory [ 70.141618][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.149569][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.176269][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.188472][ T5787] Bluetooth: hci0: command tx timeout [ 70.222751][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.229903][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.256851][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.325555][ T5787] Bluetooth: hci3: command tx timeout [ 70.331513][ T5790] Bluetooth: hci2: command tx timeout [ 70.397890][ T5796] hsr_slave_0: entered promiscuous mode [ 70.405603][ T5796] hsr_slave_1: entered promiscuous mode [ 70.411941][ T5796] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.419698][ T5796] Cannot create hsr debugfs directory [ 70.513044][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.528901][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.559280][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.569517][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.665227][ T5794] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.693371][ T5794] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.704682][ T5794] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.714708][ T5794] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.803135][ T5784] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.814055][ T5784] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.833654][ T5784] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.845310][ T5784] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.942802][ T5796] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.954651][ T5796] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.978616][ T5796] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.989761][ T5796] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.014236][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.065151][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.089538][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.125346][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.132762][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.143001][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.150214][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.176816][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.210351][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.217486][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.239578][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.246761][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.299690][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.314791][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.389506][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.412426][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.433360][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.440522][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.451570][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.458806][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.469156][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.476308][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.485282][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.492389][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.613069][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.620021][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.652065][ T5796] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.914365][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.941824][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.073181][ T5788] veth0_vlan: entered promiscuous mode [ 72.090770][ T5794] veth0_vlan: entered promiscuous mode [ 72.114944][ T5794] veth1_vlan: entered promiscuous mode [ 72.128256][ T5788] veth1_vlan: entered promiscuous mode [ 72.146676][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.159953][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.166019][ T5790] Bluetooth: hci1: command tx timeout [ 72.211809][ T5794] veth0_macvtap: entered promiscuous mode [ 72.234439][ T5794] veth1_macvtap: entered promiscuous mode [ 72.246136][ T5790] Bluetooth: hci0: command tx timeout [ 72.282759][ T5796] veth0_vlan: entered promiscuous mode [ 72.296571][ T5788] veth0_macvtap: entered promiscuous mode [ 72.310994][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.324763][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.344459][ T5794] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.353747][ T5794] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.362526][ T5794] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.371754][ T5794] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.390981][ T5796] veth1_vlan: entered promiscuous mode [ 72.399609][ T5788] veth1_macvtap: entered promiscuous mode [ 72.405923][ T5790] Bluetooth: hci2: command tx timeout [ 72.411367][ T5790] Bluetooth: hci3: command tx timeout [ 72.424777][ T5784] veth0_vlan: entered promiscuous mode [ 72.458614][ T5784] veth1_vlan: entered promiscuous mode [ 72.492442][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.518545][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.530432][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.554672][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.570021][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.581626][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.592818][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.601669][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.612449][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.621487][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.658170][ T5796] veth0_macvtap: entered promiscuous mode [ 72.681311][ T993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.684260][ T5796] veth1_macvtap: entered promiscuous mode [ 72.695165][ T993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.764215][ T5784] veth0_macvtap: entered promiscuous mode [ 72.775172][ T993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.788669][ T993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.821321][ T5784] veth1_macvtap: entered promiscuous mode [ 72.845307][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.859542][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.870318][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.887820][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.900225][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.920567][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.921543][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.944479][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.946912][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.962572][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.973992][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.987046][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.050196][ T5796] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.062260][ T5796] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.071262][ T5796] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.080510][ T5796] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.109639][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.120298][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.131535][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.142469][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.152406][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.163123][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.174516][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.186154][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.186306][ T3435] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.197040][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.214953][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.225714][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.230984][ T3435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.235557][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.235571][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.237147][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.303015][ T5784] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.322762][ T5784] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.345675][ T5784] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.357253][ T5784] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.526479][ T3435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.534310][ T3435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.585847][ T5880] syz.3.4[5880]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 73.607795][ T5880] loop3: detected capacity change from 0 to 128 [ 73.632060][ T5880] ======================================================= [ 73.632060][ T5880] WARNING: The mand mount option has been deprecated and [ 73.632060][ T5880] and is ignored by this kernel. Remove the mand [ 73.632060][ T5880] option from the mount to silence this warning. [ 73.632060][ T5880] ======================================================= [ 73.671056][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.679697][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.735680][ T2892] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.764021][ T2892] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.887204][ T993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.895057][ T993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.923650][ T5884] syz.3.4: attempt to access beyond end of device [ 73.923650][ T5884] loop3: rw=2049, sector=129, nr_sectors = 1 limit=128 [ 73.993090][ T5884] Buffer I/O error on dev loop3, logical block 129, lost async page write [ 74.046756][ T5886] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 74.053423][ T5884] syz.3.4: attempt to access beyond end of device [ 74.053423][ T5884] loop3: rw=2049, sector=130, nr_sectors = 1 limit=128 [ 74.125540][ T5884] Buffer I/O error on dev loop3, logical block 130, lost async page write [ 74.136813][ T5884] syz.3.4: attempt to access beyond end of device [ 74.136813][ T5884] loop3: rw=2049, sector=131, nr_sectors = 1 limit=128 [ 74.186288][ T5884] Buffer I/O error on dev loop3, logical block 131, lost async page write [ 74.222805][ T5884] syz.3.4: attempt to access beyond end of device [ 74.222805][ T5884] loop3: rw=2049, sector=132, nr_sectors = 1 limit=128 [ 74.248455][ T5790] Bluetooth: hci1: command tx timeout [ 74.272929][ T5884] Buffer I/O error on dev loop3, logical block 132, lost async page write [ 74.312255][ T5884] syz.3.4: attempt to access beyond end of device [ 74.312255][ T5884] loop3: rw=2049, sector=133, nr_sectors = 1 limit=128 [ 74.353704][ T5884] Buffer I/O error on dev loop3, logical block 133, lost async page write [ 74.396250][ T5790] Bluetooth: hci0: command tx timeout [ 74.511396][ T5790] Bluetooth: hci3: command tx timeout [ 74.518096][ T5790] Bluetooth: hci2: command tx timeout [ 74.741280][ T5897] loop0: detected capacity change from 0 to 32768 [ 74.871064][ T5852] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 75.027397][ T5897] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.11 (5897) [ 75.497456][ T28] cfg80211: failed to load regulatory.db [ 75.529359][ T5897] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 75.539876][ T5897] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 75.549200][ T5897] BTRFS info (device loop0): using free space tree [ 75.619269][ T5914] loop2: detected capacity change from 0 to 512 [ 75.633843][ T5914] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 75.693824][ T5897] BTRFS info (device loop0): enabling ssd optimizations [ 75.702151][ T5897] BTRFS info (device loop0): auto enabling async discard [ 75.708966][ T5852] usb 2-1: Using ep0 maxpacket: 32 [ 75.732985][ T5852] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 75.764657][ T5914] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12'. [ 75.775740][ T5852] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 75.794920][ T5914] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12'. [ 75.826618][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.850815][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 75.859479][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 75.900211][ T5852] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 75.911895][ T5852] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 75.914031][ T5914] bridge0: entered promiscuous mode [ 75.925317][ T5852] usb 2-1: config 0 interface 0 has no altsetting 0 [ 75.928632][ T5852] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 76.017445][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 76.032586][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 76.044759][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 76.061672][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 76.158019][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 76.246932][ T5914] ip6gretap0: entered promiscuous mode [ 76.326057][ T5787] Bluetooth: hci1: command tx timeout [ 76.417165][ T5787] Bluetooth: hci0: command tx timeout [ 76.465484][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 76.572456][ T5787] Bluetooth: hci2: command tx timeout [ 76.578283][ T5787] Bluetooth: hci3: command tx timeout [ 76.689313][ T5852] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 76.698282][ T5852] usb 2-1: Product: syz [ 76.702472][ T5852] usb 2-1: Manufacturer: syz [ 76.707124][ T5852] usb 2-1: SerialNumber: syz [ 76.737516][ T5852] usb 2-1: config 0 descriptor?? [ 76.769279][ T5852] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 76.817309][ T5852] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 76.926316][ T5794] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 77.088765][ T5926] loop2: detected capacity change from 0 to 512 [ 77.140741][ T5926] EXT4-fs: Ignoring removed nobh option [ 78.130701][ T5926] EXT4-fs (loop2): Test dummy encryption mode enabled [ 78.186496][ T5926] EXT4-fs error (device loop2): __ext4_iget:5053: inode #11: block 1: comm syz.2.16: invalid block [ 78.289068][ T5926] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.16: couldn't read orphan inode 11 (err -117) [ 78.403423][ T5926] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.785926][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.970902][ T5944] netlink: 40 bytes leftover after parsing attributes in process `syz.3.18'. [ 79.414117][ T5171] usb 2-1: USB disconnect, device number 2 [ 79.527276][ T5171] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 79.961788][ T5957] capability: warning: `syz.3.22' uses deprecated v2 capabilities in a way that may be insecure [ 80.692201][ T27] audit: type=1326 audit(1758583252.451:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5945 comm="syz.2.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 80.714925][ T27] audit: type=1326 audit(1758583252.451:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5945 comm="syz.2.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 80.809835][ T5959] syz.1.20[5959] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.809964][ T5959] syz.1.20[5959] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 81.048418][ T27] audit: type=1326 audit(1758583252.461:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5945 comm="syz.2.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 81.255385][ C0] sched: RT throttling activated [ 81.263044][ T27] audit: type=1326 audit(1758583252.461:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5945 comm="syz.2.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 81.398453][ T5959] loop1: detected capacity change from 0 to 128 [ 82.271449][ T27] audit: type=1326 audit(1758583252.461:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5945 comm="syz.2.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 82.431238][ T27] audit: type=1326 audit(1758583252.471:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5945 comm="syz.2.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 82.583560][ T27] audit: type=1326 audit(1758583252.481:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5945 comm="syz.2.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 82.650661][ T5967] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 82.704651][ T27] audit: type=1326 audit(1758583252.481:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5945 comm="syz.2.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 85.947329][ T6004] netlink: 40 bytes leftover after parsing attributes in process `syz.1.32'. [ 86.506688][ T6006] loop0: detected capacity change from 0 to 512 [ 86.526327][ T6006] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 86.539542][ T6006] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 86.587632][ T6006] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 86.626651][ T6006] EXT4-fs (loop0): 1 truncate cleaned up [ 86.634208][ T6006] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.578629][ T6016] syz.2.34 (6016) used greatest stack depth: 17064 bytes left [ 88.437833][ T6027] netlink: 'syz.1.38': attribute type 12 has an invalid length. [ 88.956173][ T6025] loop2: detected capacity change from 0 to 2048 [ 89.158573][ T6025] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.523585][ T5935] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 89.601129][ T5935] EXT4-fs (loop2): Remounting filesystem read-only [ 89.681113][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.137375][ T6045] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 90.193855][ T6045] netlink: 12 bytes leftover after parsing attributes in process `syz.3.47'. [ 90.233718][ T6045] vlan2: entered promiscuous mode [ 90.243491][ T6045] bond0: entered promiscuous mode [ 90.255475][ T6045] bond_slave_0: entered promiscuous mode [ 90.261342][ T6045] bond_slave_1: entered promiscuous mode [ 91.209750][ T6057] netlink: 'syz.3.49': attribute type 12 has an invalid length. [ 92.196723][ T6035] loop1: detected capacity change from 0 to 131072 [ 92.271581][ T6035] F2FS-fs (loop1): Found nat_bits in checkpoint [ 92.515319][ T6068] netlink: 40 bytes leftover after parsing attributes in process `syz.2.52'. [ 92.584803][ T5852] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.897427][ T5852] usb 4-1: Using ep0 maxpacket: 32 [ 93.025001][ T5852] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 93.042594][ T5852] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 93.056915][ T5852] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 93.068435][ T5852] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 93.086036][ T5852] usb 4-1: config 0 interface 0 has no altsetting 0 [ 93.100779][ T5852] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 93.131879][ T5852] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 93.185583][ T5852] usb 4-1: Product: syz [ 93.189789][ T5852] usb 4-1: Manufacturer: syz [ 93.220851][ T5852] usb 4-1: SerialNumber: syz [ 93.241789][ T5852] usb 4-1: config 0 descriptor?? [ 93.264259][ T5852] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 93.305858][ T5852] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 93.541869][ T5794] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.797947][ T27] audit: type=1326 audit(1758583266.121:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6081 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 93.840543][ T27] audit: type=1326 audit(1758583266.141:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6081 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 93.884079][ T27] audit: type=1326 audit(1758583266.141:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6081 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f15bef8d710 code=0x7ffc0000 [ 93.917819][ T27] audit: type=1326 audit(1758583266.141:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6081 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 93.965344][ T27] audit: type=1326 audit(1758583266.141:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6081 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 94.059989][ T27] audit: type=1326 audit(1758583266.141:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6081 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 94.083505][ T27] audit: type=1326 audit(1758583266.141:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6081 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 94.093454][ T6088] loop1: detected capacity change from 0 to 1024 [ 94.106448][ T27] audit: type=1326 audit(1758583266.141:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6081 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 94.125100][ T6088] EXT4-fs: Ignoring removed i_version option [ 94.146964][ T6088] EXT4-fs: inline encryption not supported [ 94.153706][ T6088] EXT4-fs (loop1): Test dummy encryption mode enabled [ 94.182632][ T27] audit: type=1326 audit(1758583266.141:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6081 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 94.215951][ T9] usb 4-1: USB disconnect, device number 2 [ 94.234799][ T9] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 94.279621][ T6088] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.315214][ T27] audit: type=1326 audit(1758583266.141:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6081 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 94.400074][ T6095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.55'. [ 94.422480][ T6095] bridge_slave_1: left allmulticast mode [ 94.440674][ T6095] bridge_slave_1: left promiscuous mode [ 94.617426][ T6095] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.063714][ T6095] bridge_slave_0: left allmulticast mode [ 95.097730][ T6088] fscrypt (loop1): Error allocating 'xts(aes)' transform: -4 [ 95.128086][ T6095] bridge_slave_0: left promiscuous mode [ 95.133967][ T6095] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.545601][ T6109] netlink: 40 bytes leftover after parsing attributes in process `syz.3.63'. [ 95.714743][ T6096] netlink: 'syz.2.61': attribute type 12 has an invalid length. [ 96.523524][ T6113] loop2: detected capacity change from 0 to 32768 [ 96.533378][ T6117] syz.0.74[6117] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 96.533498][ T6117] syz.0.74[6117] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 96.569231][ T6113] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.66 (6113) [ 97.161300][ T6118] loop0: detected capacity change from 0 to 128 [ 97.860184][ T5796] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.711519][ T6113] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 98.721920][ T6113] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 98.730706][ T6113] BTRFS info (device loop2): using free space tree [ 98.812739][ T6113] BTRFS info (device loop2): enabling ssd optimizations [ 98.819835][ T6113] BTRFS info (device loop2): auto enabling async discard [ 98.941917][ T27] kauditd_printk_skb: 14 callbacks suppressed [ 98.941930][ T27] audit: type=1326 audit(1758583271.261:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6143 comm="syz.0.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 99.019036][ T27] audit: type=1326 audit(1758583271.261:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6143 comm="syz.0.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f15bef8d710 code=0x7ffc0000 [ 99.050849][ T27] audit: type=1326 audit(1758583271.261:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6143 comm="syz.0.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 99.094780][ T5784] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 99.113961][ T6125] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.121848][ T6125] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.133355][ T27] audit: type=1326 audit(1758583271.261:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6143 comm="syz.0.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 99.176627][ T27] audit: type=1326 audit(1758583271.301:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6143 comm="syz.0.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 99.200601][ T27] audit: type=1326 audit(1758583271.301:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6143 comm="syz.0.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 99.223327][ T27] audit: type=1326 audit(1758583271.301:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6143 comm="syz.0.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 99.252081][ T27] audit: type=1326 audit(1758583271.301:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6143 comm="syz.0.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 99.274892][ T27] audit: type=1326 audit(1758583271.301:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6143 comm="syz.0.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bef8eec9 code=0x7ffc0000 [ 99.298362][ T27] audit: type=1326 audit(1758583271.301:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6143 comm="syz.0.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f15bef8d710 code=0x7ffc0000 [ 99.644130][ T6150] loop0: detected capacity change from 0 to 512 [ 99.680818][ T6150] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 99.884403][ T6125] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.912630][ T6125] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.118414][ T6125] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.129032][ T6125] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.138543][ T6125] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.171214][ T6125] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.211700][ T6170] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 100.220968][ T6170] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 100.229879][ T6170] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 100.789113][ T6150] netlink: 28 bytes leftover after parsing attributes in process `syz.0.72'. [ 100.789741][ T785] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 100.798001][ T6150] netlink: 28 bytes leftover after parsing attributes in process `syz.0.72'. [ 100.824840][ T6150] bridge0: entered promiscuous mode [ 100.831813][ T6150] ip6gretap0: entered promiscuous mode [ 100.856800][ T6150] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 100.864409][ T6150] Cannot create hsr debugfs directory [ 101.210206][ T785] usb 3-1: Using ep0 maxpacket: 16 [ 101.218312][ T785] usb 3-1: config 0 has an invalid interface number: 64 but max is 0 [ 101.227026][ T785] usb 3-1: config 0 has an invalid interface descriptor of length 8, skipping [ 101.236013][ T785] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 101.246591][ T785] usb 3-1: config 0 has no interface number 0 [ 101.252727][ T785] usb 3-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.1e [ 101.262280][ T785] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.625587][ T6180] netlink: 40 bytes leftover after parsing attributes in process `syz.0.77'. [ 101.651738][ T785] usb 3-1: config 0 descriptor?? [ 101.704283][ T785] usb 3-1: Found UVC 0.00 device (0bd3:0555) [ 101.745222][ T6181] loop1: detected capacity change from 0 to 256 [ 101.753704][ T785] usb 3-1: No valid video chain found. [ 103.093968][ T5843] usb 3-1: USB disconnect, device number 2 [ 103.988075][ T27] kauditd_printk_skb: 236 callbacks suppressed [ 103.988108][ T27] audit: type=1326 audit(1758583276.281:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.3.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7fc00000 [ 104.850603][ T6261] netlink: 40 bytes leftover after parsing attributes in process `syz.2.85'. [ 105.743900][ T6266] syz.0.82[6266] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.744026][ T6266] syz.0.82[6266] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.759668][ T6266] loop0: detected capacity change from 0 to 128 [ 107.121851][ T6280] netlink: 40 bytes leftover after parsing attributes in process `syz.1.91'. [ 107.555702][ T27] audit: type=1326 audit(1758583279.871:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 107.586584][ T27] audit: type=1326 audit(1758583279.871:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe37338d710 code=0x7ffc0000 [ 107.609988][ T27] audit: type=1326 audit(1758583279.871:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 107.654421][ T27] audit: type=1326 audit(1758583279.871:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 107.708546][ T27] audit: type=1326 audit(1758583279.871:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 107.757374][ T27] audit: type=1326 audit(1758583279.871:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 107.820906][ T27] audit: type=1326 audit(1758583279.871:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 107.873852][ T27] audit: type=1326 audit(1758583279.871:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 107.930277][ T27] audit: type=1326 audit(1758583279.871:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 108.280960][ T6296] netlink: 40 bytes leftover after parsing attributes in process `syz.2.96'. [ 108.900997][ T6298] loop3: detected capacity change from 0 to 256 [ 108.918142][ T6298] FAT-fs (loop3): bogus number of FAT sectors [ 108.924714][ T6298] FAT-fs (loop3): Can't find a valid FAT filesystem [ 109.458121][ T6312] loop2: detected capacity change from 0 to 256 [ 109.981988][ T6312] wg2: entered promiscuous mode [ 109.987364][ T6312] wg2: entered allmulticast mode [ 110.497347][ T6314] wg2: entered promiscuous mode [ 110.585730][ T6314] wg2: entered allmulticast mode [ 111.835475][ T785] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 111.995452][ T785] usb 3-1: device descriptor read/64, error -71 [ 112.281819][ T785] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 112.404749][ T6327] bridge0: port 3(syz_tun) entered blocking state [ 112.412567][ T6327] bridge0: port 3(syz_tun) entered disabled state [ 112.419633][ T6327] syz_tun: entered allmulticast mode [ 112.437315][ T6327] syz_tun: entered promiscuous mode [ 112.444212][ T6327] bridge0: port 3(syz_tun) entered blocking state [ 112.451118][ T6327] bridge0: port 3(syz_tun) entered forwarding state [ 112.463007][ T785] usb 3-1: device descriptor read/64, error -71 [ 112.502867][ T6328] bridge0: port 3(syz_tun) entered learning state [ 112.660908][ T6330] netlink: 40 bytes leftover after parsing attributes in process `syz.3.107'. [ 113.156413][ T785] usb usb3-port1: attempt power cycle [ 113.658651][ T785] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 113.710510][ T785] usb 3-1: device descriptor read/8, error -71 [ 113.811768][ T6340] loop0: detected capacity change from 0 to 256 [ 113.853058][ T6340] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 113.864132][ T6340] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 113.998403][ T6342] loop3: detected capacity change from 0 to 512 [ 114.179985][ T6342] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 114.265245][ T6340] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 114.311036][ T6342] EXT4-fs (loop3): 1 truncate cleaned up [ 114.326111][ T6342] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.365296][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.758187][ T6361] netlink: 40 bytes leftover after parsing attributes in process `syz.0.118'. [ 117.145196][ T6362] loop3: detected capacity change from 0 to 512 [ 117.161133][ T6362] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 118.936860][ T6371] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 118.945840][ T6371] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 118.954292][ T6371] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 119.555643][ T5852] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 119.806076][ T5852] usb 2-1: Using ep0 maxpacket: 16 [ 119.823846][ T5852] usb 2-1: config 0 has an invalid interface number: 64 but max is 0 [ 119.882226][ T6378] netlink: 'syz.2.122': attribute type 4 has an invalid length. [ 119.928578][ T5852] usb 2-1: config 0 has an invalid interface descriptor of length 8, skipping [ 120.135308][ T5852] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 120.245471][ T6379] netlink: 'syz.2.122': attribute type 4 has an invalid length. [ 120.410017][ T5843] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 120.535603][ T5852] usb 2-1: config 0 has no interface number 0 [ 120.542379][ T5852] usb 2-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.1e [ 120.553047][ T5852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.573233][ T5852] usb 2-1: config 0 descriptor?? [ 120.578421][ T5843] usb 4-1: device descriptor read/64, error -71 [ 120.581475][ T5852] usb 2-1: Found UVC 0.00 device (0bd3:0555) [ 120.595418][ T5852] usb 2-1: No valid video chain found. [ 120.628831][ T6383] loop2: detected capacity change from 0 to 256 [ 120.677695][ T6383] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.719232][ T6383] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 120.746540][ T6383] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 122.960977][ T5843] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 123.034220][ T5852] usb 2-1: USB disconnect, device number 3 [ 123.483313][ T6401] loop1: detected capacity change from 0 to 256 [ 123.790150][ T6406] loop0: detected capacity change from 0 to 512 [ 124.105821][ T6408] loop1: detected capacity change from 0 to 128 [ 124.541519][ T6406] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 124.701359][ T6406] EXT4-fs (loop0): 1 truncate cleaned up [ 124.715514][ T6406] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.647166][ T6418] netlink: 'syz.3.133': attribute type 4 has an invalid length. [ 126.662559][ T6418] netlink: 'syz.3.133': attribute type 4 has an invalid length. [ 127.926571][ C0] bridge0: port 3(syz_tun) entered forwarding state [ 128.450303][ T6426] loop3: detected capacity change from 0 to 256 [ 128.698252][ T6426] wg2: entered promiscuous mode [ 128.703248][ T6426] wg2: entered allmulticast mode [ 128.773093][ T5794] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.575630][ T6432] loop1: detected capacity change from 0 to 512 [ 130.582792][ T6432] EXT4-fs: Ignoring removed oldalloc option [ 130.767591][ T6432] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.136: dx entry: limit 1024 != root limit 124 [ 130.780097][ T6432] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.136: Corrupt directory, running e2fsck is recommended [ 130.804111][ T6432] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 130.814208][ T6432] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.136: corrupted in-inode xattr: invalid ea_ino [ 130.830299][ T6432] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.136: couldn't read orphan inode 15 (err -117) [ 130.865445][ T6432] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.300349][ T5843] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 131.705925][ T6439] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 131.714798][ T6439] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 131.723307][ T6439] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 132.308068][ T6410] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 132.896500][ T5796] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.025657][ T785] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 133.060881][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.067428][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.243681][ T785] usb 1-1: Using ep0 maxpacket: 16 [ 133.255594][ T785] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 133.269272][ T785] usb 1-1: config 0 has an invalid interface descriptor of length 8, skipping [ 133.280055][ T785] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 133.376775][ T6453] netlink: 'syz.1.143': attribute type 4 has an invalid length. [ 133.795439][ T6454] netlink: 'syz.1.143': attribute type 4 has an invalid length. [ 133.986000][ T785] usb 1-1: config 0 has no interface number 0 [ 134.012608][ T785] usb 1-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.1e [ 134.136645][ T785] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.158322][ T785] usb 1-1: config 0 descriptor?? [ 134.167859][ T785] usb 1-1: Found UVC 0.00 device (0bd3:0555) [ 134.185558][ T785] usb 1-1: No valid video chain found. [ 134.395471][ T785] usb 1-1: USB disconnect, device number 2 [ 134.552181][ T6461] loop1: detected capacity change from 0 to 512 [ 134.584291][ T6461] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 134.640483][ T6461] EXT4-fs (loop1): 1 truncate cleaned up [ 134.653812][ T6461] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.104846][ T6449] loop3: detected capacity change from 0 to 40427 [ 135.738787][ T6469] sch_fq: defrate 0 ignored. [ 137.385697][ T6449] F2FS-fs (loop3): invalid crc value [ 137.466753][ T6449] F2FS-fs (loop3): Failed to start F2FS issue_checkpoint_thread (-4) [ 138.126710][ T5796] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.276413][ T6483] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 138.585455][ T6164] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 138.906280][ T6164] usb 2-1: device descriptor read/64, error -71 [ 139.069422][ T6500] netlink: 'syz.0.154': attribute type 4 has an invalid length. [ 139.970139][ T6503] netlink: 'syz.3.155': attribute type 4 has an invalid length. [ 140.067665][ T6164] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 140.102307][ T6501] netlink: 'syz.3.155': attribute type 4 has an invalid length. [ 140.382355][ T6164] usb 2-1: device descriptor read/64, error -71 [ 140.578468][ T6164] usb usb2-port1: attempt power cycle [ 140.730829][ T6505] loop2: detected capacity change from 0 to 4096 [ 140.774296][ T6513] sch_fq: defrate 0 ignored. [ 141.026628][ T6505] EXT4-fs: Mount option(s) incompatible with ext3 [ 141.075749][ T6164] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 141.414616][ T6164] usb 2-1: device descriptor read/8, error -71 [ 141.881466][ T6507] loop0: detected capacity change from 0 to 40427 [ 141.974090][ T6507] F2FS-fs (loop0): invalid crc value [ 142.388165][ T6507] F2FS-fs (loop0): Found nat_bits in checkpoint [ 142.508888][ T6507] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 142.754142][ T5794] syz-executor: attempt to access beyond end of device [ 142.754142][ T5794] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 142.781982][ T5794] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 142.802988][ T5794] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 143.398984][ T6541] netlink: 'syz.1.166': attribute type 4 has an invalid length. [ 144.668126][ T6551] wg2: entered promiscuous mode [ 144.673037][ T6551] wg2: entered allmulticast mode [ 145.155560][ T6171] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 145.353226][ T6562] netlink: 40 bytes leftover after parsing attributes in process `syz.1.170'. [ 145.957959][ T6171] usb 3-1: device descriptor read/64, error -71 [ 146.226085][ T6171] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 147.105899][ T6171] usb 3-1: device descriptor read/64, error -71 [ 147.235788][ T6171] usb usb3-port1: attempt power cycle [ 147.985851][ T6579] loop1: detected capacity change from 0 to 4096 [ 148.015968][ T6579] EXT4-fs: Mount option(s) incompatible with ext3 [ 148.096761][ T6171] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 148.329916][ T6171] usb 3-1: device not accepting address 10, error -71 [ 148.734166][ T6576] syz.3.177[6576] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 148.734832][ T6576] syz.3.177[6576] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 148.803773][ T6590] loop3: detected capacity change from 0 to 128 [ 150.413107][ T6599] netlink: 40 bytes leftover after parsing attributes in process `syz.2.182'. [ 152.225687][ T6171] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 152.256025][ T6617] loop2: detected capacity change from 0 to 512 [ 152.295319][ T6617] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 152.331520][ T6617] EXT4-fs (loop2): 1 truncate cleaned up [ 152.342724][ T6617] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.434282][ T6621] netlink: 40 bytes leftover after parsing attributes in process `syz.1.187'. [ 152.937153][ T6171] usb 4-1: device descriptor read/64, error -71 [ 153.072385][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.124463][ T6623] futex_wake_op: syz.1.189 tries to shift op by -1; fix this program [ 153.189381][ T6625] netlink: 'syz.2.190': attribute type 4 has an invalid length. [ 153.225606][ T6171] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 153.247513][ T6626] netlink: 'syz.2.190': attribute type 4 has an invalid length. [ 153.400498][ T6171] usb 4-1: device descriptor read/64, error -71 [ 153.568418][ T6632] syz.1.191[6632] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 153.569094][ T6632] syz.1.191[6632] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 153.608432][ T6632] loop1: detected capacity change from 0 to 128 [ 154.274063][ T6634] loop2: detected capacity change from 0 to 1024 [ 154.337912][ T6634] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.446819][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 154.446835][ T27] audit: type=1800 audit(1758583326.761:305): pid=6634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.193" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 154.582565][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.765086][ T6171] usb usb4-port1: attempt power cycle [ 155.375079][ T6641] netlink: 40 bytes leftover after parsing attributes in process `syz.2.194'. [ 156.909806][ T6654] loop2: detected capacity change from 0 to 512 [ 156.917046][ T6654] EXT4-fs: Ignoring removed oldalloc option [ 157.044784][ T6657] netlink: 40 bytes leftover after parsing attributes in process `syz.3.198'. [ 158.236942][ T6654] EXT4-fs warning (device