last executing test programs: 7.905811949s ago: executing program 0 (id=1807): symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00') sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='signal_generate\x00', r1}, 0x10) unshare(0x400) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYRES32=0x0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r3, 0x1, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xfcffffff00000000}, 0x0) 7.790084708s ago: executing program 0 (id=1808): r0 = openat$binderfs_ctrl(0xffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x802, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 7.318293328s ago: executing program 0 (id=1813): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_usb_connect(0x3, 0x3c7, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x10, 0x0, 0x7aa003343bfbbf81) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x21a880, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) set_mempolicy(0x6, &(0x7f0000000000)=0x40006, 0x3) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) lseek(0xffffffffffffffff, 0x1000000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x8, &(0x7f0000000180)=ANY=[], 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x45, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5c, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x67) socket$nl_route(0x10, 0x3, 0x0) socket(0x1d, 0x2, 0x6) r4 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x8) 6.857423916s ago: executing program 1 (id=1814): chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000580)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)="223c525c73635d57c27d4553590622f2a2217660e66775418be6b4380e1b41e910ea32e1100e30636db209d96252c62b4efd8c2de12554c5cf2dd4e7c6786a15cb66b3ce564eaf0d8d4f7a8546159f561a3bb6b1d88e2245e26b63b239145ac681b538b0691ed676843fe038cd100229424540ad688f1693", &(0x7f00000005c0)="56f13718cc7459ec8248184dce2184f5f9d4ffa55159a75ed10ad8b66b6d31405c741d4bf3aad833d0b45b614efe23b1396e55aafbdd6412ad3328e0f16955e55a11b066d8542fb0", 0x1000, r1}, 0x38) 5.454630694s ago: executing program 1 (id=1819): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000088fe508a8500000004000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 5.358503052s ago: executing program 1 (id=1820): syz_open_dev$usbfs(0x0, 0x77, 0x1a1281) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000500)={[{@data_err_abort}, {@noblock_validity}, {@dioread_lock}, {@init_itable}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@noload}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x1, 0x4bf, &(0x7f0000000740)="$eJzs3E1oHGUfAPD/TD763aR9+76v/dCuVjFYTZq0ag8eVBR6EQQ9VPAS01hq01aaCLYUG0XqUTx5VI+C4MmLJwUR9aR41bsIRXpp9SArszuT7Ca7280m29ju7we7+zzzsc/8Z54n88w8mQ2gZ5WytyRia0T8EhFD1Wz9AqXqx41rl6b+vHZpKoly+YU/kspy169dmioWLdbbkmdG0oj03ST2Nih39sLF05MzM9Pn8/zY3JnXx2YvXHzk1JnJk9Mnp89OHD165PD4449NPLomcWZxXd/z1rl9u4+99MFzU+V45fvPsu3dms+vjaNqeNVllqIU5dzi1MHK+wOr/vZ/l2016aR/HTeEFemLiOxwDVTa/1D0xeLBG4pn31nIfLNOGwh0TXZu2rFsal/+mS6cv4A7UaKNQ48qzvjZ9W/xupX9j/V29ansfboS/438VZ3TH2l2LTtcvWLva7L+/9osp7wkP5h/bo2I4/N/fZS9ouF9CACAtfVV1v95uFH/L63r22zPx1CGI+JgROyMiP9ExK6I+G/eD/p/RNy1wvJLS/LL+z8/beoosDZl/b8n8rGt+v5fmi+RLOS2VeIfSF49NTN9KN8nIzGwIcuPtyjj62d+fr/ZvFJN/y97ZeUXfcF8O37v31C/zonJuclVhFzn6tsRe/obxZ8sjARke2B3ROzp4PuzfXbqoU/3ZentW5bPv0n8rY/9GowzlT+JeLB6/OdjSfyFpFpSs/HJsY0xM31orKgVy/3w45Xna/MDNem6+De2F9PGToNtIDv+mxvW/zz+ohkU47WzKy/jyq/vNb2mWX78kzg+X7tEXv9rakJW/weTFyvp4jrqzcm5ufPjEYP5hLrpE4vrFvli+Sz+kQON2//OiL8/ztfbGxFZJb47Iu6JiP35tt8bEfdFxIEW8X/39P2vtd5Drdp/d2Xxn2h1/COGk9rx+g4Sfae//bJZ+e39/TtSSY3kU9r5+5cXXpyOmm5gp/sNAAAAbidpZQw6SUeLdM3NqV2xOZ05Nzt3sBRvnD1RHasejoG0uNM1VHM/dDy/N1zkJ5bkD0fEjsp/Gm2q5Eenzs1sW8/AgcqzOnXtP9J0dLQ677dm//QC3DlWNI5W+3Tg51+s/cYAt5TnNaF3af/Qu7R/6F3aP/SuRu3/csSNddgU4BZz/ofepf1D79L+oXdp/9CTlj8SX/zQQidP+i8mdh5b1epdT5SHuvLN8ytfq69LkUbtj3Y0TSStfhyhZSLS1ssMtlF6k8TLH1arYPcqQHrTZZ7sYul5Yn+e2BAR7a51ufO92kH9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuP39EwAA///xS9f+") 4.284016162s ago: executing program 1 (id=1823): splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe6, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) io_uring_enter(0xffffffffffffffff, 0x46f3, 0x0, 0x0, 0x0, 0x0) write(r2, &(0x7f0000000200)='~', 0x1) listen(r0, 0x5) setsockopt(r1, 0x800000000010d, 0x8000000011, 0x0, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) sendmmsg(r1, &(0x7f0000002980), 0x400000000000239, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.215278648s ago: executing program 3 (id=1824): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0x0, 0x0, @vifc_lcl_addr=@multicast1, @dev}, 0x10) 4.042521262s ago: executing program 1 (id=1825): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x0, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) 4.042373082s ago: executing program 3 (id=1826): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400050000000000000000000000000000010c0002"], 0x98}}, 0x0) 4.042144902s ago: executing program 4 (id=1827): r0 = syz_open_dev$sndpcmc(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000011c0)=ANY=[], 0x20}}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) ioprio_get$uid(0x3, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc2604111, &(0x7f0000000040)={0x0, [[0x0, 0x300]]}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) creat(0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') timer_create(0x3, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, 0x0, 0x0) 3.867329757s ago: executing program 0 (id=1828): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x101) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x6c}}, 0x0) r4 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r4, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r4, &(0x7f0000000780)='+', 0xffc3, 0x0, 0x0, 0x0) 3.377234398s ago: executing program 3 (id=1829): chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000580)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)="223c525c73635d57c27d4553590622f2a2217660e66775418be6b4380e1b41e910ea32e1100e30636db209d96252c62b4efd8c2de12554c5cf2dd4e7c6786a15cb66b3ce564eaf0d8d4f7a8546159f561a3bb6b1d88e2245e26b63b239145ac681b538b0691ed676843fe038cd100229424540ad688f1693", &(0x7f00000005c0)="56f13718cc7459ec8248184dce2184f5f9d4ffa55159a75ed10ad8b66b6d31405c741d4bf3aad833d0b45b614efe23b1396e55aafbdd6412ad3328e0f16955e55a11b066d8542fb0", 0x1000, r1}, 0x38) 2.912243136s ago: executing program 4 (id=1830): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r1, 0x0, 0x0, 0x20010004, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x10) 2.794994556s ago: executing program 3 (id=1831): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f00000003c0)={0x2, 0x0, [{0x6, 0x5, 0x7, 0x9, 0xa011, 0x7fff, 0xb}, {0x80000000, 0x9, 0x3, 0xfffff56c, 0x2a27, 0xffff, 0xb834e32}]}) 2.62370884s ago: executing program 2 (id=1832): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0xffff, 0x7}, 0x4) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000000)=0xe3a, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0) 2.6226921s ago: executing program 3 (id=1833): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) inotify_init() openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="b40000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400000000000000000000000000000000010c0002800500010000000020440002802c00018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000aa0c000280050001000000000006000340000000000800074000000000180006801400040020010000000000000000", @ANYRES64], 0xb4}}, 0x0) 2.486555472s ago: executing program 2 (id=1834): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000001cc0)={r2, 0x1, 0x6, @broadcast}, 0x10) 2.318240757s ago: executing program 2 (id=1835): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000240)={&(0x7f0000ffe000/0x1000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/105, 0x69, 0x0, 0x0, 0x3d}, &(0x7f0000000280)=0x40) 2.170629838s ago: executing program 2 (id=1836): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x15, &(0x7f00000003c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r6, @ANYBLOB="080026008f0900000800b7"], 0x50}}, 0x0) 1.858541205s ago: executing program 4 (id=1837): r0 = epoll_create1(0x80000) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x2) write$P9_RSTATu(r1, &(0x7f0000000480)=ANY=[], 0x65) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) 1.816870489s ago: executing program 1 (id=1838): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_usb_connect(0x3, 0x3c7, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x10, 0x0, 0x7aa003343bfbbf81) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x21a880, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) set_mempolicy(0x6, &(0x7f0000000000)=0x40006, 0x3) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) lseek(0xffffffffffffffff, 0x1000000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x8, &(0x7f0000000180)=ANY=[], 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x45, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5c, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x67) socket$nl_route(0x10, 0x3, 0x0) socket(0x1d, 0x2, 0x6) r4 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x8) 1.604781076s ago: executing program 3 (id=1839): syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk") creat(&(0x7f0000000040)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='utf8=0,nonumtail=0,iocharset=iso8859-14,check=strict,uni_xlate=1,shortname=lower,shoru~ame=winnt,flush,\x00'], 0x1, 0x216, &(0x7f0000000e00)="$eJzs3bFqU1EYB/CvttVSkHQQiiJ4xcUpNBX3FKkgBhQlg04Wm6IksWAg0A6tTr6EvoKOroKDuPoCIkgVXOzWQYjUGxtb0jZS01vM77fkg3v+95zvEnLIkJN7Z+vV+cXGwvr6WoyNDcVIMYqxMRQTcSyGI/UkAID/yUarFd9bqazXAgAcDvs/AAyeHvf/m4e4JACgz3z/B4DBc/vO3eszpdLsrSQZi6g/a5ab5fQ1vT6zEA+jFpWYilz8iGhtSeur10qzU8mmLxNRrq+286vN8vD2fCFyMdE9X0hS2/OjMd7OfxyPSkxHLk51z093zR+Pixf+mD8fufhwPxajFvOxme3kVwpJcuVGaUf+xK9xAAAAAAAAAAAAAAAAAAAAAADQD/lkS9fze/L53a6n+d7PB9p5Ps9InBnJtncAAAAAAAAAAAAAAAAAAAA4KhpLy9W5Wq3yeK/i0fuXb/cb02Mx1J73oPc5eHHy/Ofnu495+jfP598Wb85l+Vh6LN6tPTh9qTF5+aisZ2m5OrrXW+tbLqJPs7/KtPffXe87ePJFce71yqevvd45gw8jAAAAAAAAAAAAAAAAAAAYcJ0f/Wa9EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADITuf///tXZN0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8DAAA///UmKDH") mount$bind(0x0, &(0x7f0000001040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x808004, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000001900)='./bus\x00', 0x0, 0x21002, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x4c02, &(0x7f0000000140)) openat(0xffffffffffffff9c, 0x0, 0x141842, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x92603b, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) 1.542548781s ago: executing program 2 (id=1840): signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r1, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x400000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x38) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x140) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f00000004c0), 0x208e24b) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 1.542329532s ago: executing program 4 (id=1841): r0 = syz_open_dev$sndpcmc(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000011c0)=ANY=[], 0x20}}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) ioprio_get$uid(0x3, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc2604111, &(0x7f0000000040)={0x0, [[0x0, 0x300]]}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) creat(0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') timer_create(0x3, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, 0x0, 0x0) 627.216598ms ago: executing program 2 (id=1842): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0xffffff50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r3, 0xc0505405, &(0x7f0000000000)={{0x1, 0x0, 0x0, 0x0, 0xc5cc}}) 605.36311ms ago: executing program 0 (id=1843): chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000580)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)="223c525c73635d57c27d4553590622f2a2217660e66775418be6b4380e1b41e910ea32e1100e30636db209d96252c62b4efd8c2de12554c5cf2dd4e7c6786a15cb66b3ce564eaf0d8d4f7a8546159f561a3bb6b1d88e2245e26b63b239145ac681b538b0691ed676843fe038cd100229424540ad688f1693", &(0x7f00000005c0)="56f13718cc7459ec8248184dce2184f5f9d4ffa55159a75ed10ad8b66b6d31405c741d4bf3aad833d0b45b614efe23b1396e55aafbdd6412ad3328e0f16955e55a11b066d8542fb0", 0x1000, r1}, 0x38) 260.354709ms ago: executing program 4 (id=1844): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) fanotify_mark(r0, 0x455, 0x8000001, r1, 0x0) r2 = fanotify_init(0x2, 0x101000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) fanotify_mark(r2, 0x101, 0x20, r3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) bpf$PROG_LOAD(0x5, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) rmdir(&(0x7f0000000380)='./file0/../file0\x00') mmap$dsp(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000002, 0x12, 0xffffffffffffffff, 0x0) 146.374338ms ago: executing program 0 (id=1845): r0 = socket$qrtr(0x2a, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) r3 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r2) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 4 (id=1846): syz_mount_image$udf(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0xa00000, &(0x7f00000001c0)={[{@undelete}, {@iocharset={'iocharset', 0x3d, 'euc-jp'}}, {@utf8}, {@unhide}, {@nostrict}, {}, {@uid_ignore}, {@iocharset={'iocharset', 0x3d, 'cp855'}}, {}]}, 0x1, 0xc57, &(0x7f0000001d40)="$eJzs3U9sHNd9B/DfG+2KK7mpmNhVnDQONm2Ryorl6l9MxSrcVU2zDSDLQijmFoArkVIXpkiCpBrZSAumlx56CFAUPeREoDUKpGhgNEHQI9O6QHLxocipJ6KFjaDogS0CBChgsJjZt+KSIm3ZFEVK/nxs6js7897MezPrGVnQmxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMTvv3Th5Km0xYYDe9AYAOCBuDT6tZOnt3r+AwCPrCvb/f8/AAAAAAAAAAAAAACwX6Qo4vFIMXtpNY1Xn7saFzv1W7fHhke2rnYoVTUPVOXLn8ap02fOfvm5oXO9vNiZfp/699tn45XRKxeaL87cnJ2bnJ+fnGiOTXeuzUxM3vMedlp/s+PVCWjefPXWxPXr883Tz57ZsPn24LsDjx0dPD/09ImnemXHhkdGRteLNPrL17Y/UuNemrPdCI+DUcSJSPHM93+e2hFRxM7PRePBXvvNDlWdOF51Ymx4pOrIVKc9vVBuvNw7EUVEs69Sq3eOtr4WUas/0D5srxWxWDa/bPDxsnujs+259tWpyebl9txCZ6EzM305dVtb9qcZRZxLEUsRsTJw9+7qUUQtUnz3yGq6mt/6UZ2HL1UDg7dvR7GLfbwHZTub9Yil4iG4ZvvYQBTxcqT4xVvH4lq+z1T3mi9GvFzmjyLeKPOFiFR+Mc5GvLPF94iHUy2K+Ivy+p9fTRPV/aB3X7n49eZXp6/P9JXt3Vc+5PPhrjvFHj0fDm3KB2Of35saUUS7uuOvpo/+mx0AAAAAAAAAAAAAAAAA7rdDUcRnIsVL//bH1bjiqMalHzk/9AeDn+gfM/7kB+ynLPtsRCwW9zYm92AeGHg5XU5pj8cSf5w1oog/yeP/vr3XjQEAAAAAAAAAAAAAAAAAAPhYK+JnkeL5t4+lpeifU7wzfaN5pX11qjsrbG/u396c6Wtra2vN1M1WzvGcizmXci7nXMkZRa6fs5VzPOdizqWcyzlXcsaBXD9nK+d4zsWcSzmXc67kjFqun7OVczznYs6lnMs5V3LGPpm7FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgUVJEEe9Fiu98czVFiohWxHh0c3lgr1sHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhE/iBTNP2zdWVeLiFT923Ws/OVstA6W+aloDZX5QrQu5GxXWWt9ew/az87UUxE/jRQDjTfvXPB8/evdT3e+BvHGt9Y/fbbWzQO9jYPvDjx29Mj5oZHPP7ndctqqAccvdqZv3W6ODY+MjPatruWjf6pv3WA+bnF/uk5EzL/2+qvtqanJuY++UH4FdlD9IVpItf6e/rC+1+3ZwcIn8vXfL+3Z44Xa1puittcN27uFjfeJxl7cnNh15fP/nUjxO2//e++B333+N+JXup/uPOHjl3+6/vx/fvOO7vH5X9tcLz//y2f6Vs//x/vWPZ9/N1KvRTQWbs7Wj0Y05l97/UTnZvvG5I3J6bMnT35laOgrZ07WD0Y0rnemJvuW7svpAgAAAAAAAAAAAAAAAHhwUhG/FynaP11NzYi4XY3XGjw/9PSJpw7EgWq81YZx26+MXrnQfHHm5uzc5Pz85ERzbLpzbWZi8l4P16iGe40Nj+xKZz7QoV1u/6HGizOzr811bvzRwpbbDzcuXJ1fmGtf23pzHIoiotW/5njV4LHhkarRU532dFX18paD6T+8eiriPyLFtbPN9IW8Lo//3zzCf8P4/8XNO7qP4/8/f3h9/N8n+4qWx0ypiF9Git/+yyfjC1U7D8dd5yyX+9tIcfzc53K5OFiW67Wh+16B7sjAsuz/RIp/fG9j2d54yMfXy576UCf3IVBe/yOR4gd//r34jbxu4/sftr7+hzfvaJfe//BE37rDG95XsOOuk6//iUjxwuNvxm9Wa/7vfd//0Xv3xrFu4fX3c+zS9f+1vnWD+bi/db86DwAAAAAAAAAA8BCrpyL+LlL8eKSWnsvr7uXv/01s3tEu/f2vT/etm7g/8xV94MKOTyoAAAAA7BP1VMTPIsWNhTfvjKHeOP67b/zn766P/xxOm7ZWf873q9V7A+7nn//1G8zHHd95twEAAAAAAAAAAAAAAAAAAGBfSamI5/J86uPVeP6JbedTX44UL/3XM7lcOlqW680DP1j92rg0M33iwtTUTCMW2lenJpujs+1rk2XdJyLF6t98LtctqvnVe/PNd+d4X5+LfS5SjPx9r2x3Lvbe3ORPrJc9VZb9ZKT4z3/YWDZPTZ3njq7Kni7L/nWk+MY/bV326HrZM2XZ70WKn3yj2St7uCzbez/qp9fLPnttptiFqwIAAAAAAAAAAAAAAAAAAMDHTT0V8WeR4r9vLt0Zy5/n/6/3fay88a2++f43uV3N8z9Yzf+/3fJHmf+/eq/A4nZHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAR1OKIl6PFLOXVtPyQPm5q3GxM33r9tjwyNbVDqWq5oGqfPnTOHX6zNkvPzd0rpfvX/9++0y8MnrlQvPFmZuzc5Pz85MTzbHpzrWZicl73sNO6292vDoBzZuv3pq4fn2+efrZMxs23x58d+Cxo4Pnh54+8VSv7NjwyMhoX5la/SMf/S5pm/UHo4i/ihTPfP/n6ccDEUXs/Fx8wHdntx2qOnG86sTY8EjVkalOe3qh3Hi5dyKKiGZfpVbvHD2Aa7EjrYjFsvllg4+X3Rudbc+1r05NNi+35xY6C52Z6cup29qyP80o4lyKWIqIlYG7d1ePIl6NFN89spr+eSDiQO88fOnS6NdOnt6+HcUu9vEelO1s1iOWiofgmu1jA1HEDyPFL946Fv8yEFGL7k98MeLlMn8U8UZ0r3cqvxhnI97Z4nvEw6kWRfxvef3Pr6a3Bsr7Qe++cvHrza9OX5/pK9u7rzz0z4cHaZ/fmxpRxE+qO/5q+lf/XQMAAAAAAAAAAAAAAADsI0X8eqR4/u1jqRoffGdMcWf6RvNK++pUd1hfb+xfb8z02traWjN1s5VzPOdizqWcyzlXckaR6+dsldlYWxvPnxdzLuVczrmSMw7k+jlbOcdzLuZcyrmccyVn1HL9nK2c4zkXcy7lXM65kjP2ydg9AAAAAAAAAAAAAAAAAADg0VJU/6T4zjdX09pAd37p8ejmsvlAH3n/HwAA//8SxPUa") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x5) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8000c61) syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000180)='./file1\x00', 