last executing test programs: 17m51.719631981s ago: executing program 1 (id=2): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) pipe2$9p(0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_setup(0x7676, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r4, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0xb, 0xf, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x18c}}}, &(0x7f0000000840)='syzkaller\x00', 0xff, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000940)={0x2, 0x3, 0x3, 0x7}, 0x10, 0x0, r4, 0x0, &(0x7f0000000ac0), 0x0, 0x10, 0x101}, 0x94) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780c206050086dd6018232500102c"], 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000340)={0x0, @in6={{0xa, 0x4e23, 0x1, @rand_addr=' \x01\x00', 0x5}}, [0x9, 0x4, 0x0, 0x2, 0x8, 0x6, 0x7, 0xffffffffffffffc0, 0x8, 0x9, 0x1, 0x80000000, 0x1, 0xfde5, 0x3f2]}, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) r6 = socket$inet_tcp(0x2, 0x1, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000f9ffffff0000000000000000850000002c00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x90) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r7, r8, 0x25, 0x0, @val=@iter={0x0}}, 0x20) syz_emit_ethernet(0x11, &(0x7f0000000380)=ANY=[@ANYBLOB="05c38c886b60aaaaaaaaaabb8848f88e11e5003ed63cf06d925020b7832eb1a5cda9bc5155f6653cd329475c43c721b64037aa07ccd2e95f19a6ba9af0497e515aab274b9d0f40d77a9be20ed4e725ecbdb43304012339bad5c3a5305e79fdd985948e0dc8b0770a8d7cda4a0075"], 0x0) 17m50.450002209s ago: executing program 1 (id=15): syz_mount_image$iso9660(&(0x7f0000000500), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x610, &(0x7f0000001140)="$eJzs3V1vHFcdx/Hf+AE/IIUKUBWFND1NiuRIqbO7bhytejWdPWsP2d1ZzYwr+4YqataV5U0jpSBh3zS+oIAAccEr4JYbLrhHiBsk3ktBXAFSxaJ5stfrfXDjp1B9P6t2zp45c87/zIzmZLzzIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIMerlUplRw2/tbFpRvNqYdAcM7+o7+6xyZh2JSf5T/Pzup5lXf/u0ezXk//d1s3s203NJ5N57X/z9dfe+87MVLH8mIAuyoJ01Oyne/u7j7vdzvNRpacuK6yrsWYfKQr8prtmjR8Fprq6Wrq/Xo9M3W/YaCuKbdN4oXXjIDRL3l1TrlZXjF3eCjZaazW3YYvMh+9USqVV89PFbHu37v9gOfLW/UbDb62lZZLZSZmHyY74yI9NbN2mMds73c7KqOAO8u2UFCr35R/bgoWkUGVSdyulSqVcrlTKqw+qDx6WSjMnMkoDdKLEley0eIWc5+EbOJOpfPxXQ75a2tCmzNCPp5pCBWqOmJ8rxv/v37ejmvznXjY9HP+LUf76UZkbSsf/W9m3W6PG/xGxfOXPXFJ9nv5vr9c7xTLXvpfFtqd97eqxuuqqo+fnFVHf57UzLl84/8iM1mTVkq9IgXw15aY5Js8xqmpVqyrpQ62rrkhGdflqyCrSliLFsuke5SmUlatfKlAooyV5uiujsqqqakVGVsvaUqANtbSmmty0lm3tpOt9ZVz/i0Ll0xSq9Gf/5XihCeP/AuM/Jus7FH559gM4cAa9YvwHAAAAAABfW0761/fk/H9Wb6Sput+wpasOCwAAAAAAnKP0l/+byWQ2Sb0h5xTn/71vXU5wAAAAAADgXDjpPXaOpEW9maWKO6FG/hFg6nJDBAAAAAAAZ5T+/n8rmaTPXntTzuTzf+UXCwAAAAAAgP8PPx/1jP0/p7mOo6g95/zpHwrDWeegvfm289RNZrhPp7PlpgdrjOs3nGt5JelkdSb/5tmbTv70y8OHYH6RT7b74nCGPevXGQjgh0UNQwL4TZEcCEC/0lvZjLeeZNMnxZyslcW637DLXtB4ryzXTeLYjH/8yc5PlHb/F63mTF7xR8+6c0ctHjzNH6B44jmK6cpwNGRl6Efp8xbSey6GPt14Nr0RI2930dH2TrdT6t8A+WUYJ67GGL0B9LluZ2Vu50/aXzze//mkzfJy2vtrU7Ed6H0SRbbc287Tg2SJCT0fFcWdrMydpTvZ5CiKZK2mUVTGRrFTLVZ9tgpeal2MjuJwXayMj6LbWUm3yEG2F7xEFABwVbYnjELOyYE/P7wtDFY15ii3PelNPoOj+6R/XrzIvyWtzBezPtdSlli6kR5YZxZ08oheOjyiJx0YckTPxti0npca3X5/4h1Io8bYpN1fH7ZbTtv9XRK3RrYbNSqO5rKVWPwI8/jjzsedTyqVldXSu6XSg4pm027kk7j+2z8w9gAABkx+x87EEs676Vl1MnP4WfW3Dy8pWNZHeqaunuheerdBesXB/PSQWhf7LkO4N+GsdbHvDS/3Rp7V/avnSH9/J+93R5UxZY/X67xYuYQtAQDA5bndNw7rJcf/e4Pn3TdGjc/JWD7+7Lh/LAcAABfDhl84i/HPnDD02x+Wq9WyG69bEwbeIxP6tTVr/FZsQ2/dba1Z0w6DOPCCRpL4wK/ZyEQb7XYQxqYehKYdRP5m+uZ3k7/6PbJNtxX7XtRuWDeyxgtasevFpuZHnmlvvN/wo3UbpgtHbev5dd9zYz9omelgI/TssjGRtX0F/ZptxTt1P0m2TDv0m264ZT4IGhtNa2o28kK/HQdZhUVbfqsehM202uWrXtkAALwiPt3b333c7XaeX2DiqvsIAACO+wqj9NylBAQAAAAAAAAAAAAAAAAAAAAAAE443Z18X/bO4UbAOQ3kPLvImw6HJ/7411N1ee7SA7u6xL97mVclnr393c8k5Tm9z9S/20zpb+8nu+2FtT49ZNYLSVnOf3qvxPo5deIbe/u7C6deqnFNOsq56iMTgIv2vwAAAP//bdlHnA==") readlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080)=""/29, 0x1d) 17m50.063403267s ago: executing program 1 (id=17): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x6, 0x9, &(0x7f00000002c0)={{0x2, @rand_addr, 0x0, 0x2, 'wlc\x00', 0x29, 0x2, 0x3}, {@dev={0xac, 0x14, 0x14, 0x3f}, 0xffff, 0x2, 0x0, 0x6a, 0x2}}, 0x44) 17m49.744808299s ago: executing program 1 (id=19): mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a) mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, &(0x7f0000000000)={[{@noswap}]}) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2b00ad, 0x0) 17m49.626576271s ago: executing program 1 (id=21): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) move_pages(0x0, 0x20000000000000fe, &(0x7f0000000080)=[&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil], 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0) setrlimit(0x9, &(0x7f0000000040)={0x4, 0x1800000}) io_setup(0xea, &(0x7f00000000c0)) 17m33.649821679s ago: executing program 32 (id=21): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) move_pages(0x0, 0x20000000000000fe, &(0x7f0000000080)=[&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil], 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0) setrlimit(0x9, &(0x7f0000000040)={0x4, 0x1800000}) io_setup(0xea, &(0x7f00000000c0)) 5m34.704304714s ago: executing program 3 (id=3343): syz_open_dev$vim2m(&(0x7f0000000100), 0x1ff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b0400000000000000000200000028000480240001800a000100717565756500000014000280060001400007000006000340000700000900010073797a30"], 0x7c}}, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$kcm(0xf, 0x3, 0x2) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x5, @empty, 0xa098}, {0xa, 0x4e21, 0x9, @mcast1, 0x9}, 0xffffffffffffffff, 0x8001}}, 0x48) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) 5m34.603836724s ago: executing program 3 (id=3344): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x3, &(0x7f0000000040)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@sack_info={0x0, 0x1000, 0x1ff}, 0xc) 5m34.459983678s ago: executing program 3 (id=3345): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, 0x0, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1}) shutdown(r2, 0x0) 5m34.403828494s ago: executing program 3 (id=3346): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x10000, &(0x7f0000000b80)=ANY=[], 0x1, 0x2ab, &(0x7f0000000740)="$eJzs3U9rY1UUAPDz8q8ZXaSIG0XwgS5clalbN40ygtiVEkFdaHBmQJIwMIWAFUy76idw6ffwI7hx4zcQ3Aru2kXlycvL60vaxJYaU5j+fqsz995z73nvDukqJ1+/MRo8fpbE8env0W4nUduLvThLYjtqUTqKRgAAL46zLIu/sttkPqitvxoAYBOKv/+Fu64FANiMTz//4uPu/v6jT9K0Ha91Tsa9JCJGJ+NeMd99Gt/GMJ7Ew+jEeUR2oYib+aJGmtuOt0eTcS/PHH3162z/7p8R0/zd6MT21fwPP9p/tJsWLvJfKqtLo/u0Wf6jE68uz3/3cn6MJtFrxTtvzdW/E5347Zt4FsN4HHlulf/Dbpp+kP14+v2X+TF5flKL3tZ0XSWrb+ZGAAAAAAAAAAAAAAAAAAAAAAC4D3bSNCna90z79+RD0/454179fDq/k5bm+/tMyv5ASblR0R8oi1mLnkkWP5X9dR6maZrNFlb5jXi94YcFAAAAAAAAAAAAAAAAAAAAIHfw3eGgPxw+eb6WoOwGUH6t/7b77M2NvBmHg3599YZbNz+rcVQ9eF7rvy6ORiPW9FquCx7k9ax9563qcj+LIigvZq1nvfJ+senhoJ/OpsqXPOgn153VLi/u5/mpVvzXwrLpf4nzbPFO2xelLma11vQ2Wi8vnfo7y7Kb7fPeH8UdzUaSaYuNm53enAVLHzAP2lfv4pfVG678yKiv55MHAAAAAAAAAAAAAAAAAAC4rPrS75LJ4xVJxXjtfy0MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADao+v3/MmhHxOLIYtCskleuqYJWPD+4y+cDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfvgnAAD///PnTH8=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2000, 0x1e1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x6, 0x12, r0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$getregset(0x4204, r1, 0x1, &(0x7f0000001140)={&(0x7f0000000140)=""/4096, 0x1000}) 5m34.072468507s ago: executing program 3 (id=3347): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000100)) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1}) 5m31.536733481s ago: executing program 3 (id=3352): syz_open_dev$vim2m(&(0x7f0000000100), 0x1ff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b0400000000000000000200000028000480240001800a000100717565756500000014000280060001400007000006000340000700000900010073797a30"], 