loop2): dx_probe:893: inode #2: comm syz.2.197: dx entry: limit 1024 != root limit 124 [ 158.249168][ T6654] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.197: Corrupt directory, running e2fsck is recommended [ 158.353292][ T6654] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 158.411663][ T6654] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.197: corrupted in-inode xattr: invalid ea_ino [ 158.443327][ T6654] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.197: couldn't read orphan inode 15 (err -117) [ 158.577666][ T6654] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.217101][ T6659] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 159.710033][ T6664] loop3: detected capacity change from 0 to 512 [ 160.786149][ T6664] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 162.286873][ T6664] EXT4-fs: error -4 creating inode table initialization thread [ 162.295102][ T6664] EXT4-fs (loop3): mount failed [ 162.656073][ T6671] netlink: 'syz.1.201': attribute type 4 has an invalid length. [ 162.682212][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.705988][ T6672] netlink: 'syz.1.201': attribute type 4 has an invalid length. [ 163.858594][ T6684] netlink: 40 bytes leftover after parsing attributes in process `syz.2.205'. [ 163.885460][ T6687] netlink: 40 bytes leftover after parsing attributes in process `syz.1.204'. [ 165.684745][ T6706] netlink: 96 bytes leftover after parsing attributes in process `syz.3.210'. [ 166.603291][ T6710] gretap0: entered promiscuous mode [ 166.612697][ T6710] vlan2: entered promiscuous mode [ 167.071039][ T6712] netlink: 'syz.3.212': attribute type 4 has an invalid length. [ 167.177097][ T6713] loop1: detected capacity change from 0 to 512 [ 167.235732][ T6713] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 167.445253][ T6713] EXT4-fs (loop1): 1 truncate cleaned up [ 167.458720][ T6713] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.815452][ T6716] netlink: 'syz.3.212': attribute type 4 has an invalid length. [ 168.349438][ T6725] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 168.358374][ T6725] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 168.366907][ T6725] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 169.490236][ T6734] netlink: 40 bytes leftover after parsing attributes in process `syz.3.216'. [ 170.150180][ T5796] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.654876][ T6746] netlink: 'syz.1.217': attribute type 4 has an invalid length. [ 170.934069][ T6747] netlink: 'syz.1.217': attribute type 4 has an invalid length. [ 171.530780][ T6731] loop2: detected capacity change from 0 to 40427 [ 171.546385][ T6731] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 171.568188][ T6731] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 171.600833][ T6731] F2FS-fs (loop2): invalid crc value [ 171.635251][ T6731] F2FS-fs (loop2): Found nat_bits in checkpoint [ 171.765497][ T6731] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 171.772581][ T6731] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 172.323636][ T6773] netlink: 'syz.2.225': attribute type 4 has an invalid length. [ 173.073102][ T6777] netlink: 40 bytes leftover after parsing attributes in process `syz.3.227'. [ 173.106000][ T6774] netlink: 'syz.2.225': attribute type 4 has an invalid length. [ 173.594261][ T6781] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 173.732983][ T6784] netlink: 40 bytes leftover after parsing attributes in process `syz.2.228'. [ 175.226238][ T6796] netlink: 'syz.3.230': attribute type 4 has an invalid length. [ 175.266160][ T6798] netlink: 'syz.3.230': attribute type 4 has an invalid length. [ 175.447619][ T6795] netlink: 'syz.2.233': attribute type 4 has an invalid length. [ 175.490951][ T6795] netlink: 'syz.2.233': attribute type 4 has an invalid length. [ 176.386624][ T6815] netlink: 40 bytes leftover after parsing attributes in process `syz.2.238'. [ 177.305159][ T6832] syz.2.243 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 177.374702][ T6833] netlink: 40 bytes leftover after parsing attributes in process `syz.1.240'. [ 178.209854][ T6834] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 180.393467][ T6861] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 180.402706][ T6861] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 180.411307][ T6861] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 181.125893][ T6863] netlink: 40 bytes leftover after parsing attributes in process `syz.2.249'. [ 182.508234][ T6877] netlink: 40 bytes leftover after parsing attributes in process `syz.2.254'. [ 183.514054][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 184.917956][ T6903] loop3: detected capacity change from 0 to 1024 [ 184.925261][ T6903] EXT4-fs: Ignoring removed i_version option [ 184.983121][ T6903] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 185.092050][ T6903] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:478: comm syz.3.259: Invalid block bitmap block 0 in block_group 0 [ 185.133681][ T6903] Quota error (device loop3): write_blk: dquota write failed [ 185.173713][ T6903] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 185.206070][ T6903] EXT4-fs error (device loop3): ext4_acquire_dquot:6940: comm syz.3.259: Failed to acquire dquot type 0 [ 185.220370][ T6908] 9pnet_fd: Insufficient options for proto=fd [ 185.240862][ T6903] EXT4-fs error (device loop3): ext4_free_blocks:6676: comm syz.3.259: Freeing blocks not in datazone - block = 0, count = 4096 [ 185.307552][ T6903] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.259: Invalid inode bitmap blk 0 in block_group 0 [ 185.325270][ T6898] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-8 [ 185.344109][ T6898] EXT4-fs error (device loop3): ext4_release_dquot:6976: comm kworker/u4:25: Failed to release dquot type 0 [ 185.422032][ T6903] EXT4-fs error (device loop3) in ext4_free_inode:363: Corrupt filesystem [ 185.442112][ T6903] EXT4-fs (loop3): 1 orphan inode deleted [ 185.456617][ T6903] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.693117][ T6918] netlink: 'syz.1.263': attribute type 4 has an invalid length. [ 185.948686][ T6919] netlink: 'syz.1.263': attribute type 4 has an invalid length. [ 186.306544][ T6902] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.544385][ T6924] netlink: 20 bytes leftover after parsing attributes in process `syz.1.265'. [ 186.817973][ T6929] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 186.826757][ T6929] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 186.835034][ T6929] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 187.564666][ T6933] netlink: 40 bytes leftover after parsing attributes in process `syz.3.266'. [ 187.905970][ T6166] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 188.270925][ T6166] usb 1-1: Using ep0 maxpacket: 16 [ 188.290070][ T6166] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 188.298529][ T6166] usb 1-1: config 0 has an invalid interface descriptor of length 8, skipping [ 188.307751][ T6166] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 188.318255][ T6166] usb 1-1: config 0 has no interface number 0 [ 188.416062][ T6166] usb 1-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.1e [ 188.553870][ T6166] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.756071][ T6166] usb 1-1: config 0 descriptor?? [ 188.880105][ T6166] usb 1-1: Found UVC 0.00 device (0bd3:0555) [ 188.887684][ T6166] usb 1-1: No valid video chain found. [ 190.008724][ T6958] netlink: 20 bytes leftover after parsing attributes in process `syz.3.275'. [ 190.195964][ T9] usb 1-1: USB disconnect, device number 3 [ 190.355526][ T6171] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 190.562220][ T6171] usb 2-1: Using ep0 maxpacket: 16 [ 190.574212][ T6171] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 190.597203][ T6171] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 190.618563][ T6171] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.635821][ T6171] usb 2-1: Product: syz [ 190.645673][ T6171] usb 2-1: Manufacturer: syz [ 190.655378][ T6171] usb 2-1: SerialNumber: syz [ 190.755005][ T6968] netlink: 40 bytes leftover after parsing attributes in process `syz.3.279'. [ 191.267302][ T6171] usb 2-1: config 0 descriptor?? [ 191.450399][ T6954] Bluetooth: hci1: command 0x0406 tx timeout [ 191.457114][ T6954] Bluetooth: hci0: command 0x0406 tx timeout [ 191.463980][ T5789] Bluetooth: hci2: command 0x0406 tx timeout [ 191.525446][ T5102] Bluetooth: hci3: command 0x0406 tx timeout [ 192.549968][ T6984] syz.0.283: attempt to access beyond end of device [ 192.549968][ T6984] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 192.562826][ T6984] FAT-fs (loop1): unable to read boot sector [ 192.982093][ T6993] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 192.991049][ T6993] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 192.999883][ T6993] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 193.325772][ T6171] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 193.543465][ T785] usb 2-1: USB disconnect, device number 8 [ 193.605501][ T6171] usb 1-1: Using ep0 maxpacket: 16 [ 193.615190][ T6171] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 193.639963][ T6171] usb 1-1: config 0 has an invalid interface descriptor of length 8, skipping [ 193.658388][ T6171] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.668755][ T6171] usb 1-1: config 0 has no interface number 0 [ 193.674921][ T6171] usb 1-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.1e [ 193.695205][ T6171] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.730624][ T6171] usb 1-1: config 0 descriptor?? [ 193.741624][ T6171] usb 1-1: Found UVC 0.00 device (0bd3:0555) [ 193.755461][ T6171] usb 1-1: No valid video chain found. [ 194.527003][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.591954][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.940728][ T7009] netlink: 40 bytes leftover after parsing attributes in process `syz.1.289'. [ 196.275485][ T27] audit: type=1326 audit(1758583368.021:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.2.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 196.306842][ T5852] usb 1-1: USB disconnect, device number 4 [ 196.410585][ T27] audit: type=1326 audit(1758583368.021:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.2.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 196.485896][ T27] audit: type=1326 audit(1758583368.021:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.2.