0xa0c406, &(0x7f0000000300)=ANY=[], 0x1, 0x291, &(0x7f0000000740)="$eJzs3M9r034YwPGn6dZ0+7Ifpy/oxQe96CXMelQPVTYQC0q3inoQMpZpaG1HErQVwZw97e8YHr0J4j+w/8LbEGSnnYyszbKs+4Wza2f7fkHJkzz5tE8SUp5PId16uv66uupbq3YgRl7FEAllR2RWXNmTiZe5dpxLtsvdgoRyY+7N9sfFZ88fFkul+bLqQnHpVkFVp698ffv+09VvwX9PPk+bpmzOvtj6Wfi++f/mpa1fS69cX11f641AbV1uNAJ7ueboiutXLdXHNcf2HXXrvuMdyK/WGmtrLbXrK1OTa57j+2rXW2pIS4OG5uOq6mpZlk5N7sZ5GSG5Px5R2SiX7eK5FIMLw/OKdlZEJg7dDZWNwVQEAAAG6fj+30j22ev/je7+X+SU/v9DvNf0l573/1lJ+v+q0+7/A6+l9kvbTff/ONHZ+n/jfIrB38iEqZV7B1KeV5w4ehD9PwAAAAAAAAAAAAAAAAAAAAAA/4KdKJqJomhmd2mISBSvmyKSTa0fMXSknq0fVunrH6VeZnyBT7j+GAKpB/fyIj/CZqVZybSXnfzCg9L8nLalHvzbbjYr2SR/s5PXg/lxmYzzhSPzObl+rZPfzd1/VErn15uVCVk5sfKwV6cAAAAAAIChZ2liNtmYl2R+b1lqSne+PX/vROH+7wNd8/sxuTzWv+MAAAAAAADH81vvqnat5nj9CbJ9/KwzByJnG347MntSRlZETtmnvCgy+BN1KDDlQpQxzMGdnr1hlBHpbBmPvwy67gIAAAAAw2V/PjDoSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF39+OuyQR8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFH8DgAA//8sg70h") write$FUSE_WRITE(r0, &(0x7f00000000c0)={0x18}, 0xfffffdef) r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r2, 0x0, 0x0, 0x7000, 0x0, 0x3) kernel console output (not intermixed with test programs): 44][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 401.125858][ T26] audit: type=1326 audit(1729316141.733:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7430 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 401.252935][ T26] audit: type=1326 audit(1729316141.783:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7430 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 401.302643][ T26] audit: type=1326 audit(1729316141.883:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7430 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 401.326947][ T26] audit: type=1326 audit(1729316141.883:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7430 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 402.116152][ T3617] libceph: connect (1)[c::]:6789 error -101 [ 402.161544][ T3617] libceph: mon0 (1)[c::]:6789 connect error [ 402.172941][ T26] audit: type=1326 audit(1729316142.783:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7444 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 402.250103][ T26] audit: type=1326 audit(1729316142.813:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7444 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 402.281674][ T3617] libceph: connect (1)[c::]:6789 error -101 [ 402.281816][ T3617] libceph: mon0 (1)[c::]:6789 connect error [ 402.292165][ T7435] ceph: No mds server is up or the cluster is laggy [ 402.554804][ T26] audit: type=1326 audit(1729316142.813:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7444 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 402.555009][ T26] audit: type=1326 audit(1729316142.813:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7444 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbe572f2990 code=0x7ffc0000 [ 402.555221][ T26] audit: type=1326 audit(1729316142.813:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7444 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fbe572f5827 code=0x7ffc0000 [ 402.555393][ T26] audit: type=1326 audit(1729316142.813:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7444 comm="syz.1.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 403.161069][ T3617] libceph: connect (1)[c::]:6789 error -101 [ 403.161169][ T3617] libceph: mon0 (1)[c::]:6789 connect error [ 403.766731][ T7465] loop4: detected capacity change from 0 to 512 [ 403.858355][ T7466] netlink: 8 bytes leftover after parsing attributes in process `syz.0.941'. [ 404.364418][ T7465] EXT4-fs (loop4): 1 truncate cleaned up [ 404.439297][ T7465] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 404.773020][ T7477] tmpfs: Unknown parameter 'usrquota' [ 407.145758][ T7486] loop1: detected capacity change from 0 to 32768 [ 407.145759][ T7506] loop4: detected capacity change from 0 to 512 [ 407.236981][ T7506] EXT4-fs (loop4): Test dummy encryption mode enabled [ 407.295304][ T7506] EXT4-fs error (device loop4): __ext4_iget:4872: inode #11: block 1: comm syz.4.953: invalid block [ 407.299664][ T7486] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 407.325842][ T7506] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.953: couldn't read orphan inode 11 (err -117) [ 407.405361][ T7506] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000002000,jqfmt=vfsv0,delalloc,usrjquota=,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 407.691284][ T26] kauditd_printk_skb: 292 callbacks suppressed [ 407.691302][ T26] audit: type=1804 audit(1729316148.293:702): pid=7486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.948" name="/newroot/217/file1/bus" dev="loop1" ino=17058 res=1 errno=0 [ 407.761720][ T26] audit: type=1804 audit(1729316148.343:703): pid=7511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.948" name="/newroot/217/file1/bus" dev="loop1" ino=17058 res=1 errno=0 [ 408.217807][ T3570] ocfs2: Unmounting device (7,1) on (node local) [ 408.712312][ T26] audit: type=1326 audit(1729316149.323:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7518 comm="syz.1.954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 408.820642][ T26] audit: type=1326 audit(1729316149.323:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7518 comm="syz.1.954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 408.871126][ T26] audit: type=1326 audit(1729316149.343:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7518 comm="syz.1.954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 408.986453][ T7524] loop4: detected capacity change from 0 to 256 [ 409.041947][ T26] audit: type=1326 audit(1729316149.343:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7518 comm="syz.1.954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 409.181326][ T26] audit: type=1326 audit(1729316149.343:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7518 comm="syz.1.954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 409.710859][ T26] audit: type=1326 audit(1729316149.363:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7518 comm="syz.1.954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 409.733206][ T26] audit: type=1326 audit(1729316149.363:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7518 comm="syz.1.954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 409.777106][ T26] audit: type=1326 audit(1729316149.363:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7518 comm="syz.1.954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 409.868080][ T7529] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled [ 410.027373][ T7531] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 410.039383][ T7531] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 411.533006][ T7553] netlink: 'syz.3.967': attribute type 10 has an invalid length. [ 411.655399][ T7556] loop4: detected capacity change from 0 to 256 [ 411.774981][ T7553] bond0: (slave bond_slave_0): Releasing backup interface [ 412.389155][ T7553] syz.3.967 (7553) used greatest stack depth: 19192 bytes left [ 418.081432][ T7606] syz.2.980[7606] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 418.081536][ T7606] syz.2.980[7606] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 420.289637][ T7609] loop3: detected capacity change from 0 to 32768 [ 420.366397][ T7609] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.982 (7609) [ 420.430000][ T7609] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 420.468893][ T7609] BTRFS info (device loop3): setting nodatacow, compression disabled [ 420.499643][ T7609] BTRFS info (device loop3): max_inline at 0 [ 420.529262][ T7609] BTRFS info (device loop3): enabling disk space caching [ 420.581042][ T7609] BTRFS info (device loop3): turning off barriers [ 420.607979][ T7609] BTRFS info (device loop3): turning on flush-on-commit [ 420.630897][ T7609] BTRFS info (device loop3): doing ref verification [ 420.637702][ T7609] BTRFS info (device loop3): force clearing of disk cache [ 420.665761][ T7609] BTRFS info (device loop3): enabling ssd optimizations [ 420.698483][ T7609] BTRFS info (device loop3): max_inline at 4096 [ 420.746504][ T7609] BTRFS info (device loop3): disk space caching is enabled [ 420.779830][ T7609] BTRFS info (device loop3): has skinny extents [ 422.439824][ T7609] BTRFS error (device loop3): open_ctree failed [ 422.706005][ T7661] loop4: detected capacity change from 0 to 256 [ 423.976183][ T7669] loop2: detected capacity change from 0 to 2048 [ 424.824441][ T7669] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 424.905487][ T26] kauditd_printk_skb: 61 callbacks suppressed [ 424.905501][ T26] audit: type=1800 audit(1729316165.513:773): pid=7669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.996" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 424.922422][ T7669] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 427.406253][ T7706] input: syz1 as /devices/virtual/input/input5 [ 430.343887][ T7723] loop3: detected capacity change from 0 to 32768 [ 430.531305][ T7723] XFS (loop3): Mounting V5 Filesystem [ 430.668679][ T7723] XFS (loop3): Ending clean mount [ 430.717858][ T7723] XFS (loop3): Quotacheck needed: Please wait. [ 430.819985][ T7723] XFS (loop3): Quotacheck: Done. [ 431.188352][ T7723] XFS (loop3): User initiated shutdown received. [ 431.235221][ T7723] XFS (loop3): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x10c/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 431.927159][ T7723] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 432.013146][ T4559] XFS (loop3): Unmounting Filesystem [ 432.783275][ T4414] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 432.811634][ T3934] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 432.855644][ T3934] Bluetooth: hci5: Injecting HCI hardware error event [ 432.894693][ T3581] Bluetooth: hci5: hardware error 0x00 [ 434.141193][ T4414] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 434.161121][ T4414] usb 1-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 434.170168][ T4414] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.210424][ T4414] usb 1-1: config 0 descriptor?? [ 435.068741][ T7805] loop3: detected capacity change from 0 to 128 [ 435.200710][ T7805] EXT4-fs (loop3): Ignoring removed nobh option [ 435.245941][ T7805] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,inode_readahead_blks=0x0000000000008000,,errors=continue. Quota mode: none. [ 435.262334][ T7805] ext4 filesystem being mounted at /146/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 435.501630][ T4414] usbhid 1-1:0.0: can't add hid device: -71 [ 435.509497][ T4414] usbhid: probe of 1-1:0.0 failed with error -71 [ 435.593469][ T4414] usb 1-1: USB disconnect, device number 6 [ 438.813503][ T7836] loop1: detected capacity change from 0 to 256 [ 439.145731][ T7839] Restarting kernel threads ... done. [ 439.335935][ T7854] loop1: detected capacity change from 0 to 16 [ 439.407480][ T7854] erofs: (device loop1): mounted with root inode @ nid 36. [ 439.450912][ T7109] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 439.588377][ T7858] loop2: detected capacity change from 0 to 256 [ 439.821279][ T7109] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.861432][ T7109] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.903110][ T1388] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.910547][ T1388] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.917092][ T4414] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 439.933044][ T7109] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 440.013600][ T7109] usb 4-1: New USB device found, idVendor=1a34, idProduct=0f02, bcdDevice= 0.00 [ 440.025698][ T7109] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.158351][ T7109] usb 4-1: config 0 descriptor?? [ 440.326759][ T4414] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 440.365376][ T4414] usb 3-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 440.410869][ T4414] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.438339][ T4414] usb 3-1: config 0 descriptor?? [ 440.690330][ T7109] hid-generic 0003:1A34:0F02.0003: hidraw0: USB HID v0.00 Device [HID 1a34:0f02] on usb-dummy_hcd.3-1/input0 [ 440.781077][ T4414] usbhid 3-1:0.0: can't add hid device: -71 [ 440.789594][ T4414] usbhid: probe of 3-1:0.0 failed with error -71 [ 440.816317][ T4414] usb 3-1: USB disconnect, device number 4 [ 440.939808][ T7109] usb 4-1: USB disconnect, device number 7 [ 443.879777][ T7909] autofs4:pid:7909:autofs_fill_super: called with bogus options [ 444.187703][ T7915] loop4: detected capacity change from 0 to 256 [ 444.311013][ T3560] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 444.493471][ T7918] loop4: detected capacity change from 0 to 256 [ 444.741379][ T3560] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 444.762525][ T3560] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 444.786471][ T3560] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 444.809214][ T3560] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 444.926890][ T3560] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 444.937497][ T3560] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 444.952022][ T3560] usb 4-1: Manufacturer: syz [ 444.998210][ T7109] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 445.660028][ T3560] usb 4-1: config 0 descriptor?? [ 445.950336][ T7946] xt_hashlimit: Unknown mode mask 100000, kernel too old? [ 446.699139][ T3560] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 446.721535][ T3560] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 446.749414][ T7955] loop2: detected capacity change from 0 to 64 [ 446.749634][ T7953] loop1: detected capacity change from 0 to 256 [ 446.756614][ T3560] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 446.781771][ T7109] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 446.816791][ T7109] usb 5-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 446.817343][ T7955] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 446.859307][ T7109] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.889539][ T7109] usb 5-1: config 0 descriptor?? [ 446.895937][ T7955] MINIX-fs warning: remounting unchecked fs, running fsck is recommended [ 446.921908][ T3560] usb 4-1: USB disconnect, device number 8 [ 446.986296][ T7959] loop1: detected capacity change from 0 to 256 [ 447.086241][ T7959] FAT-fs (loop1): Directory bread(block 64) failed [ 447.086282][ T7959] FAT-fs (loop1): Directory bread(block 65) failed [ 447.086349][ T7959] FAT-fs (loop1): Directory bread(block 66) failed [ 447.086380][ T7959] FAT-fs (loop1): Directory bread(block 67) failed [ 447.086494][ T7959] FAT-fs (loop1): Directory bread(block 68) failed [ 447.086528][ T7959] FAT-fs (loop1): Directory bread(block 69) failed [ 447.086594][ T7959] FAT-fs (loop1): Directory bread(block 70) failed [ 447.086624][ T7959] FAT-fs (loop1): Directory bread(block 71) failed [ 447.086690][ T7959] FAT-fs (loop1): Directory bread(block 72) failed [ 447.086720][ T7959] FAT-fs (loop1): Directory bread(block 73) failed [ 449.616948][ T7109] usbhid 5-1:0.0: can't add hid device: -71 [ 449.641934][ T7109] usbhid: probe of 5-1:0.0 failed with error -71 [ 449.876033][ T7109] usb 5-1: USB disconnect, device number 5 [ 452.306257][ T7980] autofs4:pid:7980:autofs_fill_super: called with bogus options [ 454.151142][ T4569] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 454.981109][ T4569] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 