0x7c}}, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$kcm(0xf, 0x3, 0x2) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x5, @empty, 0xa098}, {0xa, 0x4e21, 0x9, @mcast1, 0x9}, 0xffffffffffffffff, 0x8001}}, 0x48) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) 5m30.825015302s ago: executing program 33 (id=3352): syz_open_dev$vim2m(&(0x7f0000000100), 0x1ff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b0400000000000000000200000028000480240001800a000100717565756500000014000280060001400007000006000340000700000900010073797a30"], 0x7c}}, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$kcm(0xf, 0x3, 0x2) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x5, @empty, 0xa098}, {0xa, 0x4e21, 0x9, @mcast1, 0x9}, 0xffffffffffffffff, 0x8001}}, 0x48) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) 6.098581712s ago: executing program 0 (id=4810): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000017c0)=@newtfilter={0x4d8, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r2, {0xfff1}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}, @filter_kind_options=@f_flow={{0x9}, {0x49c, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0xfff3}}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1fdbe}, @TCA_FLOW_POLICE={0x480, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x4, 0x3, 0x9, 0x0, {0x0, 0x1, 0xeb4, 0x7ff, 0x40, 0xf69}, {0x0, 0x0, 0x7fff, 0x91a, 0x2, 0x5}, 0x7, 0x100, 0x3}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3, 0xffffc362, 0x1, 0x3, 0x0, 0x7, 0x68aebd05, 0x5, 0x1000, 0x9, 0x4, 0x7fffffff, 0x6, 0x8, 0x0, 0x6, 0xffffffff, 0x8, 0x9, 0x10, 0xd, 0x5, 0x9, 0x40, 0x8, 0x5, 0x3, 0x0, 0x5, 0x1, 0xa1, 0x3, 0xc, 0x7fff, 0x8, 0x9, 0x8, 0x2a, 0x6e3, 0xfff, 0x10000, 0xe03, 0x3, 0x0, 0x5, 0x9, 0x7fff, 0xfffffffd, 0x5, 0x4, 0x6, 0x0, 0xe8cb, 0x7, 0x2, 0xcc6, 0x1, 0x5, 0x4, 0x800, 0x6, 0x0, 0xe2a, 0x4, 0x9, 0x0, 0x2, 0x3, 0x5, 0x2, 0xbb, 0x5, 0x80000001, 0x2, 0x800, 0x0, 0xa, 0x5, 0x1, 0x3, 0x0, 0x0, 0x4, 0x5, 0x8000, 0x0, 0x1, 0x7, 0x6, 0x2, 0x7515, 0x10000000, 0xd, 0x0, 0x9, 0x2, 0x8, 0x80000001, 0xfff, 0x4, 0x1, 0x3ff, 0x3, 0x1, 0x3, 0x8, 0x85, 0x8, 0xea7, 0x0, 0x81, 0x7, 0x4, 0x82, 0xffffd0f9, 0x9, 0x81, 0x10, 0x3, 0xfffffffa, 0x0, 0x1, 0x4, 0xa1, 0x80000001, 0x5, 0x7f, 0x971b, 0x7, 0x40fec6d6, 0x0, 0x40, 0x6, 0x3, 0x4, 0x401, 0x0, 0x2, 0x0, 0x5, 0xe, 0x4, 0xffff05f5, 0x2, 0xff, 0x3, 0xffff, 0xf, 0xd, 0x4, 0x2, 0x9, 0x3b, 0x80000000, 0xab, 0xffff, 0x0, 0x5, 0x8, 0x0, 0x7fffffff, 0xa5e3, 0xc, 0x0, 0x8, 0xfe, 0x386, 0xe, 0x5, 0x8b36, 0x0, 0x1, 0x9, 0x240000, 0x4, 0x756, 0x4, 0x0, 0x8, 0x6, 0x6, 0x900, 0xa47, 0xfffffffc, 0x6, 0x6, 0x1000, 0x0, 0x9, 0x7, 0x1, 0x9, 0x8, 0x4, 0x975b, 0x3, 0x1, 0x4, 0x1, 0x1, 0x5, 0x0, 0x7, 0xfffffff9, 0x3, 0x2, 0x8, 0x0, 0x2, 0x1, 0x8, 0x9, 0x0, 0x4, 0x9, 0x6, 0x5d528fb, 0xffffffff, 0xffffffff, 0xcfa8, 0x81, 0x1, 0x0, 0x80000000, 0x5, 0x3, 0x40, 0xfffff076, 0x6, 0xfffffffa, 0x4, 0x7, 0x9, 0x7, 0x480c, 0x9, 0x9ec, 0x1, 0x1, 0x2, 0x8, 0x8, 0x8, 0x6, 0xffff0001, 0x4, 0xb7f3, 0x100, 0x2, 0x8, 0x4, 0x7, 0x3, 0xffff30f8, 0xffff, 0x101]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x6, 0x0, 0x0, 0x0, {0xe, 0x1, 0xff, 0x6, 0x10, 0x7}, {0x9, 0x1, 0x800, 0x88f, 0x101, 0xf7fd}, 0x5, 0x390, 0x9}}]}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x4d8}}, 0x24040084) 5.244619357s ago: executing program 0 (id=4815): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x40000, 0x0, 0x1, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x4002, 0x0, 0x1, 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x3000809, 0x0, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x1c0) mount$overlay(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@xino_on}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000040)='./bus\x00', 0x888430, &(0x7f0000000000)=ANY=[], 0x1, 0x0, 0x0) openat2$dir(0xffffff9c, &(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000140)={0x40, 0x110, 0x2}, 0x18) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0/file0\x00', 0x0, 0x139) getdents64(r0, &(0x7f0000000100)=""/134, 0xfece) 4.944201917s ago: executing program 0 (id=4819): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(r1) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000440)={r4}, &(0x7f00000002c0)=0x8) 4.61436278s ago: executing program 0 (id=4822): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x3c1, 0x3, 0x350, 0x1c0, 0x111, 0x4b4, 0x1c0, 0xd4feffff, 0x2d8, 0x20a, 0x278, 0x2d8, 0x278, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x20}, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x7a, 0x168, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x28}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x25}}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00', {}, {}, 0x21, 0x0, 0x1, 0x6}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x0, 0x400, {0x9}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd2b, 0x25dfdbfb, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0x1, 0x5}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x55}, 0xc010) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001600)=[{0x0}], 0x1}, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 3.893530082s ago: executing program 2 (id=4826): sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000b00)=[{}], 0x1, 0x0, 0x0, 0x40054}, 0x4040884) r0 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01) setreuid(0x0, 0xee00) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0]) 3.600737931s ago: executing program 2 (id=4829): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0x7, 0x0, &(0x7f0000000c40)="63eced8e46dc3f", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 3.460753085s ago: executing program 0 (id=4831): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r2 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r1}, 0x8) close(r2) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r2, 0x0, 0x0}, 0x10) 3.264961834s ago: executing program 2 (id=4832): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000300)={[], [{@smackfsfloor={'smackfsfloor', 0x3d, '\x86V\xb8\rm\xa2\x0e\x19'}}]}, 0x4, 0x43d, &(0x7f0000000900)="$eJzs281vG0UbAPBn7SR9+/FSU5WPpgUCBRHxkTRpKT1wAYHEASQkOJRjSNIq1G1QEyRaRRAQKkdUiTviiMRfwAkuCDghcYU7qlShXFrgYrTZ3cR27LQOTlzw7ydtMrM7zszj3bFnZ7IB9K2R9EcSsS8ifomI/Vm2scBI9uvmytL0HytL00nUaq//nqyWu7GyNF0ULV63t8gMRJQ+TuJwi3oXLl0+N1Wtzl7M8+OL598ZX7h0+em581NnZ8/OXpg8derE8YlnT04+05U407huDL8/f+TQy29efXX69NW3fvgqKeJviqNLRjY7+Fit1uXqeuv/delkoIcNoSPlrJvG4Gr/3x/lWD95++Olj3raOGBb1Wq12r3tDy/XgP+wJHrdAqA3ii/69P632HZo6HFHuP58dgOUxn0z37IjA1HKyww23d9200hEnF7+8/N0i+2ZhwAAaPBNOv55Kh//NSz8lKJ+XuiufA2lEhF3R8SBiDgZEQcj4p6I1bL3RcT9HdbfvEiycfxTutbhn+xIOv57Ll/bahz/FaO/qJQj/iqGy5UYTM7MVWeP5e/JaAzuSvMTm9Tx7Ys/f9ruWP34L93S+ouxYN6OawO7Gl8zM7U49U9irnf9w4jhgVbxJ2srAellcSgihrdYx9wTXx5pd+zW8Tcaqs90YZ2p9kXE49n5X46m+AvJ5uuT4/+L6uyx8eKq2OjHn6681q7+TuPvtvT872l5/a/FX0nq12sXOq/jyq+ftL2n2er1P5S80bDvvanFxYsTEUPJK1mj6/dPNpWbXC+fxj96tHX/PxDr78ThiEgv4gci4sGIeChv+8MR8UhEHN0k/u9fePTtxj1JB/FvrzT+mY7O/3piKJr3tE6Uz333dUOllegg/vT8n1hNjeZ7bufz73batbWrGQAAAP59ShGxL5LS2Fq6VBoby/6H/2DsKVXnFxafPDP/7oWZ7BmBSgyWipmubD44mw+dyG/ri/xkU/54Pm/8WXn3an5ser460+vgoc/tbdP/U7+Ve906YNt5Xgv6l/4P/Uv/h/6l/0P/atH/d/eiHcDOa/X9/0EP2gHsvKb+b9kP+oj7f+hf+j/0L/0f+tLC7rj1Q/ISEhsSUbojmiGxTYlefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0x98BAAD///1B6is=") r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x18) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="380000000102010100000000000000000200000224000180140001800800010000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5, @none, 0xffff, 0x2}, 0x2b) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x17c, 0x19, 0x1, 0x0, 0x25dfdbfd, {{@in=@multicast1, @in=@remote, 0x0, 0xb, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x1, 0x0, 