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 196.545462][ T27] audit: type=1326 audit(1758583368.021:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.2.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 196.595531][ T27] audit: type=1326 audit(1758583368.021:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.2.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x7ffc0000 [ 197.129328][ T7027] 9pnet_fd: Insufficient options for proto=fd [ 197.305687][ T6171] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 197.496036][ T6171] usb 3-1: Using ep0 maxpacket: 16 [ 197.507430][ T6171] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.528179][ T6171] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 197.567685][ T6171] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 197.585706][ T6171] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.612397][ T6171] usb 3-1: Product: syz [ 197.625371][ T6171] usb 3-1: Manufacturer: syz [ 197.630016][ T6171] usb 3-1: SerialNumber: syz [ 197.677135][ T6171] usb 3-1: config 0 descriptor?? [ 197.808446][ T7039] netlink: 'syz.0.298': attribute type 4 has an invalid length. [ 197.820591][ T7039] netlink: 'syz.0.298': attribute type 4 has an invalid length. [ 198.555966][ T7045] loop0: detected capacity change from 0 to 512 [ 198.568657][ T7045] EXT4-fs (loop0): Test dummy encryption mode enabled [ 198.581386][ T7045] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 198.727254][ T7045] EXT4-fs (loop0): 1 truncate cleaned up [ 198.756796][ T7045] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 198.861180][ T7050] netlink: 40 bytes leftover after parsing attributes in process `syz.1.302'. [ 199.637706][ T6171] usb 3-1: USB disconnect, device number 12 [ 200.556230][ T5794] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.888815][ T7062] netlink: 40 bytes leftover after parsing attributes in process `syz.2.312'. [ 201.947030][ T7058] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 202.184252][ T7058] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 202.319779][ T7058] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 202.328860][ T6171] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 202.611279][ T6171] usb 2-1: Using ep0 maxpacket: 16 [ 202.649316][ T6171] usb 2-1: config 0 has an invalid interface number: 64 but max is 0 [ 202.685775][ T6171] usb 2-1: config 0 has an invalid interface descriptor of length 8, skipping [ 202.708341][ T6171] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 202.747342][ T6171] usb 2-1: config 0 has no interface number 0 [ 202.775631][ T6171] usb 2-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.1e [ 202.784701][ T6171] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.830096][ T6171] usb 2-1: config 0 descriptor?? [ 202.862931][ T6171] usb 2-1: Found UVC 0.00 device (0bd3:0555) [ 202.885968][ T6171] usb 2-1: No valid video chain found. [ 203.042085][ T7064] loop0: detected capacity change from 0 to 40427 [ 203.073256][ T7064] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 203.105752][ T7064] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 203.143964][ T7064] F2FS-fs (loop0): invalid crc value [ 203.187613][ T7064] F2FS-fs (loop0): Found nat_bits in checkpoint [ 203.320795][ T7064] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 203.340191][ T7064] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 204.165644][ T5843] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 204.174254][ T6171] usb 2-1: USB disconnect, device number 9 [ 204.365471][ T5843] usb 1-1: Using ep0 maxpacket: 16 [ 204.374850][ T5843] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 204.393766][ T5843] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 204.410570][ T5843] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 204.424223][ T5843] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.432889][ T5843] usb 1-1: Product: syz [ 204.441817][ T5843] usb 1-1: Manufacturer: syz [ 204.447059][ T5843] usb 1-1: SerialNumber: syz [ 204.458529][ T5843] usb 1-1: config 0 descriptor?? [ 204.708228][ T7110] netlink: 'syz.1.320': attribute type 4 has an invalid length. [ 204.991993][ T7111] netlink: 'syz.1.320': attribute type 4 has an invalid length. [ 205.537519][ T27] audit: type=1326 audit(1758583377.851:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7113 comm="syz.2.322" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab5c18eec9 code=0x0 [ 206.526101][ T7129] netlink: 'syz.1.325': attribute type 4 has an invalid length. [ 206.731508][ T7132] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 206.740305][ T7132] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 206.748682][ T7132] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 208.035756][ T6164] usb 1-1: USB disconnect, device number 5 [ 208.658986][ T7149] netlink: 'syz.0.332': attribute type 4 has an invalid length. [ 209.207340][ T7152] syz.1.331[7152] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 209.207479][ T7152] syz.1.331[7152] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 209.223480][ T7152] loop1: detected capacity change from 0 to 128 [ 209.686827][ T7150] netlink: 'syz.0.332': attribute type 4 has an invalid length. [ 211.517098][ T7163] loop1: detected capacity change from 0 to 128 [ 211.606408][ T27] audit: type=1326 audit(1758583384.923:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 211.665436][ T27] audit: type=1326 audit(1758583384.923:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 211.718871][ T27] audit: type=1326 audit(1758583384.963:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe37338d710 code=0x7ffc0000 [ 211.734116][ T7169] syz.1.336: attempt to access beyond end of device [ 211.734116][ T7169] loop1: rw=2049, sector=145, nr_sectors = 552 limit=128 [ 211.770256][ T27] audit: type=1326 audit(1758583384.963:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 211.809342][ T27] audit: type=1326 audit(1758583384.963:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 211.848848][ T27] audit: type=1326 audit(1758583384.963:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 211.890416][ T27] audit: type=1326 audit(1758583384.963:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 211.915447][ T27] audit: type=1326 audit(1758583384.963:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 211.974136][ T27] audit: type=1326 audit(1758583384.963:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe37338d710 code=0x7ffc0000 [ 212.005693][ T27] audit: type=1326 audit(1758583384.963:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 212.009803][ T7163] syz.1.336: attempt to access beyond end of device [ 212.009803][ T7163] loop1: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 212.089108][ T7163] syz.1.336: attempt to access beyond end of device [ 212.089108][ T7163] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 212.125542][ T7163] syz.1.336: attempt to access beyond end of device [ 212.125542][ T7163] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 212.165559][ T7163] syz.1.336: attempt to access beyond end of device [ 212.165559][ T7163] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 212.184346][ T7163] syz.1.336: attempt to access beyond end of device [ 212.184346][ T7163] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 212.202136][ T7163] syz.1.336: attempt to access beyond end of device [ 212.202136][ T7163] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 212.235723][ T7163] syz.1.336: attempt to access beyond end of device [ 212.235723][ T7163] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 212.263508][ T7157] loop0: detected capacity change from 0 to 40427 [ 212.266252][ T7163] syz.1.336: attempt to access beyond end of device [ 212.266252][ T7163] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 212.299802][ T7157] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 212.307629][ T7163] syz.1.336: attempt to access beyond end of device [ 212.307629][ T7163] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 212.345440][ T7157] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 212.421192][ T7157] F2FS-fs (loop0): invalid crc value [ 212.568285][ T7157] F2FS-fs (loop0): Found nat_bits in checkpoint [ 212.647125][ T7183] netlink: 'syz.2.342': attribute type 4 has an invalid length. [ 213.491644][ T7191] loop1: detected capacity change from 0 to 512 [ 213.536656][ T7191] EXT4-fs: Ignoring removed oldalloc option [ 213.590654][ T7191] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.344: dx entry: limit 1024 != root limit 124 [ 213.626939][ T7191] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.344: Corrupt directory, running e2fsck is recommended [ 213.648757][ T7191] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 213.662282][ T7191] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.344: corrupted in-inode xattr: invalid ea_ino [ 213.683860][ T7191] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.344: couldn't read orphan inode 15 (err -117) [ 213.702256][ T7191] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.882724][ T7197] netlink: 'syz.0.345': attribute type 4 has an invalid length. [ 214.054143][ T5796] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.025543][ T5852] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 216.091300][ T7219] netlink: 'syz.2.351': attribute type 4 has an invalid length. [ 216.215667][ T5852] usb 2-1: Using ep0 maxpacket: 16 [ 216.264171][ T5852] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 216.534782][ T5852] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 216.763088][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.785411][ T5852] usb 2-1: Product: syz [ 216.790076][ T5852] usb 2-1: Manufacturer: syz [ 216.816322][ T5852] usb 2-1: SerialNumber: syz [ 217.006739][ T7225] loop0: detected capacity change from 0 to 4096 [ 217.025736][ T5852] usb 2-1: config 0 descriptor?? [ 217.039556][ T7225] EXT4-fs: Mount option(s) incompatible with ext3 [ 218.854822][ T6163] usb 2-1: USB disconnect, device number 10 [ 220.261391][ T7255] loop0: detected capacity change from 0 to 512 [ 220.269202][ T7255] ext4: Unknown parameter 'euid<00000000000000000000' [ 220.361038][ T6396] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 221.591454][ T7259] netlink: 'syz.3.361': attribute type 4 has an invalid length. [ 222.780158][ T7265] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 223.769350][ T7264] loop2: detected capacity