455.013928][ T4569] usb 1-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 455.044498][ T4569] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.091512][ T4569] usb 1-1: config 0 descriptor?? [ 455.770977][ T4569] usbhid 1-1:0.0: can't add hid device: -71 [ 455.777009][ T4569] usbhid: probe of 1-1:0.0 failed with error -71 [ 455.820995][ T4569] usb 1-1: USB disconnect, device number 7 [ 456.154564][ T8045] loop4: detected capacity change from 0 to 128 [ 459.278362][ T8055] loop3: detected capacity change from 0 to 40427 [ 459.337038][ T8055] F2FS-fs (loop3): invalid crc value [ 459.773353][ T8055] F2FS-fs (loop3): Found nat_bits in checkpoint [ 460.183328][ T8090] loop1: detected capacity change from 0 to 256 [ 460.318938][ T8089] loop2: detected capacity change from 0 to 4096 [ 461.336183][ T8101] dccp_xmit_packet: Payload too large (65475) for featneg. [ 463.279479][ T8118] dccp_close: ABORT with 65475 bytes unread [ 464.311784][ T8132] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 467.282147][ T8162] input: syz1 as /devices/virtual/input/input6 [ 468.210214][ T8173] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 470.565530][ T8192] loop4: detected capacity change from 0 to 256 [ 471.872980][ T8206] Restarting kernel threads ... done. [ 472.810878][ T4570] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 472.978581][ T8228] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 473.770922][ T4570] usb 1-1: Using ep0 maxpacket: 16 [ 474.091716][ T4570] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 474.146344][ T4570] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 475.004409][ T4570] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 475.014111][ T4570] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.024935][ T4570] usb 1-1: config 0 descriptor?? [ 475.054198][ T4570] usb 1-1: can't set config #0, error -71 [ 475.267894][ T4570] usb 1-1: USB disconnect, device number 8 [ 476.102351][ T8243] binder: 8242:8243 ioctl c0046209 100000000000000 returned -22 [ 477.908774][ T8264] loop2: detected capacity change from 0 to 256 [ 478.697295][ T8260] Restarting kernel threads ... done. [ 479.026956][ T8275] loop2: detected capacity change from 0 to 1024 [ 479.280920][ T26] audit: type=1326 audit(1729316219.803:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 480.051031][ T8282] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1177'. [ 480.466136][ T26] audit: type=1326 audit(1729316219.803:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 480.633824][ T8289] loop3: detected capacity change from 0 to 512 [ 480.640905][ T26] audit: type=1326 audit(1729316219.803:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 480.733424][ T26] audit: type=1326 audit(1729316219.803:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 480.762943][ T26] audit: type=1326 audit(1729316219.803:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 480.785417][ C0] vkms_vblank_simulate: vblank timer overrun [ 480.887181][ T8289] EXT4-fs (loop3): 1 truncate cleaned up [ 480.955070][ T26] audit: type=1326 audit(1729316219.803:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 480.955531][ T26] audit: type=1326 audit(1729316219.803:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 480.956107][ T26] audit: type=1326 audit(1729316219.803:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 480.956540][ T26] audit: type=1326 audit(1729316219.803:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 480.957131][ T26] audit: type=1326 audit(1729316219.803:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8276 comm="syz.3.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb252dff9 code=0x7ffc0000 [ 480.958038][ T8289] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 483.514859][ T8324] loop1: detected capacity change from 0 to 128 [ 483.622022][ T8324] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 483.749050][ T8326] overlayfs: failed to resolve './file1': -2 [ 484.122984][ T8337] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 485.511043][ T4569] Bluetooth: hci1: command 0x0405 tx timeout [ 485.849024][ T8356] loop1: detected capacity change from 0 to 256 [ 486.800357][ T8346] autofs4:pid:8346:autofs_fill_super: called with bogus options [ 487.030983][ T7113] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 487.841575][ T8369] loop4: detected capacity change from 0 to 128 [ 487.890083][ T8371] overlayfs: failed to resolve './file1': -2 [ 487.941523][ T8369] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 487.961080][ T7113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 487.981224][ T7113] usb 2-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 488.192204][ T7113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.128496][ T7113] usb 2-1: config 0 descriptor?? [ 489.181550][ T7113] usb 2-1: can't set config #0, error -71 [ 489.216966][ T8380] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 489.253957][ T7113] usb 2-1: USB disconnect, device number 6 [ 490.951111][ T26] kauditd_printk_skb: 38 callbacks suppressed [ 490.951127][ T26] audit: type=1326 audit(1729316231.553:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ca0c2ff9 code=0x7ffc0000 [ 491.191627][ T26] audit: type=1326 audit(1729316231.563:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6ca0c2ff9 code=0x7ffc0000 [ 491.952808][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 492.063138][ T8410] overlayfs: failed to resolve './file1': -2 [ 492.106859][ T26] audit: type=1326 audit(1729316231.563:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ca0c2ff9 code=0x7ffc0000 [ 492.280967][ T26] audit: type=1326 audit(1729316231.563:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6ca0c2ff9 code=0x7ffc0000 [ 492.391693][ T26] audit: type=1326 audit(1729316231.563:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ca0c2ff9 code=0x7ffc0000 [ 492.507120][ T26] audit: type=1326 audit(1729316231.563:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6ca0c2ff9 code=0x7ffc0000 [ 492.540926][ T26] audit: type=1326 audit(1729316231.563:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ca0c2ff9 code=0x7ffc0000 [ 492.680901][ T26] audit: type=1326 audit(1729316231.563:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb6ca0c2ff9 code=0x7ffc0000 [ 492.985185][ T26] audit: type=1326 audit(1729316231.563:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ca0c2ff9 code=0x7ffc0000 [ 493.273803][ T8419] loop3: detected capacity change from 0 to 128 [ 493.280891][ T26] audit: type=1326 audit(1729316231.563:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8393 comm="syz.4.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb6ca0c2ff9 code=0x7ffc0000 [ 493.406848][ T8419] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 496.431016][ T26] kauditd_printk_skb: 57 callbacks suppressed [ 496.431030][ T26] audit: type=1326 audit(1729316237.013:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.1.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 496.586780][ T26] audit: type=1326 audit(1729316237.023:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.1.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 496.712869][ T26] audit: type=1326 audit(1729316237.023:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.1.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 496.776337][ T26] audit: type=1326 audit(1729316237.023:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.1.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 496.801214][ T26] audit: type=1326 audit(1729316237.023:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.1.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 496.851148][ T26] audit: type=1326 audit(1729316237.023:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.1.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 496.913430][ T26] audit: type=1326 audit(1729316237.023:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.1.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 497.212384][ T26] audit: type=1326 audit(1729316237.023:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.1.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 497.277354][ T8441] autofs4:pid:8441:autofs_fill_super: called with bogus options [ 497.584143][ T26] audit: type=1326 audit(1729316237.023:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.1.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 497.612344][ T26] audit: type=1326 audit(1729316237.023:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.1.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 498.509531][ T8485] loop1: detected capacity change from 0 to 1024 [ 498.900144][ T8492] loop3: detected capacity change from 0 to 512 [ 499.007073][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1237'. [ 499.259303][ T8492] EXT4-fs (loop3): 1 truncate cleaned up [ 499.368640][ T8492] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 501.420902][ T1388] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.428353][ T1388] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.460986][ T4414] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 502.491054][ T4414] usb 4-1: Using ep0 maxpacket: 16 [ 502.611388][ T4414] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 502.657107][ T4414] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 502.787487][ T4414] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 502.917500][ T4414] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 503.050113][ T4414] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 503.130950][ T4414] usb 4-1: config 0 has no interface number 0 [ 503.149102][ T8519] autofs4:pid:8519:autofs_fill_super: called with bogus options [ 503.161053][ T4414] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 503.199803][ T4414] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 503.226406][ T4414] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 503.290396][ T4414] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 503.372810][ T4414] usb 4-1: config 0 interface 125 has no altsetting 0 [ 503.458637][ T4414] usb 4-1: config 0 interface 125 has no altsetting 2 [ 503.532742][ T8535] loop2: detected capacity change from 0 to 1024 [ 503.691559][ T4414] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 503.726887][ T4414] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.751918][ T4414] usb 4-1: Product: syz [ 503.764844][ T4414] usb 4-1: Manufacturer: syz [ 503.769776][ T4414] usb 4-1: SerialNumber: syz [ 503.788409][ T4414] usb 4-1: config 0 descriptor?? [ 503.842330][ T4414] usb 4-1: selecting invalid altsetting 2 [ 504.445733][ T8547] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1251'. [ 504.510840][ C1] usb 4-1: async_complete: urb error -71 [ 504.516641][ C1] usb 4-1: async_complete: urb error -71 [ 504.522338][ C1] usb 4-1: async_complete: urb error -71 [ 504.528025][ C1] usb 4-1: async_complete: urb error -71 [ 504.536768][ T4414] get_1284_register: usb error -71 [ 504.544113][ T4414] uss720: probe of 4-1:0.125 failed with error -71 [ 504.980113][ T8548] loop4: detected capacity change from 0 to 256 [ 504.993462][ T4414] usb 4-1: USB disconnect, device number 9 [ 505.139853][ T26] kauditd_printk_skb: 111 callbacks suppressed [ 505.139874][ T26] audit: type=1326 audit(1729316245.743:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 505.228957][ T26] audit: type=1326 audit(1729316245.793:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 505.288820][ T26] audit: type=1326 audit(1729316245.793:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 505.311229][ C0] vkms_vblank_simulate: vblank timer overrun [ 505.386226][ T26] audit: type=1326 audit(1729316245.793:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 505.458970][ T26] audit: type=1326 audit(1729316245.793:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 505.540876][ T26] audit: type=1326 audit(1729316245.793:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 505.754155][ T26] audit: type=1326 audit(1729316245.793:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 505.776565][ C0] vkms_vblank_simulate: vblank timer overrun [ 506.184674][ T26] audit: type=1326 audit(1729316245.793:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 506.207163][ C0] vkms_vblank_simulate: vblank timer overrun [ 506.406706][ T26] audit: type=1326 audit(1729316245.793:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 506.460299][ T26] audit: type=1326 audit(1729316245.793:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 507.859652][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 509.411318][ T8595] loop4: detected capacity change from 0 to 256 [ 509.435296][ T8596] autofs4:pid:8596:autofs_fill_super: called with bogus options [ 510.100618][ T3613] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 510.307654][ T8601] loop2: detected capacity change from 0 to 512 [ 511.010533][ T8601] EXT4-fs (loop2): 1 truncate cleaned up [ 511.020277][ T3613] usb 4-1: Using ep0 maxpacket: 16 [ 511.039447][ T8601] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 511.635349][ T8626] overlayfs: failed to resolve './file1': -2 [ 511.681083][ T3613] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 511.697904][ T3613] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 511.713637][ T3613] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 511.726162][ T3613] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 511.737626][ T3613] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 511.752266][ T3613] usb 4-1: config 0 has no interface number 0 [ 511.761618][ T3613] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 511.780222][ T3613] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 511.797608][ T3613] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 511.816047][ T3613] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 511.839678][ T3613] usb 4-1: config 0 interface 125 has no altsetting 0 [ 511.852866][ T3613] usb 4-1: config 0 interface 125 has no altsetting 2 [ 512.108346][ T3613] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 512.108378][ T3613] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.108406][ T3613] usb 4-1: Product: syz [ 512.108421][ T3613] usb 4-1: Manufacturer: syz [ 512.108435][ T3613] usb 4-1: SerialNumber: syz [ 512.118893][ T3613] usb 4-1: config 0 descriptor?? [ 512.492105][ T3613] usb 4-1: can't set config #0, error -71 [ 512.503263][ T3613] usb 4-1: USB disconnect, device number 10 [ 512.789654][ T8652] loop1: detected capacity change from 0 to 1024 [ 513.167928][ T8656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1282'. [ 514.130767][ T8666] overlayfs: failed to resolve './file1': -2 [ 514.703142][ T8669] loop3: detected capacity change from 0 to 256 [ 514.717406][ T8671] loop4: detected capacity change from 0 to 512 [ 514.801664][ T8671] EXT4-fs (loop4): 1 truncate cleaned up [ 514.810575][ T8671] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 514.952418][ T8680] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 515.040875][ T3941] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 515.921361][ T3941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 515.974402][ T3941] usb 4-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 516.001089][ T3941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.105487][ T3941] usb 4-1: config 0 descriptor?? [ 516.226677][ T8701] dccp_xmit_packet: Payload too large (65475) for featneg. [ 516.991923][ T8703] loop4: detected capacity change from 0 to 1024 [ 517.038625][ T8705] input: syz1 as /devices/virtual/input/input7 [ 517.780865][ T8712] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1295'. [ 517.811743][ T3941] usbhid 4-1:0.0: can't add hid device: -71 [ 517.819780][ T3941] usbhid: probe of 4-1:0.0 failed with error -71 [ 517.837748][ T3941] usb 4-1: USB disconnect, device number 11 [ 518.178394][ T8713] overlayfs: failed to resolve './file1': -2 [ 519.495327][ T8732] loop1: detected capacity change from 0 to 512 [ 519.564450][ T8735] autofs4:pid:8735:autofs_fill_super: called with bogus options [ 519.617418][ T8736] loop2: detected capacity change from 0 to 256 [ 520.316341][ T8732] EXT4-fs (loop1): 1 truncate cleaned up [ 520.323016][ T8732] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 521.394980][ T8759] loop3: detected capacity change from 0 to 1024 [ 521.924337][ T8763] overlayfs: failed to resolve './file0': -2 [ 522.309897][ T8768] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1311'. [ 523.482150][ T8787] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 524.266445][ T8805] loop2: detected capacity change from 0 to 512 [ 524.736227][ T8805] EXT4-fs (loop2): 1 truncate cleaned up [ 524.743722][ T8805] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 525.839494][ T8820] trusted_key: encrypted_key: insufficient parameters specified [ 526.127397][ T8824] overlayfs: failed to resolve './file0': -2 [ 527.780201][ T8842] autofs4:pid:8842:autofs_fill_super: called with bogus options [ 528.711428][ T8849] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 531.755349][ T8880] Restarting kernel threads ... done. [ 532.230128][ T8886] loop3: detected capacity change from 0 to 256 [ 532.762978][ T3934] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 533.851299][ T3934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 533.870626][ T3934] usb 4-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 533.899474][ T3934] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.926453][ T3934] usb 4-1: config 0 descriptor?? [ 536.291274][ T26] kauditd_printk_skb: 58 callbacks suppressed [ 536.291363][ T26] audit: type=1326 audit(1729316276.663:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 536.794159][ T26] audit: type=1326 audit(1729316276.663:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 537.626942][ T26] audit: type=1326 audit(1729316276.663:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 537.672940][ T26] audit: type=1326 audit(1729316276.663:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 537.746339][ T26] audit: type=1326 audit(1729316276.663:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 537.814557][ T26] audit: type=1326 audit(1729316276.663:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 537.857615][ T26] audit: type=1326 audit(1729316276.663:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 537.899277][ T26] audit: type=1326 audit(1729316276.673:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 537.926757][ T26] audit: type=1326 audit(1729316276.673:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 539.110939][ T3934] usbhid 4-1:0.0: can't add hid device: -32 [ 539.226010][ T3934] usbhid: probe of 4-1:0.0 failed with error -32 [ 539.261140][ T26] audit: type=1326 audit(1729316276.673:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe572f3ff9 code=0x7ffc0000 [ 539.750404][ T8931] autofs4:pid:8931:autofs_fill_super: called with bogus options [ 541.830684][ T3613] Bluetooth: hci4: command 0x0409 tx timeout [ 541.940608][ T8925] chnl_net:caif_netlink_parms(): no params data found [ 542.181013][ T3613] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 542.247257][ T8925] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.296185][ T8925] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.310717][ T8925] device bridge_slave_0 entered promiscuous mode [ 542.402483][ T8925] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.409549][ T8925] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.429700][ T8925] device bridge_slave_1 entered promiscuous mode [ 542.472560][ T3613] usb 2-1: Using ep0 maxpacket: 16 [ 542.527746][ T154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.574584][ T8925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 542.611282][ T3613] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 542.614246][ T8925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 542.626299][ T3613] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 542.645197][ T3613] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 542.657946][ T3613] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 542.680637][ T3613] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 542.700193][ T8925] team0: Port device team_slave_0 added [ 542.751702][ T8925] team0: Port device team_slave_1 added [ 543.001320][ T8925] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 543.079734][ T8925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 543.412571][ T8925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 543.425555][ T3613] usb 2-1: config 0 has no interface number 0 [ 543.431878][ T3613] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 543.443005][ T3613] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 543.455711][ T154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.486048][ T3613] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 543.496420][ T3613] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 543.512943][ T3613] usb 2-1: config 0 interface 125 has no altsetting 0 [ 543.519729][ T3613] usb 2-1: config 0 interface 125 has no altsetting 2 [ 543.540321][ T7110] usb 4-1: USB disconnect, device number 12 [ 543.563972][ T8925] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 543.582124][ T8925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 543.608019][ C0] vkms_vblank_simulate: vblank timer overrun [ 543.625080][ T8925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 543.658300][ T154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.899872][ T3613] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 544.285834][ T3613] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.410841][ T3613] usb 2-1: Product: syz [ 544.456256][ T3613] usb 2-1: Manufacturer: syz [ 544.481535][ T4569] Bluetooth: hci1: command 0x0409 tx timeout [ 544.483171][ T3613] usb 2-1: SerialNumber: syz [ 544.501577][ T7110] Bluetooth: hci4: command 0x041b tx timeout [ 544.520201][ T3613] usb 2-1: config 0 descriptor?? [ 544.566850][ T154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.571183][ T8965] loop4: detected capacity change from 0 to 512 [ 544.582650][ T3613] usb 2-1: selecting invalid altsetting 2 [ 544.622102][ T8925] device hsr_slave_0 entered promiscuous mode [ 544.641404][ T8925] device hsr_slave_1 entered promiscuous mode [ 544.657720][ T8965] EXT4-fs (loop4): 1 truncate cleaned up [ 544.664272][ T8965] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 544.790978][ T8925] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 544.798701][ T8925] Cannot create hsr debugfs directory [ 544.836964][ T8970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1367'. [ 545.083999][ T8947] chnl_net:caif_netlink_parms(): no params data found [ 545.661183][ T3613] get_1284_register timeout [ 545.665763][ T3613] uss720: probe of 2-1:0.125 failed with error -5 [ 545.689650][ C1] usb 2-1: async_complete: urb error -104 [ 545.695470][ C1] usb 2-1: async_complete: urb error -104 [ 545.701241][ C1] usb 2-1: async_complete: urb error -104 [ 545.802883][ T8991] loop2: detected capacity change from 0 to 256 [ 545.991272][ T3941] usb 2-1: USB disconnect, device number 7 [ 546.750577][ T3934] Bluetooth: hci4: command 0x040f tx timeout [ 546.764883][ T3934] Bluetooth: hci1: command 0x041b tx timeout [ 546.824704][ T8947] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.079016][ T8947] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.495701][ T8947] device bridge_slave_0 entered promiscuous mode [ 547.589411][ T8947] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.618936][ T8947] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.642300][ T8947] device bridge_slave_1 entered promiscuous mode [ 548.487016][ T4569] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 548.633043][ T8947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 548.799723][ T3648] Bluetooth: hci1: command 0x040f tx timeout [ 548.808795][ T3648] Bluetooth: hci4: command 0x0419 tx timeout [ 548.820114][ T8947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 549.644303][ T8947] team0: Port device team_slave_0 added [ 549.791905][ T8947] team0: Port device team_slave_1 added [ 549.865480][ T8925] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 549.912336][ T8925] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 549.961577][ T8947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 549.968548][ T8947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 550.091600][ T8947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 550.110009][ T8925] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 550.241758][ T8947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 550.249292][ T8947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 550.308625][ T8947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 550.316332][ T9041] loop1: detected capacity change from 0 to 512 [ 550.339619][ T8925] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 550.861330][ T3941] Bluetooth: hci1: command 0x0419 tx timeout [ 551.111773][ T9041] EXT4-fs (loop1): 1 truncate cleaned up [ 551.123611][ T9041] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 551.349429][ T8947] device hsr_slave_0 entered promiscuous mode [ 551.359348][ T8947] device hsr_slave_1 entered promiscuous mode [ 551.369173][ T8947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 551.394445][ T8947] Cannot create hsr debugfs directory [ 551.435338][ T8925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 551.540761][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 551.564816][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 551.620174][ T8925] 8021q: adding VLAN 0 to HW filter on device team0 [ 551.710496][ T154] device hsr_slave_0 left promiscuous mode [ 551.725844][ T154] device hsr_slave_1 left promiscuous mode [ 551.734968][ T9050] xt_TCPMSS: Only works on TCP SYN packets [ 551.744285][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 551.776447][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 551.803306][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 551.911290][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 551.925851][ T154] device bridge_slave_1 left promiscuous mode [ 551.932924][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 551.946015][ T154] device bridge_slave_0 left promiscuous mode [ 551.969353][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.678641][ T154] device team0 left promiscuous mode [ 552.691354][ T154] device team_slave_0 left promiscuous mode [ 552.697621][ T154] device team_slave_1 left promiscuous mode [ 552.714468][ T154] device veth1_macvtap left promiscuous mode [ 552.720660][ T154] device veth0_macvtap left promiscuous mode [ 552.741612][ T154] device veth1_vlan left promiscuous mode [ 552.752487][ T154] device veth0_vlan left promiscuous mode [ 553.241056][ T4569] usb 3-1: device descriptor read/all, error -71 [ 553.828576][ T154] team0 (unregistering): Port device team_slave_1 removed [ 553.873144][ T154] team0 (unregistering): Port device team_slave_0 removed [ 553.924265][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 553.973727][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 554.132678][ T154] bond0 (unregistering): Released all slaves [ 554.192890][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 554.202158][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 554.219448][ T4596] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.226580][ T4596] bridge0: port 1(bridge_slave_0) entered forwarding state [ 554.245319][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 554.266172][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 554.279821][ T4596] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.286962][ T4596] bridge0: port 2(bridge_slave_1) entered forwarding state [ 554.303997][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 554.318727][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 554.352056][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 554.372241][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 554.395856][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 554.412067][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 554.452190][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 554.461692][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 554.470237][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 554.507623][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 554.516209][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 554.561308][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 554.596157][ T8925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 554.691503][ T8947] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.843364][ T8947] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.953564][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 554.971032][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 555.045511][ T8925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 555.128837][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 555.150446][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 555.316220][ T8947] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.581303][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 555.609545][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 555.660169][ T8925] device veth0_vlan entered promiscuous mode [ 555.672215][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 555.702062][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 555.716352][ T8947] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.765958][ T8925] device veth1_vlan entered promiscuous mode [ 555.858583][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 555.879416][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 555.899626][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 555.944514][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 555.962132][ T8925] device veth0_macvtap entered promiscuous mode [ 556.013396][ T9083] loop1: detected capacity change from 0 to 512 [ 556.016361][ T8925] device veth1_macvtap entered promiscuous mode [ 556.080413][ T8947] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 556.112559][ T9083] EXT4-fs (loop1): 1 truncate cleaned up [ 556.124732][ T8925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 556.151775][ T9083] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 556.181026][ T8925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.191663][ T8925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 556.202316][ T8925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.212284][ T8925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 556.223111][ T8925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.234607][ T8925] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 556.245288][ T8947] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 556.462185][ T8947] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 556.487756][ T8947] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 556.502406][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 556.533934][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 556.643197][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 556.685773][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 556.720552][ T8925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 556.747173][ T8925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.991298][ T8925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 557.182712][ T8925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.357106][ T8925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 557.426317][ T8925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.436436][ T8925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 557.447135][ T8925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 557.458223][ T8925] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 557.494334][ T3665] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 557.504137][ T3665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 557.520078][ T8925] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.538115][ T8925] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.577012][ T8925] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.603685][ T8925] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.944797][ T1568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 