0x80}}, [@tmpl={0xc4, 0x5, [{{@in=@multicast2, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x34ff, 0x0, 0x2}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x0, 0x33}, 0x0, @in=@private=0xa010101, 0x3504, 0x0, 0x0, 0x1, 0x0, 0xabf, 0x1000000}, {{@in6=@loopback, 0x4d4, 0x3c}, 0x0, @in=@multicast1, 0x3, 0x0, 0x1, 0x8, 0x9, 0x0, 0x400}]}]}, 0x17c}}, 0x0) r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) setsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f0000000040)=0x1, 0x4) 2.775058983s ago: executing program 2 (id=4835): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000017c0)=@newtfilter={0x4d8, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r2, {0xfff1}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}, @filter_kind_options=@f_flow={{0x9}, {0x49c, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0xfff3}}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1fdbe}, @TCA_FLOW_POLICE={0x480, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x4, 0x3, 0x9, 0x0, {0x0, 0x1, 0xeb4, 0x7ff, 0x40, 0xf69}, {0x0, 0x0, 0x7fff, 0x91a, 0x2, 0x5}, 0x7, 0x100, 0x3}}, @TCA_POLICE_RATE={0x404, 0x2, [0x2, 0x957, 0x2, 0xf95, 0x80, 0x3, 0x6, 0x9, 0x8, 0x6, 0xa7b9, 0x1, 0xd3, 0x43, 0x0, 0x1, 0x80000000, 0x9fb, 0x50, 0x13, 0x91, 0x1, 0x5, 0x86ec, 0xe, 0x13, 0x0, 0x7, 0xa, 0xff, 0x2, 0x80000, 0x6, 0x4a, 0x6, 0xb6, 0x6, 0x9, 0x80000000, 0x7, 0x1, 0x5, 0x80000001, 0x4, 0xa, 0xa89, 0x6e, 0x8000, 0xfffffffd, 0x80000001, 0x800, 0xa21, 0x9, 0x176de9f, 0xf3, 0x0, 0x8, 0x8, 0x1, 0x188, 0x5f3, 0x9, 0x0, 0xffffffff, 0xfffffff8, 0x3, 0x2, 0x6, 0x2, 0x5e, 0x9, 0x9, 0x200, 0x4, 0x3, 0x2, 0x8, 0x80000001, 0xfffffffb, 0x8, 0xffc2, 0x6, 0x4c, 0x0, 0xc, 0x5, 0x7, 0x24d, 0xbf2, 0x1ff, 0xde, 0xb0, 0x0, 0xffffffff, 0x0, 0x5, 0x1, 0x9, 0x802, 0x3, 0x1, 0x6, 0x1, 0x1, 0x1, 0x6c7ac214, 0x2, 0x9, 0x10001, 0x7fffffff, 0xb, 0xce7, 0x6, 0x40, 0xfff, 0x1d, 0xffffffff, 0x9, 0xb, 0x0, 0x10001, 0x400, 0x5, 0x0, 0x1, 0x7ff, 0x8, 0x117ea5d1, 0x5, 0xc925, 0x8, 0x48d59cf, 0x2, 0xffc, 0xd6, 0x5, 0x2, 0x9, 0x80, 0x3, 0x1, 0x3ff, 0x7bd274a9, 0x10001, 0x7, 0x40, 0x3ff, 0x2, 0x4, 0x5, 0x5, 0xcd, 0x80000001, 0x1, 0x2, 0xffff, 0x6, 0x3f3a, 0x6d, 0xbb68, 0x7, 0x0, 0x1, 0x2, 0x4, 0xb4, 0x8, 0x2, 0x8, 0x4, 0x8, 0x2, 0x0, 0xa795, 0x1, 0x0, 0x10001, 0x3, 0x3198b2bd, 0x7, 0xffffffff, 0x8, 0xc, 0x5, 0x7f, 0x8000, 0x0, 0x3, 0x5, 0x3, 0x0, 0xd, 0x2, 0x8, 0x7fffffff, 0x10000, 0x6, 0x10001, 0xb, 0x7, 0x5, 0x3, 0x2, 0x5, 0x3, 0x8, 0x7, 0x7fffffff, 0x5, 0x1d977981, 0xfffffffd, 0xa8a, 0x7fff, 0xe99, 0x2b, 0xffff79e9, 0x3, 0x9, 0x4, 0x80, 0x6, 0xffffffff, 0x1000, 0xc175, 0x4d, 0xfffffffd, 0x3, 0x3c, 0xd, 0x9, 0x64a, 0x80000001, 0x7ff, 0xa48f, 0x4, 0x4b8, 0x1, 0x3ff, 0x6, 0x9, 0xcc, 0x5, 0x7ff, 0x84e, 0x7, 0x2, 0x10001, 0x9, 0x3, 0x1000, 0xe, 0x3788, 0x7, 0x7, 0x0, 0x7]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x6, 0x0, 0x0, 0x0, {0xe, 0x1, 0xff, 0x6, 0x10, 0x7}, {0x9, 0x1, 0x800, 0x88f, 0x101, 0xf7fd}, 0x5, 0x390, 0x9}}]}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x4d8}}, 0x24040084) 1.984486182s ago: executing program 2 (id=4839): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x3c1, 0x3, 0x350, 0x1c0, 0x111, 0x4b4, 0x1c0, 0xd4feffff, 0x2d8, 0x20a, 0x278, 0x2d8, 0x278, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x20}, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x7a, 0x168, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x28}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x25}}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00', {}, {}, 0x21, 0x0, 0x1, 0x6}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x0, 0x400, {0x9}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd2b, 0x25dfdbfb, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0x1, 0x5}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x55}, 0xc010) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001600)=[{0x0}], 0x1}, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 1.942711937s ago: executing program 4 (id=4840): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0x7, 0x0, &(0x7f0000000c40)="63eced8e46dc3f", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 1.752825066s ago: executing program 4 (id=4842): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(r1) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000440)={r4}, &(0x7f00000002c0)=0x8) 1.695866921s ago: executing program 4 (id=4843): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000300)={[], [{@smackfsfloor={'smackfsfloor', 0x3d, '\x86V\xb8\rm\xa2\x0e\x19'}}]}, 0x4, 0x43d, &(0x7f0000000900)="$eJzs281vG0UbAPBn7SR9+/FSU5WPpgUCBRHxkTRpKT1wAYHEASQkOJRjSNIq1G1QEyRaRRAQKkdUiTviiMRfwAkuCDghcYU7qlShXFrgYrTZ3cR27LQOTlzw7ydtMrM7zszj3bFnZ7IB9K2R9EcSsS8ifomI/Vm2scBI9uvmytL0HytL00nUaq//nqyWu7GyNF0ULV63t8gMRJQ+TuJwi3oXLl0+N1Wtzl7M8+OL598ZX7h0+em581NnZ8/OXpg8derE8YlnT04+05U407huDL8/f+TQy29efXX69NW3fvgqKeJviqNLRjY7+Fit1uXqeuv/delkoIcNoSPlrJvG4Gr/3x/lWD95++Olj3raOGBb1Wq12r3tDy/XgP+wJHrdAqA3ii/69P632HZo6HFHuP58dgOUxn0z37IjA1HKyww23d9200hEnF7+8/N0i+2ZhwAAaPBNOv55Kh//NSz8lKJ+XuiufA2lEhF3R8SBiDgZEQcj4p6I1bL3RcT9HdbfvEiycfxTutbhn+xIOv57Ll/bahz/FaO/qJQj/iqGy5UYTM7MVWeP5e/JaAzuSvMTm9Tx7Ys/f9ruWP34L93S+ouxYN6OawO7Gl8zM7U49U9irnf9w4jhgVbxJ2srAellcSgihrdYx9wTXx5pd+zW8Tcaqs90YZ2p9kXE49n5X46m+AvJ5uuT4/+L6uyx8eKq2OjHn6681q7+TuPvtvT872l5/a/FX0nq12sXOq/jyq+ftL2n2er1P5S80bDvvanFxYsTEUPJK1mj6/dPNpWbXC+fxj96tHX/PxDr78ThiEgv4gci4sGIeChv+8MR8UhEHN0k/u9fePTtxj1JB/FvrzT+mY7O/3piKJr3tE6Uz333dUOllegg/vT8n1hNjeZ7bufz73batbWrGQAAAP59ShGxL5LS2Fq6VBoby/6H/2DsKVXnFxafPDP/7oWZ7BmBSgyWipmubD44mw+dyG/ri/xkU/54Pm/8WXn3an5ser460+vgoc/tbdP/U7+Ve906YNt5Xgv6l/4P/Uv/h/6l/0P/atH/d/eiHcDOa/X9/0EP2gHsvKb+b9kP+oj7f+hf+j/0L/0f+tLC7rj1Q/ISEhsSUbojmiGxTYlefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0x98BAAD///1B6is=") r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x18) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="380000000102010100000000000000000200000224000180140001800800010000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5, @none, 0xffff, 0x2}, 0x2b) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x17c, 0x19, 0x1, 0x0, 0x25dfdbfd, {{@in=@multicast1, @in=@remote, 0x0, 0xb, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x1, 0x0, 0x80}}, [@tmpl={0xc4, 0x5, [{{@in=@multicast2, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x34ff, 0x0, 0x2}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x0, 0x33}, 0x0, @in=@private=0xa010101, 0x3504, 0x0, 0x0, 0x1, 0x0, 0xabf, 0x1000000}, {{@in6=@loopback, 0x4d4, 0x3c}, 0x0, @in=@multicast1, 0x3, 0x0, 0x1, 0x8, 0x9, 0x0, 0x400}]}]}, 0x17c}}, 0x0) r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) setsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f0000000040)=0x1, 0x4) 1.441898817s ago: executing program 4 (id=4845): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1200000004000000080000000280"], 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r2, 0x0, 0x0}, 0x20) 1.133775127s ago: executing program 4 (id=4847): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000017c0)=@newtfilter={0x4d8, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r2, {0xfff1}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}, @filter_kind_options=@f_flow={{0x9}, {0x49c, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0xfff3}}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1fdbe}, @TCA_FLOW_POLICE={0x480, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x4, 0x3, 0x9, 0x0, {0x0, 0x1, 0xeb4, 0x7ff, 0x40, 0xf69}, {0x0, 0x0, 0x7fff, 0x91a, 0x2, 0x5}, 0x7, 0x100, 0x3}}, @TCA_POLICE_RATE={0x404, 0x2, [0x2, 0x957, 0x2, 0xf95, 0x80, 0x3, 0x6, 0x9, 0x8, 0x6, 0xa7b9, 0x1, 0xd3, 0x43, 0x0, 0x1, 0x80000000, 0x9fb, 0x50, 0x13, 0x91, 0x1, 0x5, 0x86ec, 0xe, 0x13, 0x0, 0x7, 0xa, 0xff, 0x2, 0x80000, 0x6, 0x4a, 0x6, 0xb6, 0x6, 0x9, 0x80000000, 0x7, 0x1, 0x5, 