change from 0 to 256 [ 224.059182][ T7262] kthread_run failed with err -4 [ 224.235114][ T7270] loop1: detected capacity change from 0 to 512 [ 224.249599][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 224.249613][ T27] audit: type=1326 audit(1758583398.555:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 224.389427][ T27] audit: type=1326 audit(1758583398.555:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe37338d710 code=0x7ffc0000 [ 224.434499][ T27] audit: type=1326 audit(1758583398.555:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 224.500768][ T7270] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 224.521799][ T27] audit: type=1326 audit(1758583398.555:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 225.345512][ T27] audit: type=1326 audit(1758583398.555:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 225.986021][ T7279] overlayfs: missing 'lowerdir' [ 226.439384][ T27] audit: type=1326 audit(1758583398.555:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 226.587308][ T5796] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.600326][ T27] audit: type=1326 audit(1758583398.555:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 226.643726][ T27] audit: type=1326 audit(1758583398.555:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 228.343362][ T27] audit: type=1326 audit(1758583398.555:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 228.697397][ T27] audit: type=1326 audit(1758583398.555:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe37338d710 code=0x7ffc0000 [ 229.203504][ T7297] overlayfs: failed to resolve './file1': -2 [ 230.363539][ T27] audit: type=1326 audit(1758583398.555:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 230.492236][ T27] audit: type=1326 audit(1758583398.555:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 230.544480][ T27] audit: type=1326 audit(1758583398.555:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 230.571585][ T27] audit: type=1326 audit(1758583398.555:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 230.801427][ T27] audit: type=1326 audit(1758583398.565:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe37338d710 code=0x7ffc0000 [ 230.828871][ T27] audit: type=1326 audit(1758583398.565:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 230.954810][ T7309] netlink: 40 bytes leftover after parsing attributes in process `syz.2.373'. [ 231.103093][ T27] audit: type=1326 audit(1758583398.565:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 231.192782][ T27] audit: type=1326 audit(1758583398.565:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 231.249458][ T7311] Driver unsupported XDP return value 0 on prog (id 154) dev N/A, expect packet loss! [ 231.377695][ T27] audit: type=1326 audit(1758583398.565:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 231.451679][ T27] audit: type=1326 audit(1758583398.565:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.3.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 232.507935][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 232.715513][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 232.730749][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 232.751120][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 232.762208][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.774084][ T9] usb 1-1: Product: syz [ 232.779797][ T9] usb 1-1: Manufacturer: syz [ 232.784523][ T9] usb 1-1: SerialNumber: syz [ 232.803191][ T9] usb 1-1: config 0 descriptor?? [ 233.294963][ T7332] loop2: detected capacity change from 0 to 4096 [ 233.348135][ T7332] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 4398046511106)! [ 233.369706][ T7332] EXT4-fs (loop2): group descriptors corrupted! [ 235.345100][ T7352] netlink: 40 bytes leftover after parsing attributes in process `syz.3.384'. [ 236.068330][ T6164] usb 1-1: USB disconnect, device number 6 [ 237.128450][ T7358] loop1: detected capacity change from 0 to 512 [ 237.136331][ T7358] EXT4-fs: Ignoring removed oldalloc option [ 237.225807][ T7358] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.385: dx entry: limit 1024 != root limit 124 [ 237.238305][ T7358] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.385: Corrupt directory, running e2fsck is recommended [ 237.264346][ T7358] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 237.280267][ T7358] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.385: corrupted in-inode xattr: invalid ea_ino [ 237.297285][ T7358] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.385: couldn't read orphan inode 15 (err -117) [ 237.316394][ T7358] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 237.426178][ T7360] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 238.233155][ T7363] loop0: detected capacity change from 0 to 2048 [ 240.657794][ T7363] EXT4-fs warning (device loop0): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop0. [ 241.615662][ T7374] loop2: detected capacity change from 0 to 4096 [ 241.855751][ T7374] EXT4-fs: Mount option(s) incompatible with ext3 [ 241.998450][ T7377] netlink: 40 bytes leftover after parsing attributes in process `syz.3.388'. [ 242.089623][ T5796] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.446746][ T7382] netlink: 28 bytes leftover after parsing attributes in process `syz.0.391'. [ 242.478073][ T7382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.391'. [ 242.543143][ T7385] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.390'. [ 243.696599][ T7402] netlink: 40 bytes leftover after parsing attributes in process `syz.1.396'. [ 243.849387][ T6164] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 244.125644][ T6164] usb 3-1: Using ep0 maxpacket: 16 [ 244.216582][ T6164] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 244.339963][ T6164] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 244.379229][ T6164] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.392137][ T6164] usb 3-1: Product: syz [ 244.396619][ T6164] usb 3-1: Manufacturer: syz [ 244.402137][ T6164] usb 3-1: SerialNumber: syz [ 244.416305][ T6164] usb 3-1: config 0 descriptor?? [ 245.016010][ T7410] netlink: 40 bytes leftover after parsing attributes in process `syz.1.400'. [ 246.872838][ T7412] loop0: detected capacity change from 0 to 512 [ 247.174990][ T5843] usb 3-1: USB disconnect, device number 13 [ 247.325391][ T7412] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.464541][ T7422] overlayfs: missing 'lowerdir' [ 249.548375][ T7426] loop2: detected capacity change from 0 to 512 [ 250.787901][ T7426] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 251.835913][ T7426] EXT4-fs: error -4 creating inode table initialization thread [ 251.836237][ T7426] EXT4-fs (loop2): mount failed [ 251.917641][ T7423] tty tty21: ldisc open failed (-12), clearing slot 20 [ 252.151111][ T5794] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.032685][ T7440] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.405'. [ 253.285657][ T5872] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 254.714432][ T27] audit: type=1326 audit(1758583428.995:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7445 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 255.073593][ T27] audit: type=1326 audit(1758583428.995:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7445 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 255.174670][ T27] audit: type=1326 audit(1758583429.005:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7445 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 255.251904][ T5872] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 255.272115][ T5872] usb 1-1: config 1 has no interface number 0 [ 255.283366][ T5872] usb 1-1: config 1 interface 105 has no altsetting 0 [ 255.314139][ T27] audit: type=1326 audit(1758583429.005:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7445 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 255.377061][ T5872] usb 1-1: string descriptor 0 read error: -71 [ 255.415561][ T5872] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 255.431998][ T27] audit: type=1326 audit(1758583429.005:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7445 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 255.484847][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.519908][ T27] audit: type=1326 audit(1758583429.005:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7445 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 255.930340][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.937167][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.942158][ T7461] netlink: 'syz.2.411': attribute type 4 has an invalid length. [ 255.946601][ T27] audit: type=1326 audit(1758583429.015:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7445 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 256.065383][ T7463] netlink: 40 bytes leftover after parsing attributes in process `syz.1.409'. [ 256.378622][ T7462] netlink: 'syz.2.411': attribute type 4 has an invalid length. [ 256.384296][ T5872] usb 1-1: can't set config #1, error -71 [ 256.435600][ T27] audit: type=1326 audit(1758583429.015:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7445 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37338eec9 code=0x7ffc0000 [ 256.487309][ T5872] usb 1-1: USB disconnect, device number 7 [ 256.599870][ T7459] netlink: 28 bytes leftover after parsing attributes in process `syz.0.412'. [ 256.788483][ T7472] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.415'. [ 256.958366][ T7475] loop0: detected capacity change from 0 to 1024 [ 256.991218][ T7475] EXT4-fs: Ignoring removed orlov option [ 257.023510][ T7475] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 257.519647][ T7475] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.575838][ T7479] loop2: detected capacity change from 0 to 4096 [ 257.672690][ T7479] EXT4-fs: Mount option(s) incompatible with ext3 [ 258.509716][ T5794] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.642112][ T7489] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 258.651867][ T7489] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 258.661115][ T7489] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 258.670302][ T7489] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 258.679485][ T7489] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 258.688680][ T7489] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 258.697862][ T7489] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 