557.978780][ T1568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 557.990725][ T8947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 558.018595][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 558.040210][ T8947] 8021q: adding VLAN 0 to HW filter on device team0 [ 558.053732][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 558.062689][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 558.154230][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 558.177963][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 558.215610][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 558.239401][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 558.286260][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 558.346077][ T1568] bridge0: port 1(bridge_slave_0) entered blocking state [ 558.353181][ T1568] bridge0: port 1(bridge_slave_0) entered forwarding state [ 558.422351][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 558.466624][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 558.503214][ T1568] bridge0: port 2(bridge_slave_1) entered blocking state [ 558.510349][ T1568] bridge0: port 2(bridge_slave_1) entered forwarding state [ 558.527932][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 558.536795][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 558.548003][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 558.557080][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 558.565860][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 558.573879][ T1568] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 558.601997][ T8947] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 558.639037][ T8947] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 558.683277][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 558.715248][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 558.724142][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 558.732853][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 558.750616][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 558.762330][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 558.790538][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 560.111852][ T8947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 560.119603][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 560.127501][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 560.201865][ T9125] trusted_key: encrypted_key: insufficient parameters specified [ 560.228027][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 560.247181][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 560.326832][ T8947] device veth0_vlan entered promiscuous mode [ 560.382150][ T8947] device veth1_vlan entered promiscuous mode [ 560.459520][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 560.482278][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 561.165100][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 561.182594][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 561.201049][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 561.220243][ T3634] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 561.274711][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 561.342839][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 561.377285][ T8947] device veth0_macvtap entered promiscuous mode [ 561.405892][ T8947] device veth1_macvtap entered promiscuous mode [ 561.442060][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 561.460814][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.490849][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 561.514757][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.564416][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 561.575476][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.587659][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 561.598469][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.609670][ T8947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 561.635646][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 561.696841][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.832892][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 561.894045][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.940882][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 561.992423][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.022814][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 562.083995][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.117783][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 562.159486][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.189026][ T8947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 562.253015][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 562.261984][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 562.270374][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 562.279129][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 562.288895][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 562.297961][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 562.564604][ T8947] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 562.631379][ T8947] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 562.680989][ T8947] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 562.729610][ T8947] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 562.782724][ T1388] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.789072][ T1388] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.024597][ T4596] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.060863][ T4596] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 564.103498][ T1568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.251041][ T1568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 564.437602][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 564.473021][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 569.195993][ T9197] loop2: detected capacity change from 0 to 512 [ 569.472484][ T9197] EXT4-fs (loop2): 1 truncate cleaned up [ 569.483597][ T9197] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 571.802726][ T154] device hsr_slave_0 left promiscuous mode [ 571.822359][ T154] device hsr_slave_1 left promiscuous mode [ 571.859697][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 571.901189][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 571.946144][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 571.981977][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 572.048313][ T154] device bridge_slave_1 left promiscuous mode [ 572.055550][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.205170][ T154] device bridge_slave_0 left promiscuous mode [ 572.237911][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.456205][ T154] device veth1_macvtap left promiscuous mode [ 572.656978][ T154] device veth0_macvtap left promiscuous mode [ 572.663229][ T154] device veth1_vlan left promiscuous mode [ 572.669090][ T154] device veth0_vlan left promiscuous mode [ 574.766651][ T154] team0 (unregistering): Port device team_slave_1 removed [ 574.803941][ T154] team0 (unregistering): Port device team_slave_0 removed [ 574.838722][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 575.999123][ T154] bond0 (unregistering): Released all slaves [ 580.370498][ T9334] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1454'. [ 582.735419][ T9372] loop3: detected capacity change from 0 to 512 [ 582.856940][ T9372] EXT4-fs (loop3): Ignoring removed nobh option [ 583.027762][ T9376] loop4: detected capacity change from 0 to 1024 [ 583.050278][ T9372] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 583.165933][ T9376] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 583.873841][ T9372] EXT4-fs (loop3): 1 truncate cleaned up [ 583.879519][ T9372] EXT4-fs (loop3): mounted filesystem without journal. Opts: i_version,nobh,data_err=ignore,nolazytime,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none. [ 590.111539][ T9431] loop4: detected capacity change from 0 to 32768 [ 590.341501][ T9431] XFS (loop4): Mounting V5 Filesystem [ 590.854002][ T9431] XFS (loop4): Ending clean mount [ 592.763354][ T3575] XFS (loop4): Unmounting Filesystem [ 592.865747][ T9470] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1487'. [ 592.985936][ T9470] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 592.995325][ T9470] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 593.004110][ T9470] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 593.012858][ T9470] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 593.186396][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 595.505619][ T9506] loop4: detected capacity change from 0 to 16 [ 595.525223][ T9507] loop1: detected capacity change from 0 to 512 [ 595.591685][ T9506] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 595.687718][ T9507] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000000,minixdf,,errors=continue. Quota mode: writeback. [ 595.720997][ T9507] ext4 filesystem being mounted at /338/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 595.950983][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 595.951078][ T26] audit: type=1800 audit(1729316336.533:1089): pid=9522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1497" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 596.732597][ T26] audit: type=1800 audit(1729316337.333:1090): pid=9507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1497" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 596.810905][ T9507] loop_set_status: loop1 () has still dirty pages (nrpages=2) [ 597.295369][ T3570] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #12: comm syz-executor: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 597.556067][ T3570] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #12: comm syz-executor: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 598.537609][ T9546] loop4: detected capacity change from 0 to 32768 [ 598.838200][ T9546] XFS (loop4): Mounting V5 Filesystem [ 599.362680][ T9546] XFS (loop4): Ending clean mount [ 599.411270][ T9546] XFS (loop4): Quotacheck needed: Please wait. [ 599.535686][ T9568] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1515'. [ 599.584133][ T9546] XFS (loop4): Quotacheck: Done. [ 600.021544][ T9558] chnl_net:caif_netlink_parms(): no params data found [ 600.039771][ T9554] loop3: detected capacity change from 0 to 32768 [ 600.044645][ T3575] XFS (loop4): Unmounting Filesystem [ 600.180652][ T9554] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.1514 (9554) [ 600.279782][ T9554] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 600.314612][ T9554] BTRFS info (device loop3): using free space tree [ 600.350877][ T9554] BTRFS info (device loop3): has skinny extents [ 600.543745][ T9558] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.777885][ T9558] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.806640][ T9558] device bridge_slave_0 entered promiscuous mode [ 600.888916][ T3616] Bluetooth: hci0: command 0x0409 tx timeout [ 600.901263][ T9558] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.908309][ T9558] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.991935][ T9554] BTRFS info (device loop3): enabling ssd optimizations [ 601.000532][ T9558] device bridge_slave_1 entered promiscuous mode [ 601.275584][ T9558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 601.354968][ T9616] usb usb8: usbfs: process 9616 (syz.3.1514) did not claim interface 0 before use [ 601.849803][ T26] audit: type=1800 audit(1729316342.093:1091): pid=9616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1514" name="file3" dev="loop3" ino=261 res=0 errno=0 [ 601.868439][ T9558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 602.580416][ T9558] team0: Port device team_slave_0 added [ 602.609894][ T9558] team0: Port device team_slave_1 added [ 602.749964][ T9558] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 602.802878][ T9558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 602.838748][ T9558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 602.867896][ T9558] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 602.935944][ T9558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 603.084629][ T9632] Bluetooth: hci0: command 0x041b tx timeout [ 603.173731][ T9558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 603.347860][ T9558] device hsr_slave_0 entered promiscuous mode [ 603.697686][ T9558] device hsr_slave_1 entered promiscuous mode [ 603.718436][ T9558] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 603.749063][ T9558] Cannot create hsr debugfs directory [ 603.843275][ T154] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 604.136669][ T154] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 604.393590][ T154] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 604.559057][ T154] bond0: (slave netdevsim0): Releasing backup interface [ 604.584974][ T154] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 604.953438][ T154] tipc: Disabling bearer [ 605.090619][ T154] tipc: Left network mode [ 605.573994][ T7113] Bluetooth: hci0: command 0x040f tx timeout [ 606.273240][ T9674] loop2: detected capacity change from 0 to 256 [ 607.760267][ T9558] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 607.813637][ T9558] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 607.862641][ T9558] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 607.871429][ T9632] Bluetooth: hci0: command 0x0419 tx timeout [ 607.951547][ T9558] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 608.150913][ T9632] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 608.201477][ T9558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 608.249759][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 608.262200][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 608.325630][ T9558] 8021q: adding VLAN 0 to HW filter on device team0 [ 608.360363][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 608.390661][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 608.410127][ T3780] bridge0: port 1(bridge_slave_0) entered blocking state [ 608.417291][ T3780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 608.489419][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 608.508023][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 608.521830][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 608.705919][ T9632] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 608.737570][ T9632] usb 3-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 608.754290][ T3780] bridge0: port 2(bridge_slave_1) entered blocking state [ 608.761427][ T3780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 608.799411][ T9632] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.828525][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 608.848608][ T9632] usb 3-1: config 0 descriptor?? [ 608.876661][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 608.931147][ T9632] usb 3-1: can't set config #0, error -71 [ 608.947283][ T9632] usb 3-1: USB disconnect, device number 7 [ 608.960472][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 609.052301][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 609.075421][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 609.614126][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 609.669638][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 609.731987][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 609.761626][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 609.791695][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 609.917680][ T9632] Bluetooth: hci0: command 0x0405 tx timeout [ 609.923992][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 610.065445][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 610.284436][ T9740] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1542'. [ 610.504948][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 610.911294][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 611.063099][ T9558] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 611.153073][ T9756] input: syz1 as /devices/virtual/input/input11 [ 611.190166][ T154] device hsr_slave_0 left promiscuous