0x80000001, 0x4, 0xa, 0xa89, 0x6e, 0x8000, 0xfffffffd, 0x80000001, 0x800, 0xa21, 0x9, 0x176de9f, 0xf3, 0x0, 0x8, 0x8, 0x1, 0x188, 0x5f3, 0x9, 0x0, 0xffffffff, 0xfffffff8, 0x3, 0x2, 0x6, 0x2, 0x5e, 0x9, 0x9, 0x200, 0x4, 0x3, 0x2, 0x8, 0x80000001, 0xfffffffb, 0x8, 0xffc2, 0x6, 0x4c, 0x0, 0xc, 0x5, 0x7, 0x24d, 0xbf2, 0x1ff, 0xde, 0xb0, 0x0, 0xffffffff, 0x0, 0x5, 0x1, 0x9, 0x802, 0x3, 0x1, 0x6, 0x1, 0x1, 0x1, 0x6c7ac214, 0x2, 0x9, 0x10001, 0x7fffffff, 0xb, 0xce7, 0x6, 0x40, 0xfff, 0x1d, 0xffffffff, 0x9, 0xb, 0x0, 0x10001, 0x400, 0x5, 0x0, 0x1, 0x7ff, 0x8, 0x117ea5d1, 0x5, 0xc925, 0x8, 0x48d59cf, 0x2, 0xffc, 0xd6, 0x5, 0x2, 0x9, 0x80, 0x3, 0x1, 0x3ff, 0x7bd274a9, 0x10001, 0x7, 0x40, 0x3ff, 0x2, 0x4, 0x5, 0x5, 0xcd, 0x80000001, 0x1, 0x2, 0xffff, 0x6, 0x3f3a, 0x6d, 0xbb68, 0x7, 0x0, 0x1, 0x2, 0x4, 0xb4, 0x8, 0x2, 0x8, 0x4, 0x8, 0x2, 0x0, 0xa795, 0x1, 0x0, 0x10001, 0x3, 0x3198b2bd, 0x7, 0xffffffff, 0x8, 0xc, 0x5, 0x7f, 0x8000, 0x0, 0x3, 0x5, 0x3, 0x0, 0xd, 0x2, 0x8, 0x7fffffff, 0x10000, 0x6, 0x10001, 0xb, 0x7, 0x5, 0x3, 0x2, 0x5, 0x3, 0x8, 0x7, 0x7fffffff, 0x5, 0x1d977981, 0xfffffffd, 0xa8a, 0x7fff, 0xe99, 0x2b, 0xffff79e9, 0x3, 0x9, 0x4, 0x80, 0x6, 0xffffffff, 0x1000, 0xc175, 0x4d, 0xfffffffd, 0x3, 0x3c, 0xd, 0x9, 0x64a, 0x80000001, 0x7ff, 0xa48f, 0x4, 0x4b8, 0x1, 0x3ff, 0x6, 0x9, 0xcc, 0x5, 0x7ff, 0x84e, 0x7, 0x2, 0x10001, 0x9, 0x3, 0x1000, 0xe, 0x3788, 0x7, 0x7, 0x0, 0x7]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x6, 0x0, 0x0, 0x0, {0xe, 0x1, 0xff, 0x6, 0x10, 0x7}, {0x9, 0x1, 0x800, 0x88f, 0x101, 0xf7fd}, 0x5, 0x390, 0x9}}]}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x4d8}}, 0x24040084) 987.351332ms ago: executing program 4 (id=4848): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f00000000c0)=0x3, 0x4) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x1, 0x0, @loopback, @empty}, "00186371ae9b1c03"}}}}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x4000, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 892.756831ms ago: executing program 5 (id=4849): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xc4, &(0x7f00000004c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x18, 0xb6, 0x65, 0x0, 0x8, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2}, {{0x4e23, 0x4e21, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x1, 0xf, 0x0, 0x3}, {"d780be6071b4f9ec99a81f6cf286fba247472ca41ae688c670610119af1c125ab19d279ebd82f53c53bf8832ec4aa4fec9f9777078a2adb51ffdaff8439e6f2807db17a108a18e665d7eb0fb67d0cbeb9a341f53883c55d512a2f2e3201c1008d9ee904c9b5962851d05de71552cbccc4de08d4f7eb64610eabb6787e3708e8fede8dbcd9436f83ea56f9a835ca7"}}}}}}, 0x0) 774.611983ms ago: executing program 2 (id=4850): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000005c0)={[0x5836, 0x8, 0x7, 0x4000000000000e52, 0x1, 0x5479, 0x1041, 0x200000000006, 0xfffffffffffffffd, 0x1, 0xfffffffffffffffe, 0x100000000, 0x1, 0x40000000009, 0x8000000000005, 0x10000800040068], 0xd000, 0x80}) ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f0000000080)={0xeeee8000, 0xeeee0000, 0xe, 0x9, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 665.253294ms ago: executing program 5 (id=4851): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(r1) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000440)={r4}, &(0x7f00000002c0)=0x8) 538.772796ms ago: executing program 5 (id=4852): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001f40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 484.488182ms ago: executing program 5 (id=4853): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000300)={[], [{@smackfsfloor={'smackfsfloor', 0x3d, '\x86V\xb8\rm\xa2\x0e\x19'}}]}, 0x4, 0x43d, &(0x7f0000000900)="$eJzs281vG0UbAPBn7SR9+/FSU5WPpgUCBRHxkTRpKT1wAYHEASQkOJRjSNIq1G1QEyRaRRAQKkdUiTviiMRfwAkuCDghcYU7qlShXFrgYrTZ3cR27LQOTlzw7ydtMrM7zszj3bFnZ7IB9K2R9EcSsS8ifomI/Vm2scBI9uvmytL0HytL00nUaq//nqyWu7GyNF0ULV63t8gMRJQ+TuJwi3oXLl0+N1Wtzl7M8+OL598ZX7h0+em581NnZ8/OXpg8derE8YlnT04+05U407huDL8/f+TQy29efXX69NW3fvgqKeJviqNLRjY7+Fit1uXqeuv/delkoIcNoSPlrJvG4Gr/3x/lWD95++Olj3raOGBb1Wq12r3tDy/XgP+wJHrdAqA3ii/69P632HZo6HFHuP58dgOUxn0z37IjA1HKyww23d9200hEnF7+8/N0i+2ZhwAAaPBNOv55Kh//NSz8lKJ+XuiufA2lEhF3R8SBiDgZEQcj4p6I1bL3RcT9HdbfvEiycfxTutbhn+xIOv57Ll/bahz/FaO/qJQj/iqGy5UYTM7MVWeP5e/JaAzuSvMTm9Tx7Ys/f9ruWP34L93S+ouxYN6OawO7Gl8zM7U49U9irnf9w4jhgVbxJ2srAellcSgihrdYx9wTXx5pd+zW8Tcaqs90YZ2p9kXE49n5X46m+AvJ5uuT4/+L6uyx8eKq2OjHn6681q7+TuPvtvT872l5/a/FX0nq12sXOq/jyq+ftL2n2er1P5S80bDvvanFxYsTEUPJK1mj6/dPNpWbXC+fxj96tHX/PxDr78ThiEgv4gci4sGIeChv+8MR8UhEHN0k/u9fePTtxj1JB/FvrzT+mY7O/3piKJr3tE6Uz333dUOllegg/vT8n1hNjeZ7bufz73batbWrGQAAAP59ShGxL5LS2Fq6VBoby/6H/2DsKVXnFxafPDP/7oWZ7BmBSgyWipmubD44mw+dyG/ri/xkU/54Pm/8WXn3an5ser460+vgoc/tbdP/U7+Ve906YNt5Xgv6l/4P/Uv/h/6l/0P/atH/d/eiHcDOa/X9/0EP2gHsvKb+b9kP+oj7f+hf+j/0L/0f+tLC7rj1Q/ISEhsSUbojmiGxTYlefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0x98BAAD///1B6is=") r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x18) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="380000000102010100000000000000000200000224000180140001800800010000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5, @none, 0xffff, 0x2}, 0x2b) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x17c, 0x19, 0x1, 0x0, 0x25dfdbfd, {{@in=@multicast1, @in=@remote, 0x0, 0xb, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x1, 0x0, 0x80}}, [@tmpl={0xc4, 0x5, [{{@in=@multicast2, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x34ff, 0x0, 0x2}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x0, 0x33}, 0x0, @in=@private=0xa010101, 0x3504, 0x0, 0x0, 0x1, 0x0, 0xabf, 0x1000000}, {{@in6=@loopback, 0x4d4, 0x3c}, 0x0, @in=@multicast1, 0x3, 0x0, 0x1, 0x8, 0x9, 0x0, 0x400}]}]}, 0x17c}}, 0x0) r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) setsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f0000000040)=0x1, 0x4) 274.253823ms ago: executing program 5 (id=4854): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000005c0)) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40000020) 140.724896ms ago: executing program 5 (id=4855): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000240)='timer_start\x00', r2}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r4}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 0s ago: executing program 0 (id=4856): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x2000018c) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x3ef, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000002ec0), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000280)=0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}, @NFTA_CT_DIRECTION={0x5, 0x3, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x80}, 0x1, 0x0, 0x0, 0x840}, 0x0) ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f00000000c0)=0x2) r5 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'veth0_vlan\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000240)={@private0, 0x58, r6}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x34, 0x10, 0x801, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4a919}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000)) r9 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc) setsockopt$ax25_SO_BINDTODEVICE(r9, 0x101, 0x19, &(0x7f00000001c0)=@bpq0, 0x10) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000)) setsockopt$ax25_SO_BINDTODEVICE(r9, 0x101, 0x19, &(0x7f0000000180)=@netrom={'nr', 0x0}, 0x10) kernel console output (not intermixed with test programs): usb usb4-port1: unable to enumerate USB device [ 715.648020][ T9] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 715.852757][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 715.864058][ T9] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 715.874750][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 715.893721][ T9] usb 3-1: config 0 descriptor?? [ 716.282046][T15490] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2846'. [ 716.850772][T15490] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2846'. [ 718.832466][ T9] usbhid 3-1:0.0: can't add hid device: -71 [ 718.861864][ T9] usbhid: probe of 3-1:0.0 failed with error -71 [ 718.882804][ T9] usb 3-1: USB disconnect, device number 41 [ 719.194280][ T2944] syzkaller0: tun_net_xmit 76 [ 719.202777][ T2944] syzkaller0: tun_net_xmit 48 [ 719.218287][T14024] syzkaller0: tun_net_xmit 76 [ 719.288032][ T9] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 719.458823][ T9] usb 3-1: device descriptor read/64, error -71 [ 719.732366][ T9] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 719.898098][ T9] usb 3-1: device descriptor read/64, error -71 [ 720.026769][ T9] usb usb3-port1: attempt power cycle [ 720.438803][ T9] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 720.485765][ T9] usb 3-1: device descriptor read/8, error -71 [ 720.782021][ T9] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 720.827675][ T9] usb 3-1: device descriptor read/8, error -71 [ 720.948177][ T9] usb usb3-port1: unable to enumerate USB device [ 722.427873][ T786] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 722.632550][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 722.665488][ T786] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 722.689565][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 722.740640][ T786] usb 3-1: config 0 descriptor?? [ 723.088409][T15552] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2864'. [ 723.251341][T15552] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2864'. [ 723.480200][T15564] loop4: detected capacity change from 0 to 128 [ 724.094040][ T27] audit: type=1800 audit(1762999280.019:410): pid=15558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2866" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 724.196698][T15570] sg_write: data in/out 987/14 bytes for SCSI command 0x0-- guessing data in; [ 724.196698][T15570] program syz.4.2869 not setting count and/or reply_len properly [ 725.450897][ T786] usbhid 3-1:0.0: can't add hid device: -71 [ 725.460793][ T786] usbhid: probe of 3-1:0.0 failed with error -71 [ 725.508646][ T786] usb 3-1: USB disconnect, device number 46 [ 726.086399][T15588] netlink: 'syz.0.2872': attribute type 8 has an invalid length. [ 729.158002][ T5862] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 729.253942][T15619] syzkaller0: entered promiscuous mode [ 729.259722][T15619] syzkaller0: entered allmulticast mode [ 729.308981][ T5862] usb 4-1: device descriptor read/64, error -71 [ 729.621835][ T5862] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 729.823051][ T5862] usb 4-1: device descriptor read/64, error -71 [ 729.965620][ T5862] usb usb4-port1: attempt power cycle [ 730.021339][ T27] audit: type=1800 audit(1762999285.949:411): pid=15623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2880" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 730.040850][ C0] vkms_vblank_simulate: vblank timer overrun [ 730.438024][ T5862] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 730.509665][ T5862] usb 4-1: device descriptor read/8, error -71 [ 730.798103][ T5862] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 730.849306][ T5862] usb 4-1: device descriptor read/8, error -71 [ 730.978604][ T5862] usb usb4-port1: unable to enumerate USB device [ 735.012166][T15682] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2898'. [ 735.290555][T15690] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2901'. [ 735.322143][T15690] vlan2: entered promiscuous mode [ 735.331789][T15690] batadv0: entered promiscuous mode [ 735.387862][ T786] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 735.637917][ T786] usb 5-1: device descriptor read/64, error -71 [ 736.617840][ T786] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 736.797988][ T786] usb 5-1: device descriptor read/64, error -71 [ 736.821473][T15719] loop3: detected capacity change from 0 to 16 [ 736.851561][T15719] erofs: (device loop3): mounted with root inode @ nid 36. [ 736.854766][T15717] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2908'. [ 736.933045][ T786] usb usb5-port1: attempt power cycle [ 736.951161][T15719] syz.3.2909: attempt to access beyond end of device [ 736.951161][T15719] loop3: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 737.082140][T15724] loop3: detected capacity change from 0 to 164 [ 737.092563][T15724] ======================================================= [ 737.092563][T15724] WARNING: The mand mount option has been deprecated and [ 737.092563][T15724] and is ignored by this kernel. Remove the mand [ 737.092563][T15724] option from the mount to silence this warning. [ 737.092563][T15724] ======================================================= [ 737.398606][ T786] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 737.444842][ T786] usb 5-1: device descriptor read/8, error -71 [ 737.466217][T15732] sg_write: data in/out 987/14 bytes for SCSI command 0x0-- guessing data in; [ 737.466217][T15732] program syz.3.2912 not setting count and/or reply_len properly [ 737.741050][ T786] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 737.792001][ T786] usb 5-1: device descriptor read/8, error -71 [ 737.938045][ T786] usb usb5-port1: unable to enumerate USB device [ 738.419622][T15738] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2914'. [ 738.445494][T15738] vlan2: entered promiscuous mode [ 738.454708][T15738] batadv0: entered promiscuous mode [ 739.427886][T13106] Bluetooth: hci0: command 0x0406 tx timeout [ 739.837918][ T5863] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 739.908138][ T9] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 740.039921][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 740.057952][ T9] usb 4-1: device descriptor read/64, error -71 [ 740.075257][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 740.093627][ T5863] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 740.112983][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.134100][ T5863] usb 5-1: config 0 descriptor?? [ 740.339109][ T9] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 740.487898][T14219] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 740.507887][ T9] usb 4-1: device descriptor read/64, error -71 [ 740.569788][ T5863] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0 [ 740.641459][ T9] usb usb4-port1: attempt power cycle [ 740.647432][T14219] usb 3-1: device descriptor read/64, error -71 [ 740.660847][ T5863] cp2112 0003:10C4:EA90.000D: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 740.768322][ T5863] cp2112 0003:10C4:EA90.000D: Part Number: 0x82 Device Version: 0xFE [ 740.947978][T14219] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 741.097886][ T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 741.105719][T14219] usb 3-1: device descriptor read/64, error -71 [ 741.148862][ T9] usb 4-1: device descriptor read/8, error -71 [ 741.231997][T14219] usb usb3-port1: attempt power cycle [ 741.383007][ T5863] cp2112 0003:10C4:EA90.000D: error reading lock byte: 0 [ 741.418055][ T9] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 741.449249][ T9] usb 4-1: device descriptor read/8, error -71 [ 741.568331][ T9] usb usb4-port1: unable to enumerate USB device [ 741.587291][T15760] cp2112 0003:10C4:EA90.000D: Error starting transaction: -38 [ 741.647916][T14219] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 741.691709][T14219] usb 3-1: device descriptor read/8, error -71 [ 741.950405][ T9] usb 5-1: reset high-speed USB device number 61 using dummy_hcd [ 741.978000][T14219] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 742.009217][T14219] usb 3-1: device descriptor read/8, error -71 [ 742.132716][T14219] usb usb3-port1: unable to enumerate USB device [ 742.270381][T15777] sg_write: data in/out 987/14 bytes for SCSI command 0x0-- guessing data in; [ 742.270381][T15777] program syz.4.2926 not setting count and/or reply_len properly [ 742.964412][ T5863] usb 5-1: USB disconnect, device number 61 [ 743.397250][T15789] loop4: detected capacity change from 0 to 128 [ 743.596800][T15794] syzkaller0: entered promiscuous mode [ 743.602804][T15794] syzkaller0: entered allmulticast mode [ 743.917887][ T5863] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 743.968009][ T9] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 744.110822][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 744.123652][ T9] usb 4-1: device descriptor read/64, error -71 [ 744.130134][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 744.140837][ T5863] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 744.150632][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 744.164294][ T5863] usb 5-1: config 0 descriptor?? [ 744.277941][T14219] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 744.418063][ T9] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 744.481602][T14219] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 744.538040][T14219] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 744.549818][T14219] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 744.563356][T14219] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 744.573915][T14219] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 744.586156][ T5863] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0 [ 744.597845][ T9] usb 4-1: device descriptor read/64, error -71 [ 744.620548][T14219] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 744.630345][ T5863] cp2112 0003:10C4:EA90.000E: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 744.643548][T14219] usb 3-1: invalid MIDI out EP 0 [ 744.696487][T14219] snd-usb-audio: probe of 3-1:27.0 failed with error -22 [ 744.720828][ T9] usb usb4-port1: attempt power cycle [ 744.785122][ T5863] cp2112 0003:10C4:EA90.000E: Part Number: 0x82 Device Version: 0xFE [ 744.798559][T15807] udevd[15807]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 745.147890][ T9] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 745.178740][ T9] usb 4-1: device descriptor read/8, error -71 [ 745.396138][ T5863] cp2112 0003:10C4:EA90.000E: error reading lock byte: 0 [ 745.458651][ T9] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 745.489014][ T9] usb 4-1: device descriptor read/8, error -71 [ 745.608534][T15797] cp2112 0003:10C4:EA90.000E: Error starting transaction: -38 [ 745.618565][ T9] usb usb4-port1: unable to enumerate USB device [ 745.918032][ T9] usb 5-1: reset high-speed USB device number 62 using dummy_hcd [ 746.577927][ T9] usb 5-1: device descriptor read/64, error -71 [ 746.801139][T15818] sg_write: data in/out 987/14 bytes for SCSI command 0x0-- guessing data in; [ 746.801139][T15818] program syz.0.2939 not setting count and/or reply_len properly [ 746.873241][ T9] usb 5-1: reset high-speed USB device number 62 using dummy_hcd [ 746.904357][ T9] usb 5-1: device reset changed ep0 maxpacket size! [ 746.950680][ T5863] usb 5-1: USB disconnect, device number 62 [ 746.956513][T14024] usb 3-1: USB disconnect, device number 51 [ 747.128014][ T5863] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 747.217067][T15827] syzkaller0: entered promiscuous mode [ 747.222982][T15827] syzkaller0: entered allmulticast mode [ 747.339572][ T5863] usb 5-1: Using ep0 maxpacket: 32 [ 747.353333][ T5863] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 747.365334][ T5863] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 747.394566][ T5863] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 747.439065][ T5863] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 81 [ 747.478035][ T5863] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 747.487709][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.517131][ T5863] usb 5-1: config 0 descriptor?? [ 747.594890][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.601349][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.777888][T14219] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 747.960320][T14219] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 747.978402][T14219] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 747.989061][T14219] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 747.999950][T14219] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 748.012178][T14219] usb 3-1: config 0 descriptor?? [ 748.436555][T14219] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0 [ 748.445713][T14219] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 748.635209][T14219] cp2112 0003:10C4:EA90.000F: Part Number: 0x82 Device Version: 0xFE [ 749.241501][T14219] cp2112 0003:10C4:EA90.000F: error reading lock byte: 0 [ 749.320910][T14219] usb 5-1: USB disconnect, device number 63 [ 749.452591][T15831] cp2112 0003:10C4:EA90.000F: Error starting transaction: -38 [ 749.459219][T15845] vlan2: entered promiscuous mode [ 749.717899][T14219] usb 3-1: reset high-speed USB device number 52 using dummy_hcd [ 750.799327][ T9] usb 3-1: USB disconnect, device number 52 [ 752.518046][T14024] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 752.677946][T14024] usb 3-1: device descriptor read/64, error -71 [ 752.967900][T14024] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 753.118182][T14024] usb 3-1: device descriptor read/64, error -71 [ 753.238151][T14024] usb usb3-port1: attempt power cycle [ 753.647954][T14024] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 753.684169][T14024] usb 3-1: device descriptor read/8, error -71 [ 753.972050][T14024] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 754.015116][T14024] usb 3-1: device descriptor read/8, error -71 [ 754.148664][T14024] usb usb3-port1: unable to enumerate USB device [ 754.836839][T15960] loop0: detected capacity change from 0 to 16 [ 754.865032][T15960] erofs: (device loop0): mounted with root inode @ nid 36. [ 755.141642][T14024] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 755.328207][T14024] usb 5-1: Using ep0 maxpacket: 32 [ 755.372211][T14024] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 755.388092][T14024] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 755.404251][T14024] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 755.435089][T14024] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 81 [ 755.464592][T14024] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 755.484831][T14024] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 755.506502][T14024] usb 5-1: config 0 descriptor?? [ 755.745763][T15991] binder: 15990:15991 ioctl c0306201 200000000240 returned -11 [ 756.237879][T14219] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 756.400079][T14219] usb 3-1: device descriptor read/64, error -71 [ 756.677913][T14219] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 756.827866][T14219] usb 3-1: device descriptor read/64, error -71 [ 756.836332][T16005] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3014'. [ 756.948109][T14219] usb usb3-port1: attempt power cycle [ 757.063167][T16013] binder: 16012:16013 ioctl c0306201 200000000240 returned -11 [ 757.997623][T14024] usb 5-1: USB disconnect, device number 64 [ 758.125063][T14219] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 758.175014][T14219] usb 3-1: device descriptor read/8, error -71 [ 758.311853][T16027] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3023'. [ 758.447853][T14219] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 758.513629][T14219] usb 3-1: device descriptor read/8, error -71 [ 758.616985][T16035] binder: 