258.707035][ T7489] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 258.716230][ T7489] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 258.725433][ T7489] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 259.139307][ T7498] netlink: 28 bytes leftover after parsing attributes in process `syz.0.423'. [ 259.496568][ T7504] netlink: 40 bytes leftover after parsing attributes in process `syz.1.422'. [ 260.216546][ T7506] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.425'. [ 260.647305][ T7515] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 260.659185][ T7515] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 262.942733][ T7531] loop2: detected capacity change from 0 to 1024 [ 262.978073][ T7531] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 263.179867][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.422859][ T7545] netlink: 40 bytes leftover after parsing attributes in process `syz.3.435'. [ 265.315607][ T7556] netlink: 28 bytes leftover after parsing attributes in process `syz.3.439'. [ 265.478031][ T7558] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 265.489964][ T7558] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 267.231978][ T7567] netlink: 8 bytes leftover after parsing attributes in process `syz.3.442'. [ 267.241753][ T7567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.442'. [ 267.257945][ T7567] macsec1: entered promiscuous mode [ 267.263197][ T7567] gretap0: entered promiscuous mode [ 267.268640][ T7567] macsec1: entered allmulticast mode [ 267.273944][ T7567] gretap0: entered allmulticast mode [ 267.436955][ T7569] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 267.449416][ T7569] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 268.858427][ T7578] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 268.865262][ T7578] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 268.879005][ T7578] vhci_hcd vhci_hcd.0: Device attached [ 268.891826][ T7578] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 268.908768][ T7578] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 268.922549][ T7579] vhci_hcd: connection closed [ 268.925171][ T6899] vhci_hcd: stop threads [ 268.939253][ T6899] vhci_hcd: release socket [ 268.943797][ T6899] vhci_hcd: disconnect device [ 269.280491][ T5843] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 269.465469][ T5843] usb 1-1: device descriptor read/64, error -71 [ 269.545453][ T6164] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 269.745543][ T5843] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 269.853604][ T6164] usb 2-1: config 0 interface 0 altsetting 252 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.865390][ T6164] usb 2-1: config 0 interface 0 has no altsetting 0 [ 269.873074][ T6164] usb 2-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 269.883453][ T6164] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.893362][ T6164] usb 2-1: config 0 descriptor?? [ 269.915603][ T5843] usb 1-1: device descriptor read/64, error -71 [ 270.023713][ T7596] netlink: 40 bytes leftover after parsing attributes in process `syz.3.451'. [ 270.565818][ T5843] usb usb1-port1: attempt power cycle [ 271.146774][ T6164] hid-u2fzero 0003:20A0:4287.0001: hidraw0: USB HID v0.00 Device [HID 20a0:4287] on usb-dummy_hcd.1-1/input0 [ 271.397298][ T5843] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 271.437500][ T6164] hid-u2fzero 0003:20A0:4287.0001: NitroKey U2F LED initialised [ 271.455372][ T6164] general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN [ 271.461147][ T5843] usb 1-1: device descriptor read/8, error -71 [ 271.467105][ T6164] KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af] [ 271.467132][ T6164] CPU: 1 PID: 6164 Comm: kworker/1:15 Not tainted syzkaller #0 [ 271.489233][ T6164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 271.499311][ T6164] Workqueue: usb_hub_wq hub_event [ 271.504387][ T6164] RIP: 0010:u2fzero_rng_read+0x233/0x630 [ 271.510049][ T6164] Code: 10 42 80 3c 38 00 74 08 48 89 df e8 07 49 f9 f9 41 bf a8 00 00 00 4c 03 3b 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 7f 49 f9 f9 48 8d 44 24 60 49 89 07 [ 271.529674][ T6164] RSP: 0018:ffffc9000c356780 EFLAGS: 00010202 [ 271.535750][ T6164] RAX: 0000000000000015 RBX: ffff88805948f030 RCX: dffffc0000000000 [ 271.543731][ T6164] RDX: 0000000000000000 RSI: ffffc9000c3568a0 RDI: ffff8880256e2968 [ 271.551718][ T6164] RBP: ffffc9000c356998 R08: 0000000000000000 R09: 0000000000000000 [ 271.559779][ T6164] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805948f300 [ 271.567755][ T6164] R13: 1ffff9200186acf8 R14: ffff88805948f418 R15: 00000000000000a8 [ 271.575727][ T6164] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 271.584650][ T6164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 271.591218][ T6164] CR2: 000055b339a0a6d8 CR3: 000000001aafa000 CR4: 00000000003506e0 [ 271.599186][ T6164] Call Trace: [ 271.602455][ T6164] [ 271.605378][ T6164] ? u2fzero_brightness_set+0x2a0/0x2a0 [ 271.610924][ T6164] ? add_early_randomness+0x1e/0x1a0 [ 271.616631][ T6164] ? mutex_unlock+0x10/0x10 [ 271.621138][ T6164] ? u2fzero_brightness_set+0x2a0/0x2a0 [ 271.626675][ T6164] add_early_randomness+0x7a/0x1a0 [ 271.631776][ T6164] hwrng_register+0x3db/0x4a0 [ 271.636440][ T6164] devm_hwrng_register+0x47/0xb0 [ 271.641366][ T6164] u2fzero_probe+0x348/0x460 [ 271.645950][ T6164] hid_device_probe+0x293/0x5b0 [ 271.650812][ T6164] ? hid_uevent+0x350/0x350 [ 271.655316][ T6164] really_probe+0x25b/0xb40 [ 271.659818][ T6164] ? pm_runtime_barrier+0x14b/0x1c0 [ 271.665021][ T6164] __driver_probe_device+0x18c/0x330 [ 271.670302][ T6164] driver_probe_device+0x4f/0x420 [ 271.675320][ T6164] __device_attach_driver+0x2ca/0x520 [ 271.680685][ T6164] bus_for_each_drv+0x24b/0x2d0 [ 271.685523][ T6164] ? coredump_store+0x90/0x90 [ 271.690184][ T6164] ? bus_find_device+0x320/0x320 [ 271.695130][ T6164] __device_attach+0x2b5/0x400 [ 271.699896][ T6164] ? device_attach+0x20/0x20 [ 271.704486][ T6164] ? preempt_schedule_thunk+0x1a/0x30 [ 271.709948][ T6164] bus_probe_device+0x180/0x260 [ 271.714797][ T6164] device_add+0x85b/0xc20 [ 271.719126][ T6164] hid_add_device+0x38d/0x530 [ 271.723801][ T6164] usbhid_probe+0xe02/0x1220 [ 271.728388][ T6164] usb_probe_interface+0x5a4/0xb00 [ 271.733496][ T6164] ? usb_register_driver+0x3d0/0x3d0 [ 271.738879][ T6164] really_probe+0x25b/0xb40 [ 271.743380][ T6164] ? pm_runtime_barrier+0x14b/0x1c0 [ 271.748566][ T6164] __driver_probe_device+0x18c/0x330 [ 271.753839][ T6164] driver_probe_device+0x4f/0x420 [ 271.758853][ T6164] __device_attach_driver+0x2ca/0x520 [ 271.764215][ T6164] bus_for_each_drv+0x24b/0x2d0 [ 271.769062][ T6164] ? coredump_store+0x90/0x90 [ 271.773729][ T6164] ? bus_find_device+0x320/0x320 [ 271.778652][ T6164] __device_attach+0x2b5/0x400 [ 271.783401][ T6164] ? device_attach+0x20/0x20 [ 271.787977][ T6164] ? __kmem_cache_free+0xba/0x1f0 [ 271.792992][ T6164] ? do_raw_spin_unlock+0x121/0x230 [ 271.798201][ T6164] bus_probe_device+0x180/0x260 [ 271.803054][ T6164] device_add+0x85b/0xc20 [ 271.807380][ T6164] usb_set_configuration+0x1a79/0x20c0 [ 271.812845][ T6164] usb_generic_driver_probe+0x8d/0x150 [ 271.818307][ T6164] usb_probe_device+0x13d/0x280 [ 271.823158][ T6164] ? usb_register_device_driver+0x230/0x230 [ 271.829041][ T6164] really_probe+0x25b/0xb40 [ 271.833537][ T6164] ? pm_runtime_barrier+0x14b/0x1c0 [ 271.838744][ T6164] __driver_probe_device+0x18c/0x330 [ 271.844045][ T6164] driver_probe_device+0x4f/0x420 [ 271.849081][ T6164] __device_attach_driver+0x2ca/0x520 [ 271.854445][ T6164] bus_for_each_drv+0x24b/0x2d0 [ 271.859303][ T6164] ? coredump_store+0x90/0x90 [ 271.863980][ T6164] ? bus_find_device+0x320/0x320 [ 271.868913][ T6164] __device_attach+0x2b5/0x400 [ 271.873672][ T6164] ? device_attach+0x20/0x20 [ 271.878254][ T6164] ? __kmem_cache_free+0xba/0x1f0 [ 271.883277][ T6164] ? do_raw_spin_unlock+0x121/0x230 [ 271.888470][ T6164] bus_probe_device+0x180/0x260 [ 271.893348][ T6164] device_add+0x85b/0xc20 [ 271.897696][ T6164] usb_new_device+0xa31/0x1630 [ 271.902474][ T6164] ? usb_disconnect+0x8a0/0x8a0 [ 271.907318][ T6164] ? _raw_spin_unlock_irq+0x23/0x50 [ 271.912528][ T6164] ? lockdep_hardirqs_on+0x98/0x150 [ 271.917775][ T6164] hub_event+0x2962/0x49c0 [ 271.922203][ T6164] ? hub_post_resume+0x120/0x120 [ 271.927131][ T6164] ? read_lock_is_recursive+0x20/0x20 [ 271.932503][ T6164] ? _raw_spin_unlock_irq+0x23/0x50 [ 271.937688][ T6164] ? process_scheduled_works+0x957/0x15b0 [ 271.943407][ T6164] ? process_scheduled_works+0x957/0x15b0 [ 271.949114][ T6164] process_scheduled_works+0xa45/0x15b0 [ 271.954655][ T6164] ? assign_work+0x400/0x400 [ 271.959245][ T6164] ? assign_work+0x39e/0x400 [ 271.963823][ T6164] worker_thread+0xa55/0xfc0 [ 271.968590][ T6164] kthread+0x2fa/0x390 [ 271.972644][ T6164] ? pr_cont_work+0x560/0x560 [ 271.977309][ T6164] ? kthread_blkcg+0xd0/0xd0 [ 271.981884][ T6164] ret_from_fork+0x48/0x80 [ 271.986293][ T6164] ? kthread_blkcg+0xd0/0xd0 [ 271.990869][ T6164] ret_from_fork_asm+0x11/0x20 [ 271.995630][ T6164] [ 271.998645][ T6164] Modules linked in: [ 272.134559][ T6164] ---[ end trace 0000000000000000 ]--- [ 272.140581][ T6164] RIP: 0010:u2fzero_rng_read+0x233/0x630 [ 272.148389][ T6164] Code: 10 42 80 3c 38 00 74 08 48 89 df e8 07 49 f9 f9 41 bf a8 00 00 00 4c 03 3b 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 7f 49 f9 f9 48 8d 44 24 60 49 89 07 [ 272.169630][ T6164] RSP: 0018:ffffc9000c356780 EFLAGS: 00010202 [ 272.175774][ T6164] RAX: 0000000000000015 RBX: ffff88805948f030 RCX: dffffc0000000000 [ 272.183775][ T6164] RDX: 0000000000000000 RSI: ffffc9000c3568a0 RDI: ffff8880256e2968 [ 272.191914][ T6164] RBP: ffffc9000c356998 R08: 0000000000000000 R09: 0000000000000000 [ 272.200047][ T6164] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805948f300 [ 272.226653][ T6164] R13: 1ffff9200186acf8 R14: ffff88805948f418 R15: 00000000000000a8 [ 272.262264][ T7610] netlink: 'syz.2.454': attribute type 4 has an invalid length. [ 272.366890][ T7611] netlink: 'syz.2.454': attribute type 4 has an invalid length. [ 272.415589][ T6164] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 272.628571][ T6164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 272.635254][ T6164] CR2: 000000110c32124f CR3: 0000000024d7b000 CR4: 00000000003506e0 [ 272.645610][ T6164] Kernel panic - not syncing: Fatal exception [ 272.651886][ T6164] Kernel Offset: disabled [ 272.656206][ T6164] Rebooting in 86400 seconds..