mode [ 611.246734][ T154] device hsr_slave_1 left promiscuous mode [ 611.405808][ T3674] udevd[3674]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 611.873262][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 611.917785][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 611.989279][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 612.424492][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 612.482928][ T154] device bridge_slave_1 left promiscuous mode [ 612.499363][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.519759][ T154] device bridge_slave_0 left promiscuous mode [ 612.556382][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.831093][ T154] device veth1_macvtap left promiscuous mode [ 612.837283][ T154] device veth0_macvtap left promiscuous mode [ 612.843745][ T154] device veth1_vlan left promiscuous mode [ 612.849653][ T154] device veth0_vlan left promiscuous mode [ 614.516411][ T154] team0 (unregistering): Port device team_slave_1 removed [ 614.545109][ T154] team0 (unregistering): Port device team_slave_0 removed [ 614.601441][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 614.641915][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 614.676912][ T9795] serio: Serial port pts0 [ 614.795086][ T154] bond0 (unregistering): Released all slaves [ 615.043446][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 615.078948][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 615.325515][ T9558] device veth0_vlan entered promiscuous mode [ 615.409273][ T9558] device veth1_vlan entered promiscuous mode [ 615.551050][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 615.584598][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 615.631858][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 615.665358][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 615.721087][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 615.732576][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 615.776666][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 615.802248][ T4596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 615.832699][ T9558] device veth0_macvtap entered promiscuous mode [ 615.874193][ T9558] device veth1_macvtap entered promiscuous mode [ 615.914191][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.945449][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.976309][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 616.032146][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.042090][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 616.052669][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.072197][ T9558] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 616.082442][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.093631][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.151030][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.292268][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.392516][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.490293][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.577306][ T9558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.670918][ T9558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.807367][ T9558] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 616.869090][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 616.894938][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 616.904362][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 616.913827][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 616.936854][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 616.963050][ T3784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 616.994160][ T9558] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.013621][ T9558] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.026938][ T9823] loop4: detected capacity change from 0 to 128 [ 617.036008][ T9558] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.052914][ T9558] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.600001][ T9823] VFS: Found a Xenix FS (block size = 512) on device loop4 [ 617.701814][ T9823] attempt to access beyond end of device [ 617.701814][ T9823] loop4: rw=0, want=8767745, limit=128 [ 617.734074][ T9823] Buffer I/O error on dev loop4, logical block 8767744, async page read [ 617.744344][ T3634] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 617.763967][ T9823] attempt to access beyond end of device [ 617.763967][ T9823] loop4: rw=0, want=13269810, limit=128 [ 617.775250][ T3634] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.823663][ T3784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 617.829027][ T9823] Buffer I/O error on dev loop4, logical block 13269809, async page read [ 617.845894][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 617.863694][ T3784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.871662][ T3780] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 617.941255][ T9823] attempt to access beyond end of device [ 617.941255][ T9823] loop4: rw=0, want=1158, limit=128 [ 617.941279][ T9823] Buffer I/O error on dev loop4, logical block 1157, async page read [ 617.941322][ T9823] attempt to access beyond end of device [ 617.941322][ T9823] loop4: rw=0, want=3211265, limit=128 [ 617.941340][ T9823] Buffer I/O error on dev loop4, logical block 3211264, async page read [ 617.941382][ T9823] attempt to access beyond end of device [ 617.941382][ T9823] loop4: rw=0, want=8768636, limit=128 [ 617.941400][ T9823] Buffer I/O error on dev loop4, logical block 8768635, async page read [ 617.941440][ T9823] attempt to access beyond end of device [ 617.941440][ T9823] loop4: rw=0, want=13466418, limit=128 [ 617.941458][ T9823] Buffer I/O error on dev loop4, logical block 13466417, async page read [ 617.941499][ T9823] attempt to access beyond end of device [ 617.941499][ T9823] loop4: rw=0, want=209286, limit=128 [ 617.941516][ T9823] Buffer I/O error on dev loop4, logical block 209285, async page read [ 617.942792][ T9823] attempt to access beyond end of device [ 617.942792][ T9823] loop4: rw=0, want=8767745, limit=128 [ 617.942815][ T9823] Buffer I/O error on dev loop4, logical block 8767744, async page read [ 617.942861][ T9823] attempt to access beyond end of device [ 617.942861][ T9823] loop4: rw=0, want=13269810, limit=128 [ 617.942879][ T9823] Buffer I/O error on dev loop4, logical block 13269809, async page read [ 617.942926][ T9823] attempt to access beyond end of device [ 617.942926][ T9823] loop4: rw=0, want=1158, limit=128 [ 617.942943][ T9823] Buffer I/O error on dev loop4, logical block 1157, async page read [ 617.945216][ T26] audit: type=1800 audit(1729316358.553:1092): pid=9823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1564" name="/" dev="loop4" ino=2 res=0 errno=0 [ 617.983457][ T3575] sysv_free_block: trying to free block not in datazone [ 617.984180][ T3575] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 618.790926][ T9843] device sit0 entered promiscuous mode [ 618.799205][ T9843] netlink: 'syz.3.1569': attribute type 1 has an invalid length. [ 618.799231][ T9843] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1569'. [ 619.898139][ C0] vkms_vblank_simulate: vblank timer overrun [ 620.035049][ T9856] loop4: detected capacity change from 0 to 8 [ 621.611042][ T3615] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 621.911641][ T3615] usb 5-1: Using ep0 maxpacket: 32 [ 622.173020][ T3615] usb 5-1: config 1 interface 0 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 16 [ 622.193292][ T3615] usb 5-1: config 1 interface 0 has no altsetting 0 [ 622.279970][ T9878] loop2: detected capacity change from 0 to 256 [ 622.297629][ T9858] loop3: detected capacity change from 0 to 32768 [ 622.410172][ T9858] XFS: ikeep mount option is deprecated. [ 622.541943][ T3615] usb 5-1: string descriptor 0 read error: -22 [ 622.555257][ T3615] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 622.616149][ T9858] XFS (loop3): Mounting V5 Filesystem [ 622.621663][ T3615] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.653594][ T9873] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 622.705208][ T3560] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 622.779315][ T9858] XFS (loop3): Ending clean mount [ 622.789647][ T9858] XFS (loop3): Quotacheck needed: Please wait. [ 622.890941][ T9858] XFS (loop3): Quotacheck: Done. [ 622.912710][ T3615] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 4 proto 2 vid 0x0525 pid 0xA4A8 [ 623.019681][ T8947] XFS (loop3): Unmounting Filesystem [ 623.071847][ T3560] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 623.098499][ T3560] usb 3-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 623.129567][ T3560] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.165591][ T3560] usb 3-1: config 0 descriptor?? [ 623.501135][ T3560] usbhid 3-1:0.0: can't add hid device: -71 [ 623.507345][ T3560] usbhid: probe of 3-1:0.0 failed with error -71 [ 623.534982][ T3560] usb 3-1: USB disconnect, device number 8 [ 623.962954][ T9632] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 624.152032][ T9907] loop2: detected capacity change from 0 to 256 [ 624.237845][ T1388] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.280940][ T3560] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 624.293469][ T1388] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.761131][ T3560] usb 4-1: config 0 has no interfaces? [ 624.768048][ T3560] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 624.826270][ T3560] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.866690][ T23] usb 5-1: USB disconnect, device number 6 [ 624.876253][ T23] usblp0: removed [ 624.911150][ T3560] usb 4-1: config 0 descriptor?? [ 624.921194][ T9632] usb 1-1: Using ep0 maxpacket: 32 [ 625.066424][ T9632] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 625.191056][ T4569] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 625.203723][ T9905] udc-core: couldn't find an available UDC or it's busy [ 625.276673][ T9905] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 625.571619][ T4569] usb 2-1: too many endpoints for config 1 interface 0 altsetting 253: 132, using maximum allowed: 30 [ 625.625485][ T4569] usb 2-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 132 [ 625.685640][ T3560] usb 4-1: USB disconnect, device number 13 [ 625.730224][ T4569] usb 2-1: config 1 interface 0 has no altsetting 0 [ 625.891003][ T9632] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 625.939355][ T9632] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 625.948139][ T9632] usb 1-1: Product: syz [ 625.960711][ T9632] usb 1-1: Manufacturer: syz [ 625.965475][ T9632] usb 1-1: SerialNumber: syz [ 625.971313][ T4569] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 625.980004][ T9920] loop2: detected capacity change from 0 to 2048 [ 625.980350][ T4569] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.980371][ T4569] usb 2-1: Product: syz [ 625.980385][ T4569] usb 2-1: Manufacturer: syz [ 625.980398][ T4569] usb 2-1: SerialNumber: syz [ 626.009519][ T9632] usb 1-1: config 0 descriptor?? [ 626.018603][ T23] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 626.041200][ T9898] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 626.117127][ T9920] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 626.130960][ T3560] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 626.134726][ T9920] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 626.281019][ T23] usb 5-1: Using ep0 maxpacket: 8 [ 626.424661][ T9923] fuse: Unknown parameter 'fK' [ 626.533687][ T3560] usb 4-1: Using ep0 maxpacket: 16 [ 626.707999][ T9925] udc-core: couldn't find an available UDC or it's busy [ 626.956967][ T4569] usblp 2-1:1.0: usblp1: USB Unidirectional printer dev 8 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 626.971297][ T9925] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 626.991017][ T3560] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 627.033384][ T9925] udc-core: couldn't find an available UDC or it's busy [ 627.040485][ T3560] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 627.073807][ T9925] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 627.120944][ T23] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 627.139368][ T23] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 627.141053][ T3560] usb 4-1: string descriptor 0 read error: -71 [ 627.159419][ T23] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 627.179722][ T23] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 627.200821][ T23] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 627.217011][ T3560] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40 [ 627.224014][ T23] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 627.250873][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 627.257732][ T3560] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.334662][ T3560] usb 4-1: can't set config #1, error -71 [ 627.352630][ T3560] usb 4-1: USB disconnect, device number 14 [ 627.367750][ T4569] usb 1-1: USB disconnect, device number 9 [ 627.526583][ T23] usb 5-1: GET_CAPABILITIES returned 0 [ 627.532263][ T23] usbtmc 5-1:16.0: can't read capabilities [ 627.780858][ T4569] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 628.020960][ T4569] usb 1-1: Using ep0 maxpacket: 8 [ 628.141263][ T4569] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 628.159210][ T4569] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 628.199452][ T4569] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 628.200320][ T9945] loop2: detected capacity change from 0 to 256 [ 628.214031][ T4569] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 628.244131][ T4569] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 628.273680][ T4569] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 628.347587][ T4569] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.435474][ T3618] usb 2-1: USB disconnect, device number 8 [ 628.488855][ T3618] usblp1: removed [ 628.630913][ T9632] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 628.681037][ T4569] usb 1-1: GET_CAPABILITIES returned 62 [ 628.687314][ T4569] usbtmc 1-1:16.0: can't read capabilities [ 628.862015][ T3618] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 629.070955][ T9632] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 629.082325][ T9632] usb 3-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 629.091504][ T9632] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.106424][ T9632] usb 3-1: config 0 descriptor?? [ 629.230940][ T3618] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 629.239041][ T3618] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 629.253809][ T3618] usb 2-1: config 0 has no interface number 0 [ 629.259914][ T3618] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 629.279122][ T3618] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 629.289010][ T3618] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 629.308936][ T3618] usb 2-1: config 0 interface 52 has no altsetting 0 [ 629.470943][ T3618] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 629.480102][ T3618] usb 2-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 629.490924][ T9632] usbhid 3-1:0.0: can't add hid device: -71 [ 629.497095][ T9632] usbhid: probe of 3-1:0.0 failed with error -71 [ 629.512027][ T9632] usb 3-1: USB disconnect, device number 9 [ 629.524332][ T3618] usb 2-1: Product: syz [ 629.528508][ T3618] usb 2-1: Manufacturer: syz [ 629.533231][ T3618] usb 2-1: SerialNumber: syz [ 629.562313][ T3618] usb 2-1: config 0 descriptor?? [ 629.734239][ T9956] loop3: detected capacity change from 0 to 256 [ 629.858983][ T3618] synaptics_usb 2-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 629.885199][ T3618] synaptics_usb: probe of 2-1:0.52 failed with error -5 [ 630.291888][ T3618] usb 2-1: USB disconnect, device number 9 [ 632.010863][ T3615] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 632.241042][ T3618] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 632.404083][ T3615] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x92, skipping [ 632.414692][ T3615] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 632.490856][ T3618] usb 3-1: Using ep0 maxpacket: 32 [ 632.610956][ T3618] usb 3-1: config 0 has an invalid interface number: 111 but max is 0 [ 632.611075][ T3615] usb 4-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 632.619512][ T3618] usb 3-1: config 0 has no interface number 0 [ 632.634862][ T3618] usb 3-1: config 0 interface 111 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 632.635340][ T3615] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.646086][ T3618] usb 3-1: config 0 interface 111 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 632.664027][ T3615] usb 4-1: Product: syz [ 632.668167][ T3615] usb 4-1: Manufacturer: syz [ 632.672907][ T3615] usb 4-1: SerialNumber: syz [ 632.682494][ T3615] usb 4-1: config 0 descriptor?? [ 632.722211][ T3615] redrat3 4-1:0.0: Couldn't find all endpoints [ 632.801490][ T9912] usbtmc 5-1:16.0: usb_control_msg returned -110 [ 632.801536][ T3618] usb 3-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice=e2.53 [ 632.807889][ T3618] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.807913][ T3618] usb 3-1: Product: syz [ 632.807926][ T3618] usb 3-1: Manufacturer: syz [ 632.817476][ T9940] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90 [ 632.831022][ T3618] usb 3-1: SerialNumber: syz [ 632.848135][ T3618] usb 3-1: config 0 descriptor?? [ 632.861039][ T9941] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 632.879039][ T3560] usb 5-1: USB disconnect, device number 7 [ 632.886781][ T3615] usb 1-1: USB disconnect, device number 10 [ 632.892430][ T3618] usbtouchscreen: probe of 3-1:0.111 failed with error -12 [ 633.043538][ T4569] usb 4-1: USB disconnect, device number 15 [ 633.111598][ T3618] usb 3-1: USB disconnect, device number 10 [ 633.620947][ T4569] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 633.871596][ T4569] usb 4-1: Using ep0 maxpacket: 16 [ 633.960933][ T3618] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 633.991160][ T4569] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 634.020891][ T4569] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 634.049107][ T4569] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x92, skipping [ 634.210938][ T3618] usb 3-1: Using ep0 maxpacket: 16 [ 634.221084][ T4569] usb 4-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b [ 634.231102][ T3560] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 634.255637][ T4569] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3 [ 634.266798][ T4569] usb 4-1: Product: syz [ 634.275745][ T4569] usb 4-1: Manufacturer: syz [ 634.280366][ T4569] usb 4-1: SerialNumber: syz [ 634.317533][ T4569] usb 4-1: config 0 descriptor?? [ 634.331174][ T3618] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 634.346874][ T9989] input: syz0 as /devices/virtual/input/input14 [ 634.354296][ T9989] input: failed to attach handler leds to device input14, error: -6 [ 634.367444][ T3618] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 634.377000][ T3618] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 634.390325][ T3618] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 634.405154][ T4569] usb 4-1: NFC: intf ffff8880764a8000 id ffffffff8d149b60 [ 634.414994][ T3618] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 634.424831][ T3560] usb 1-1: device descriptor read/64, error -71 [ 634.464772][ T3618] usb 3-1: config 0 has no interface number 0 [ 634.485207][ T3618] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 634.504882][ T3618] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 634.516314][ T3618] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 634.528168][ T3618] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 634.542538][ T3618] usb 3-1: config 0 interface 125 has no altsetting 0 [ 634.551497][ T3618] usb 3-1: config 0 interface 125 has no altsetting 2 [ 634.628614][ T4569] usb 4-1: USB disconnect, device number 16 [ 634.701622][ T3560] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 634.721183][ T3618] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 634.743801][ T3618] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 634.777349][ T3618] usb 3-1: Product: syz [ 634.797813][ T3618] usb 3-1: Manufacturer: syz [ 634.810914][ T3618] usb 3-1: SerialNumber: syz [ 634.830250][ T3618] usb 3-1: config 0 descriptor?? [ 634.873830][ T3618] usb 3-1: selecting invalid altsetting 2 [ 634.900902][ T3560] usb 1-1: device descriptor read/64, error -71 [ 635.025338][ T3560] usb usb1-port1: attempt power cycle [ 635.442521][ T3560] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 635.530967][ T9999] loop3: detected capacity change from 0 to 256 [ 635.587611][ T3560] usb 1-1: device descriptor read/8, error -71 [ 635.627347][ T9982] udc-core: couldn't find an available UDC or it's busy [ 635.691256][ T9982] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 635.901029][ T3618] get_1284_register timeout [ 635.906085][ T3618] uss720: probe of 3-1:0.125 failed with error -5 [ 635.912696][ C0] usb 3-1: async_complete: urb error -104 [ 635.912782][ C0] usb 3-1: async_complete: urb error -104 [ 635.940968][ T3560] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 636.063347][ T3560] usb 1-1: device descriptor read/8, error -71 [ 636.191807][ T3560] usb usb1-port1: unable to enumerate USB device [ 636.342678][ T3618] usb 3-1: USB disconnect, device number 11 [ 636.540881][ T3615] Bluetooth: hci0: command 0x0407 tx timeout [ 639.235771][T10045] bridge0: port 3(hsr_slave_1) entered blocking state [ 639.258891][T10045] bridge0: port 3(hsr_slave_1) entered disabled state [ 639.276300][ T26] audit: type=1326 audit(1729316379.883:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10046 comm="syz.2.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 639.361158][ T26] audit: type=1326 audit(1729316379.913:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10046 comm="syz.2.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 639.383598][ C1] vkms_vblank_simulate: vblank timer overrun [ 639.463744][ T26] audit: type=1326 audit(1729316379.913:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10046 comm="syz.2.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 639.535494][ T26] audit: type=1326 audit(1729316379.913:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10046 comm="syz.2.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 639.601586][ T26] audit: type=1326 audit(1729316379.933:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10046 comm="syz.2.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 639.740587][ T26] audit: type=1326 audit(1729316379.933:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10046 comm="syz.2.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 639.740628][ T26] audit: type=1326 audit(1729316379.933:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10046 comm="syz.2.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 639.740657][ T26] audit: type=1326 audit(1729316379.943:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10046 comm="syz.2.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 639.740686][ T26] audit: type=1326 audit(1729316379.943:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10046 comm="syz.2.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 639.740714][ T26] audit: type=1326 audit(1729316379.943:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10046 comm="syz.2.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b24b04ff9 code=0x7ffc0000 [ 639.814329][ C1] vkms_vblank_simulate: vblank timer overrun [ 639.931001][ T3615] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 640.170964][ T3615] usb 5-1: device descriptor read/64, error -71 [ 640.450998][ T3615] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 640.486633][T10076] overlayfs: missing 'lowerdir' [ 640.641054][ T3615] usb 5-1: device descriptor read/64, error -71 [ 640.773505][ T3615] usb usb5-port1: attempt power cycle [ 640.790932][ T3614] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 641.070946][ T3614] usb 3-1: Using ep0 maxpacket: 16 [ 641.191786][ T3615] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 641.311335][ T3615] usb 5-1: device descriptor read/8, error -71 [ 641.401180][ T3614] usb 3-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=22.89 [ 641.428255][ T3614] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.450545][ T3614] usb 3-1: Product: syz [ 641.473183][ T3614] usb 3-1: Manufacturer: syz [ 641.494263][ T3614] usb 3-1: SerialNumber: syz [ 641.526502][ T3614] usb 3-1: config 0 descriptor?? [ 641.540954][ T3560] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 641.583023][ T3614] legousbtower 3-1:0.0: interrupt endpoints not found [ 641.590858][ T3615] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 641.701043][ T3615] usb 5-1: device descriptor read/8, error -71 [ 641.801936][ T3560] usb 1-1: Using ep0 maxpacket: 32 [ 641.831040][ T3615] usb usb5-port1: unable to enumerate USB device [ 641.922257][ T3560] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 641.955411][ T3560] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 641.975176][ T3560] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 642.006240][ T3615] usb 3-1: USB disconnect, device number 12 [ 642.019492][ T3560] usb 1-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 642.049949][ T3560] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.065770][ T3560] usb 1-1: config 0 descriptor?? [ 642.567784][ T3560] hid-udraw 0003:20D6:CB17.0005: unknown main item tag 0x0 [ 642.590729][ T3560] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.0005/input/input15 [ 642.892812][T10086] udc-core: couldn't find an available UDC or it's busy [ 643.063322][ T3560] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.0005/input/input16 [ 643.079061][T10086] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 643.353198][ T3560] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.0005/input/input17 [ 643.443299][ T3560] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.0005/input/input18 [ 644.128918][ T3560] hid-udraw 0003:20D6:CB17.0005: hidraw0: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.0-1/input0 [ 644.177690][ T3560] usb 1-1: USB disconnect, device number 15 [ 644.327436][ T3615] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 644.781724][ T3615] usb 5-1: unable to get BOS descriptor or descriptor too short [ 644.892045][ T3615] usb 5-1: not running at top speed; connect to a high speed hub [ 645.161140][ T3615] usb 5-1: config 219 has 1 interface, different from the descriptor's value: 2 [ 645.196658][ T3615] usb 5-1: config 219 interface 0 has no altsetting 0 [ 645.230721][ T3615] usb 5-1: config 219 interface 0 has no altsetting 1 [ 645.319285][T10141] loop3: detected capacity change from 0 to 256 [ 645.975472][T10143] overlayfs: missing 'lowerdir' [ 646.206861][ T3615] usb 5-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e [ 646.207968][ T3615] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.208994][ T3615] usb 5-1: Product: syz [ 646.209038][ T3615] usb 5-1: Manufacturer: syz [ 646.210080][ T3615] usb 5-1: SerialNumber: syz [ 646.580517][T10152] loop2: detected capacity change from 0 to 256 [ 646.781772][ T3615] usb 5-1: selecting invalid altsetting 0 [ 646.788327][ T3615] usb 5-1: selecting invalid altsetting 0 [ 647.622431][T10170] loop3: detected capacity change from 0 to 256 [ 649.426079][ T3615] usb 5-1: USB disconnect, device number 12 [ 650.370364][ T3785] udevd[3785]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 652.622007][ T3560] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 652.741060][ T9631] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 653.461188][ T9631] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 653.478515][ T9631] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.496555][ T9631] usb 3-1: Product: syz [ 653.521369][ T9631] usb 3-1: Manufacturer: syz [ 653.526143][ T9631] usb 3-1: SerialNumber: syz [ 653.695574][ T9631] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 654.489610][ T3560] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 654.499024][ T3560] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 654.536953][ T3560] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 654.556599][ T3560] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 654.645019][ T3560] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 654.691127][ T9631] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 654.734942][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 655.281037][ T3560] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 655.298451][ T3560] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 655.325732][ T3560] usb 2-1: Product: syz [ 655.351774][ T3560] usb 2-1: Manufacturer: syz [ 655.381057][ T3560] usb 2-1: can't set config #1, error -71 [ 655.397896][ T3560] usb 2-1: USB disconnect, device number 10 [ 655.448187][T10209] udc-core: couldn't find an available UDC or it's busy [ 655.448207][T10209] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 655.652110][T10209] udc-core: couldn't find an available UDC or it's busy [ 655.680948][T10209] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 655.757529][ T9632] usb 3-1: USB disconnect, device number 13 [ 656.140854][ T9631] usb 3-1: Service connection timeout for: 256 [ 656.148265][ T9631] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 656.187708][ T9631] ath9k_htc: Failed to initialize the device [ 656.221109][ T9632] usb 3-1: ath9k_htc: USB layer deinitialized [ 656.838671][T10271] loop2: detected capacity change from 0 to 512 [ 658.148317][T10271] EXT4-fs (loop2): 1 truncate cleaned up [ 658.155178][T10271] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 658.267714][T10295] device syzkaller0 entered promiscuous mode [ 659.629490][T10311] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 659.713368][T10311] device syzkaller0 entered promiscuous mode [ 661.599894][T10350] overlayfs: missing 'lowerdir' [ 662.172958][ T9632] Bluetooth: hci4: command 0x0406 tx timeout [ 665.669368][T10392] overlayfs: missing 'lowerdir' [ 666.030350][ T26] kauditd_printk_skb: 147 callbacks suppressed [ 666.030405][ T26] audit: type=1326 audit(1729316406.343:1250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10383 comm="syz.1.1732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 666.668782][ T26] audit: type=1326 audit(1729316406.363:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10383 comm="syz.1.1732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 666.691275][ C0] vkms_vblank_simulate: vblank timer overrun [ 666.791405][ T26] audit: type=1326 audit(1729316406.383:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10383 comm="syz.1.1732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 666.886946][ T26] audit: type=1326 audit(1729316406.393:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10383 comm="syz.1.1732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 667.356644][ T26] audit: type=1326 audit(1729316406.413:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10383 comm="syz.1.1732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 667.773200][ T26] audit: type=1326 audit(1729316406.423:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10383 comm="syz.1.1732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 667.894088][ T26] audit: type=1326 audit(1729316406.423:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10383 comm="syz.1.1732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 667.984547][ T26] audit: type=1326 audit(1729316406.423:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10383 comm="syz.1.1732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 668.060874][ T26] audit: type=1326 audit(1729316406.423:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10383 comm="syz.1.1732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 668.159093][ T26] audit: type=1326 audit(1729316406.423:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10383 comm="syz.1.1732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 669.301932][T10437] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1748'. [ 669.532456][T10442] loop1: detected capacity change from 0 to 2048 [ 669.633003][T10442] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 669.686910][T10442] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 670.026215][T10445] fuse: Unknown parameter 'fK' [ 671.134729][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 671.134741][ T26] audit: type=1326 audit(1729316411.743:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10460 comm="syz.1.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 671.215265][ T26] audit: type=1326 audit(1729316411.743:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10460 comm="syz.1.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 671.280902][ T26] audit: type=1326 audit(1729316411.773:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10460 comm="syz.1.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 671.350848][ T26] audit: type=1326 audit(1729316411.773:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10460 comm="syz.1.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 671.429506][ T26] audit: type=1326 audit(1729316411.773:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10460 comm="syz.1.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 671.486249][ T26] audit: type=1326 audit(1729316411.773:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10460 comm="syz.1.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 671.561412][ T26] audit: type=1326 audit(1729316411.773:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10460 comm="syz.1.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 671.614896][ T26] audit: type=1326 audit(1729316411.773:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10460 comm="syz.1.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 671.667979][ T26] audit: type=1326 audit(1729316411.773:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10460 comm="syz.1.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 671.766751][ T26] audit: type=1326 audit(1729316411.773:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10460 comm="syz.1.1758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e1ee48ff9 code=0x7ffc0000 [ 673.166201][T10508] loop2: detected capacity change from 0 to 2048 [ 673.276910][T10512] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 673.635780][T10518] loop2: detected capacity change from 0 to 512 [ 673.807601][T10518] EXT4-fs (loop2): Ignoring removed bh option [ 673.996238][T10518] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 674.466790][T10518] EXT4-fs (loop2): 1 truncate cleaned up [ 674.490253][T10518] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 674.647504][T10529] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1779'. [ 674.677988][T10529] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1779'. [ 675.071150][ T3648] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 675.120667][T10541] netlink: 'syz.1.1784': attribute type 4 has an invalid length. [ 675.331114][ T3648] usb 5-1: Using ep0 maxpacket: 8 [ 675.470992][T10548] vcan0: Master is either lo or non-ether device [ 675.615397][ T3648] usb 5-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62 [ 675.651156][ T3648] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 675.675117][ T3648] usb 5-1: Product: syz [ 675.688521][ T3648] usb 5-1: Manufacturer: syz [ 675.698816][ T3648] usb 5-1: SerialNumber: syz [ 675.726312][ T3648] usb 5-1: config 0 descriptor?? [ 675.802302][ T3648] usb 5-1: selecting invalid altsetting 3 [ 675.802426][ T3648] comedi comedi0: could not set alternate setting 3 in high speed [ 675.802442][ T3648] usbdux 5-1:0.0: driver 'usbdux' failed to auto-configure device. [ 675.814738][ T3648] usbdux: probe of 5-1:0.0 failed with error -22 [ 675.977773][ T3648] usb 5-1: USB disconnect, device number 13 [ 677.392279][T10576] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1796'. [ 677.438457][T10574] loop4: detected capacity change from 0 to 2048 [ 677.451677][T10576] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1796'. [ 677.470882][T10576] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1796'. [ 677.490103][T10576] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1796'. [ 677.525990][T10574] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 677.565119][T10574] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 678.107639][T10584] fuse: Unknown parameter 'fK' [ 679.705607][T10604] device vlan2 entered promiscuous mode [ 679.714842][T10604] device syz_tun entered promiscuous mode [ 679.731364][T10607] mmap: syz.1.1805 (10607) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 679.743754][T10604] device syz_tun left promiscuous mode [ 679.818998][T10608] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1804'. [ 682.386253][T10654] loop1: detected capacity change from 0 to 512 [ 682.671191][T10654] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #2: comm syz.1.1820: corrupted xattr block 255 [ 682.692232][T10654] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 682.707371][T10654] EXT4-fs (loop1): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback. [ 682.745268][T10654] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #2: comm syz.1.1820: corrupted xattr block 255 [ 683.648691][T10671] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1826'. [ 683.847506][T10671] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1826'. [ 684.795750][T10674] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.985285][T10674] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.121496][T10674] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.232082][T10674] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.284778][T10699] device team0 entered promiscuous mode [ 685.297239][T10699] device team_slave_0 entered promiscuous mode [ 685.305812][T10699] device team_slave_1 entered promiscuous mode [ 685.313582][T10698] device team0 left promiscuous mode [ 685.320090][T10698] device team_slave_0 left promiscuous mode [ 685.330938][T10698] device team_slave_1 left promiscuous mode [ 685.596901][T10674] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.615049][T10674] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.640520][T10674] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.668030][ T1388] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.676560][ T1388] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.703288][T10674] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.785351][T10703] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1836'. [ 687.084084][T10716] loop3: detected capacity change from 0 to 2048 [ 687.254239][T10716] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 687.330757][T10716] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 687.392241][T10716] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 687.631231][T10731] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 687.639972][T10731] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 687.716755][T10716] loop_set_status: loop3 () has still dirty pages (nrpages=3) [ 687.726000][T10734] block nbd0: shutting down sockets [ 687.734491][T10735] ================================================================== [ 687.742966][T10735] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x5e9/0x7a0 [ 687.750526][T10735] Write of size 4 at addr ffff888017e4eff0 by task syz.3.1839/10735 [ 687.758512][T10735] [ 687.760836][T10735] CPU: 0 PID: 10735 Comm: syz.3.1839 Not tainted 5.15.168-syzkaller #0 [ 687.769075][T10735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 687.773915][T10737] loop4: detected capacity change from 0 to 2048 [ 687.779131][T10735] Call Trace: [ 687.779179][T10735] [ 687.779189][T10735] dump_stack_lvl+0x1e3/0x2d0 [ 687.796347][T10735] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 687.801988][T10735] ? _printk+0xd1/0x120 [ 687.806161][T10735] ? __wake_up_klogd+0xcc/0x100 [ 687.811023][T10735] ? panic+0x860/0x860 [ 687.815097][T10735] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 687.820565][T10735] print_address_description+0x63/0x3b0 [ 687.826118][T10735] ? udf_write_aext+0x5e9/0x7a0 [ 687.830977][T10735] kasan_report+0x16b/0x1c0 [ 687.835491][T10735] ? udf_write_aext+0x5e9/0x7a0 [ 687.840355][T10735] udf_write_aext+0x5e9/0x7a0 [ 687.845046][T10735] udf_add_entry+0x17b7/0x3350 [ 687.849837][T10735] ? rcu_is_watching+0x11/0xa0 [ 687.854615][T10735] ? udf_add_nondir+0x5d0/0x5d0 [ 687.859473][T10735] ? udf_new_inode+0xaf9/0xf10 [ 687.864254][T10735] ? release_firmware_map_entry+0x190/0x190 [ 687.870162][T10735] udf_mkdir+0x1a8/0xaa0 [ 687.874411][T10735] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 687.880398][T10735] ? print_irqtrace_events+0x210/0x210 [ 687.885866][T10735] ? udf_symlink+0x1690/0x1690 [ 687.890638][T10735] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 687.896796][T10735] ? lockdep_hardirqs_on+0x94/0x130 [ 687.902018][T10735] vfs_mkdir+0x3b6/0x590 [ 687.906268][T10735] do_mkdirat+0x260/0x520 [ 687.910607][T10735] ? vfs_mkdir+0x590/0x590 [ 687.915028][T10735] ? getname_flags+0x1ec/0x4e0 [ 687.919807][T10735] __x64_sys_mkdirat+0x85/0x90 [ 687.924571][T10735] do_syscall_64+0x3b/0xb0 [ 687.928986][T10735] ? clear_bhb_loop+0x15/0x70 [ 687.933662][T10735] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 687.939557][T10735] RIP: 0033:0x7efe32757897 [ 687.943975][T10735] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 687.963585][T10735] RSP: 002b:00007efe30bafe68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 687.972007][T10735] RAX: ffffffffffffffda RBX: 00007efe30bafef0 RCX: 00007efe32757897 [ 687.979984][T10735] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 687.987957][T10735] RBP: 0000000020000140 R08: 00000000200000c0 R09: 0000000000000000 [ 687.995929][T10735] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000020000040 [ 688.003902][T10735] R13: 00007efe30bafeb0 R14: 0000000000000000 R15: 0000000000000000 [ 688.011901][T10735] [ 688.014919][T10735] [ 688.017243][T10735] Allocated by task 1: [ 688.021305][T10735] ____kasan_kmalloc+0xba/0xf0 [ 688.026069][T10735] krealloc+0xab/0xf0 [ 688.030047][T10735] add_sysfs_param+0xca/0x7f0 [ 688.034721][T10735] kernel_add_sysfs_param+0xb0/0x130 [ 688.040001][T10735] param_sysfs_builtin+0x16a/0x1f0 [ 688.045115][T10735] param_sysfs_init+0x66/0x70 [ 688.049793][T10735] do_one_initcall+0x22b/0x7a0 [ 688.054554][T10735] do_initcall_level+0x157/0x210 [ 688.059487][T10735] do_initcalls+0x49/0x90 [ 688.063811][T10735] kernel_init_freeable+0x425/0x5c0 [ 688.069004][T10735] kernel_init+0x19/0x290 [ 688.073333][T10735] ret_from_fork+0x1f/0x30 [ 688.077747][T10735] [ 688.080064][T10735] The buggy address belongs to the object at ffff888017e4ec00 [ 688.080064][T10735] which belongs to the cache kmalloc-512 of size 512 [ 688.094114][T10735] The buggy address is located 496 bytes to the right of [ 688.094114][T10735] 512-byte region [ffff888017e4ec00, ffff888017e4ee00) [ 688.107912][T10735] The buggy address belongs to the page: [ 688.113552][T10735] page:ffffea00005f9300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17e4c [ 688.123697][T10735] head:ffffea00005f9300 order:2 compound_mapcount:0 compound_pincount:0 [ 688.132013][T10735] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 688.140016][T10735] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888017041c80 [ 688.148598][T10735] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 688.157175][T10735] page dumped because: kasan: bad access detected [ 688.163597][T10735] page_owner tracks the page as allocated [ 688.169300][T10735] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 2200668909, free_ts 0 [ 688.187183][T10735] get_page_from_freelist+0x322a/0x33c0 [ 688.192735][T10735] __alloc_pages+0x272/0x700 [ 688.197329][T10735] alloc_page_interleave+0x22/0x1c0 [ 688.202524][T10735] new_slab+0xbb/0x4b0 [ 688.206592][T10735] ___slab_alloc+0x6f6/0xe10 [ 688.211178][T10735] __kmalloc_track_caller+0x1c7/0x300 [ 688.216551][T10735] krealloc+0x5c/0xf0 [ 688.220541][T10735] add_sysfs_param+0xca/0x7f0 [ 688.225217][T10735] kernel_add_sysfs_param+0xb0/0x130 [ 688.230515][T10735] param_sysfs_builtin+0x16a/0x1f0 [ 688.235621][T10735] param_sysfs_init+0x66/0x70 [ 688.240294][T10735] do_one_initcall+0x22b/0x7a0 [ 688.245056][T10735] do_initcall_level+0x157/0x210 [ 688.249992][T10735] do_initcalls+0x49/0x90 [ 688.254320][T10735] kernel_init_freeable+0x425/0x5c0 [ 688.259510][T10735] kernel_init+0x19/0x290 [ 688.263837][T10735] page_owner free stack trace missing [ 688.269189][T10735] [ 688.271504][T10735] Memory state around the buggy address: [ 688.277120][T10735] ffff888017e4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 688.285180][T10735] ffff888017e4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 688.293239][T10735] >ffff888017e4ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 688.301299][T10735] ^ [ 688.309012][T10735] ffff888017e4f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 688.317067][T10735] ffff888017e4f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 688.325123][T10735] ================================================================== [ 688.333173][T10735] Disabling lock debugging due to kernel taint [ 688.376217][T10737] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 688.407573][T10737] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 688.422523][T10735] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 688.429739][T10735] CPU: 0 PID: 10735 Comm: syz.3.1839 Tainted: G B 5.15.168-syzkaller #0 [ 688.439373][T10735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 688.449430][T10735] Call Trace: [ 688.452707][T10735] [ 688.455637][T10735] dump_stack_lvl+0x1e3/0x2d0 [ 688.460326][T10735] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 688.465968][T10735] ? panic+0x860/0x860 [ 688.470053][T10735] ? rcu_is_watching+0x11/0xa0 [ 688.474823][T10735] ? preempt_schedule_common+0xa6/0xd0 [ 688.480292][T10735] panic+0x318/0x860 [ 688.484195][T10735] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 688.490364][T10735] ? check_panic_on_warn+0x1d/0xa0 [ 688.495486][T10735] ? fb_is_primary_device+0xd0/0xd0 [ 688.500695][T10735] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 688.506683][T10735] ? _raw_spin_unlock+0x40/0x40 [ 688.511548][T10735] check_panic_on_warn+0x7e/0xa0 [ 688.516487][T10735] ? udf_write_aext+0x5e9/0x7a0 [ 688.521342][T10735] end_report+0x6d/0xf0 [ 688.525495][T10735] kasan_report+0x18e/0x1c0 [ 688.529999][T10735] ? udf_write_aext+0x5e9/0x7a0 [ 688.534851][T10735] udf_write_aext+0x5e9/0x7a0 [ 688.539534][T10735] udf_add_entry+0x17b7/0x3350 [ 688.544308][T10735] ? rcu_is_watching+0x11/0xa0 [ 688.549082][T10735] ? udf_add_nondir+0x5d0/0x5d0 [ 688.553937][T10735] ? udf_new_inode+0xaf9/0xf10 [ 688.558708][T10735] ? release_firmware_map_entry+0x190/0x190 [ 688.564607][T10735] udf_mkdir+0x1a8/0xaa0 [ 688.568857][T10735] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 688.574836][T10735] ? print_irqtrace_events+0x210/0x210 [ 688.580304][T10735] ? udf_symlink+0x1690/0x1690 [ 688.585074][T10735] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 688.591242][T10735] ? lockdep_hardirqs_on+0x94/0x130 [ 688.596453][T10735] vfs_mkdir+0x3b6/0x590 [ 688.600702][T10735] do_mkdirat+0x260/0x520 [ 688.605037][T10735] ? vfs_mkdir+0x590/0x590 [ 688.609455][T10735] ? getname_flags+0x1ec/0x4e0 [ 688.614223][T10735] __x64_sys_mkdirat+0x85/0x90 [ 688.618997][T10735] do_syscall_64+0x3b/0xb0 [ 688.623411][T10735] ? clear_bhb_loop+0x15/0x70 [ 688.628090][T10735] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 688.633987][T10735] RIP: 0033:0x7efe32757897 [ 688.638402][T10735] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 688.658007][T10735] RSP: 002b:00007efe30bafe68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 688.666431][T10735] RAX: ffffffffffffffda RBX: 00007efe30bafef0 RCX: 00007efe32757897 [ 688.674404][T10735] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 688.682375][T10735] RBP: 0000000020000140 R08: 00000000200000c0 R09: 0000000000000000 [ 688.690351][T10735] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000020000040 [ 688.698331][T10735] R13: 00007efe30bafeb0 R14: 0000000000000000 R15: 0000000000000000 [ 688.706315][T10735] [ 688.709577][T10735] Kernel Offset: disabled [ 688.713983][T10735] Rebooting in 86400 seconds..