16034:16035 ioctl c0306201 200000000240 returned -11 [ 758.651110][T14219] usb usb3-port1: unable to enumerate USB device [ 759.819363][T14219] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 759.912430][T16050] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3032'. [ 760.028297][T14219] usb 4-1: Using ep0 maxpacket: 32 [ 760.042838][T14219] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 760.056836][T14219] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 760.078391][T14219] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 760.093521][T14219] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 760.105831][T14219] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 760.130500][T14219] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 760.167389][T14219] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 760.207899][T14219] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 760.223971][T14219] usb 4-1: config 0 descriptor?? [ 760.300025][T16061] binder: 16060:16061 ioctl c0306201 200000000240 returned -11 [ 761.091162][T16071] loop4: detected capacity change from 0 to 128 [ 761.498592][T16078] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3041'. [ 761.523239][T16078] vlan2: entered promiscuous mode [ 761.528649][T16078] batadv0: entered promiscuous mode [ 761.746896][T16088] loop2: detected capacity change from 0 to 16 [ 761.773372][T16088] erofs: (device loop2): mounted with root inode @ nid 36. [ 761.850342][T16090] binder: 16089:16090 ioctl c0306201 200000000240 returned -11 [ 762.089655][T14219] usb 4-1: USB disconnect, device number 44 [ 763.042812][T16117] sg_write: data in/out 987/14 bytes for SCSI command 0x0-- guessing data in; [ 763.042812][T16117] program syz.3.3055 not setting count and/or reply_len properly [ 763.314531][T16120] binder: 16119:16120 ioctl c0306201 200000000240 returned -11 [ 763.574448][ T2944] syzkaller0: tun_net_xmit 76 [ 763.581568][ T2944] syzkaller0: tun_net_xmit 48 [ 764.601871][T16145] binder: 16144:16145 ioctl c0306201 0 returned -14 [ 764.638880][T16145] binder: 16144:16145 ioctl c0306201 200000000240 returned -11 [ 767.637894][T14024] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 767.841372][T14024] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 767.854634][T14024] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 767.864266][T14024] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 767.894508][T14024] usb 4-1: config 0 descriptor?? [ 768.244469][T16175] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3073'. [ 768.566646][T16175] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3073'. [ 768.841946][T16183] binder: 16181:16183 ioctl c0306201 0 returned -14 [ 768.851793][T16183] binder: 16181:16183 ioctl c0306201 200000000240 returned -11 [ 769.797610][T16210] sg_write: data in/out 987/14 bytes for SCSI command 0x0-- guessing data in; [ 769.797610][T16210] program syz.2.3082 not setting count and/or reply_len properly [ 770.543645][T14024] usbhid 4-1:0.0: can't add hid device: -71 [ 770.614475][T14024] usbhid: probe of 4-1:0.0 failed with error -71 [ 770.662678][T14024] usb 4-1: USB disconnect, device number 45 [ 771.928921][T16233] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3088'. [ 771.951059][T16233] vlan2: entered promiscuous mode [ 774.890454][T16263] sg_write: data in/out 987/14 bytes for SCSI command 0x0-- guessing data in; [ 774.890454][T16263] program syz.2.3097 not setting count and/or reply_len properly [ 775.265726][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 778.647852][T14024] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 778.851057][T14024] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 778.877468][T14024] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 778.907061][T14024] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 778.938810][T14024] usb 4-1: config 0 descriptor?? [ 779.301004][T16324] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3109'. [ 779.391537][T16324] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3109'. [ 781.531167][T14024] usbhid 4-1:0.0: can't add hid device: -71 [ 781.562480][T14024] usbhid: probe of 4-1:0.0 failed with error -71 [ 781.594043][T14024] usb 4-1: USB disconnect, device number 46 [ 782.519278][T16373] binder: 16372:16373 ioctl c0306201 200000000240 returned -11 [ 782.672058][T16377] loop2: detected capacity change from 0 to 2048 [ 782.727227][T16377] Alternate GPT is invalid, using primary GPT. [ 782.735157][T16377] loop2: p1 p2 p3 [ 783.613517][T16391] loop2: detected capacity change from 0 to 512 [ 783.703810][T16391] FAT-fs (loop2): unable to read block(39996882944) for building NFS inode [ 787.790442][T16476] Illegal XDP return value 4294967274 on prog (id 72) dev syz_tun, expect packet loss! [ 789.610465][ T27] audit: type=1326 audit(1762999345.529:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16505 comm="syz.3.3172" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f01c458f6c9 code=0x0 [ 792.471435][T16530] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3176'. [ 792.862214][T16540] loop0: detected capacity change from 0 to 2048 [ 792.928194][T16540] Alternate GPT is invalid, using primary GPT. [ 792.937249][T16544] loop4: detected capacity change from 0 to 512 [ 792.943886][T16540] loop0: p1 p2 p3 [ 792.958383][T16540] loop0: partition table partially beyond EOD, truncated [ 793.153099][ T5160] Alternate GPT is invalid, using primary GPT. [ 793.173056][ T5160] loop0: p1 p2 p3 [ 793.176868][ T5160] loop0: partition table partially beyond EOD, truncated [ 793.683430][T13623] udevd[13623]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 793.719468][T15808] udevd[15808]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 793.732263][T13949] udevd[13949]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 793.890433][T13623] udevd[13623]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 793.892814][T15808] udevd[15808]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 793.928880][T13949] udevd[13949]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 794.081484][ T27] audit: type=1326 audit(1762999350.009:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16564 comm="syz.4.3187" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f620658f6c9 code=0x0 [ 794.167638][T16569] fuse: Bad value for 'fd' [ 795.354794][T16586] loop3: detected capacity change from 0 to 256 [ 795.499631][T16588] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 ! [ 795.715345][T16597] fuse: Bad value for 'fd' [ 795.936439][T16604] binder: 16603:16604 ioctl c0306201 0 returned -14 [ 796.027363][T16605] binder: 16603:16605 ioctl c0306201 2000000001c0 returned -14 [ 797.551903][T16628] fuse: Bad value for 'fd' [ 798.232789][T16635] syzkaller0: entered promiscuous mode [ 798.246234][T16635] syzkaller0: entered allmulticast mode [ 798.374418][ T27] audit: type=1326 audit(1762999354.299:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16633 comm="syz.0.3207" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c7d98f6c9 code=0x0 [ 801.186802][T16656] fuse: Unknown parameter 'group_i00000000000000000000' [ 802.608508][T16660] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3215'. [ 803.197907][ T786] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 803.367986][ T786] usb 3-1: device descriptor read/64, error -71 [ 803.642573][ T786] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 803.837847][ T786] usb 3-1: device descriptor read/64, error -71 [ 803.876606][T16680] loop3: detected capacity change from 0 to 512 [ 803.958673][ T786] usb usb3-port1: attempt power cycle [ 804.368371][ T786] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 804.418674][ T786] usb 3-1: device descriptor read/8, error -71 [ 804.532758][T16689] fuse: Unknown parameter 'group_id00000000000000000000' [ 804.659897][T16691] loop0: detected capacity change from 0 to 128 [ 804.707881][ T786] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 804.758834][ T786] usb 3-1: device descriptor read/8, error -71 [ 804.888704][ T786] usb usb3-port1: unable to enumerate USB device [ 805.037943][T16696] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3225'. [ 806.534948][T16714] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 806.544567][T16714] overlayfs: failed to set xattr on upper [ 806.550502][T16714] overlayfs: ...falling back to redirect_dir=nofollow. [ 806.557491][T16714] overlayfs: ...falling back to index=off. [ 806.563608][T16714] overlayfs: ...falling back to uuid=null. [ 807.332422][T16721] fuse: Unknown parameter 'group_id00000000000000000000' [ 807.730378][T16726] loop2: detected capacity change from 0 to 128 [ 808.269047][T16734] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3238'. [ 808.650048][T16742] fuse: Unknown parameter 'group_id00000000000000000000' [ 808.816967][T16754] loop3: detected capacity change from 0 to 128 [ 809.023312][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.030174][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.809300][T16774] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3250'. [ 810.340242][T16784] fuse: Bad value for 'user_id' [ 810.553715][T16781] loop3: detected capacity change from 0 to 8192 [ 810.829299][T16792] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3256'. [ 811.244690][T16801] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3260'. [ 811.437109][T16808] fuse: Bad value for 'user_id' [ 811.709309][T16820] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3267'. [ 812.192329][T16834] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3272'. [ 812.393246][T16837] fuse: Bad value for 'user_id' [ 812.995862][T16852] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3281'. [ 813.241766][T16859] syzkaller0: entered promiscuous mode [ 813.249297][T16859] syzkaller0: entered allmulticast mode [ 813.514033][ T967] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 813.731201][ T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 813.742525][ T967] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 813.761864][ T967] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 813.773649][ T967] usb 5-1: config 0 descriptor?? [ 814.003645][ T967] usbhid 5-1:0.0: can't add hid device: -71 [ 814.025370][ T967] usbhid: probe of 5-1:0.0 failed with error -71 [ 814.047801][ T967] usb 5-1: USB disconnect, device number 65 [ 814.620493][ T967] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 814.817912][ T967] usb 5-1: Using ep0 maxpacket: 32 [ 814.851175][ T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 814.862465][ T967] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 814.872063][ T967] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 814.884466][ T967] usb 5-1: config 0 descriptor?? [ 814.901231][ T967] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 814.932746][ T967] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 816.428504][T14024] usb 5-1: USB disconnect, device number 66 [ 816.448600][T14024] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 816.632295][T16887] syzkaller0: entered promiscuous mode [ 816.644927][T16887] syzkaller0: entered allmulticast mode [ 816.652653][T16885] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3292'. [ 817.305322][T16903] syzkaller0: entered promiscuous mode [ 817.327535][T16903] syzkaller0: entered allmulticast mode [ 818.172431][T16927] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3308'. [ 820.522918][T16922] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3307'. [ 820.875132][T16960] fuse: Bad value for 'fd' [ 821.318571][T16969] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3318'. [ 822.022642][T16974] syzkaller0: entered promiscuous mode [ 822.040117][T16974] syzkaller0: entered allmulticast mode [ 822.530618][T16986] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3323'. [ 822.961834][T17001] fuse: Bad value for 'fd' [ 825.647914][T17022] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3330'. [ 825.782978][T17028] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3332'. [ 826.552817][T17034] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 826.585370][T17034] overlayfs: failed to set xattr on upper [ 826.607981][T17034] overlayfs: ...falling back to redirect_dir=nofollow. [ 826.649252][T17034] overlayfs: ...falling back to index=off. [ 826.671470][T17034] overlayfs: ...falling back to uuid=null. [ 826.685665][T17036] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3335'. [ 826.725221][T17036] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3335'. [ 827.000070][T17046] syzkaller0: entered promiscuous mode [ 827.012219][T17046] syzkaller0: entered allmulticast mode [ 827.097755][T17049] syzkaller0: entered promiscuous mode [ 827.104056][T17049] syzkaller0: entered allmulticast mode [ 828.028838][T17064] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3343'. [ 828.336802][T17071] loop3: detected capacity change from 0 to 256 [ 828.637202][T13473] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 828.649747][T13473] FAT-fs (loop3): Filesystem has been set read-only [ 828.684331][T13473] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 830.646467][T17075] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3348'. [ 830.657024][T17075] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3348'. [ 831.250418][ T1311] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.548646][ T1311] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.815373][ T1311] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 831.959449][ T1311] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 832.026298][T17103] loop2: detected capacity change from 0 to 512 [ 832.065002][T17103] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 832.931201][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 832.943825][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 832.954690][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 832.969856][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 832.981339][ T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 832.993607][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 833.109307][T17119] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3358'. [ 833.698138][T17136] syzkaller0: entered promiscuous mode [ 833.710523][T17136] syzkaller0: entered allmulticast mode [ 834.498689][ T1311] hsr_slave_0: left promiscuous mode [ 834.528723][ T1311] hsr_slave_1: left promiscuous mode [ 834.652107][ T1311] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 834.686654][ T1311] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 834.722280][ T1311] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 834.746221][ T1311] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 834.756491][ T1311] bridge_slave_1: left allmulticast mode [ 834.766554][ T1311] bridge_slave_1: left promiscuous mode [ 834.779409][ T1311] bridge0: port 2(bridge_slave_1) entered disabled state [ 834.833044][ T1311] bridge_slave_0: left allmulticast mode [ 834.839009][ T1311] bridge_slave_0: left promiscuous mode [ 834.848045][ T1311] bridge0: port 1(bridge_slave_0) entered disabled state [ 834.940669][ T1311] veth1_macvtap: left promiscuous mode [ 834.946842][ T1311] veth0_macvtap: left promiscuous mode [ 834.958090][ T1311] veth1_vlan: left promiscuous mode [ 834.980879][ T1311] veth0_vlan: left promiscuous mode [ 835.097988][T13106] Bluetooth: hci1: command tx timeout [ 836.334235][T17206] fuse: Bad value for 'fd' [ 837.031741][ T1311] team0 (unregistering): Port device team_slave_1 removed [ 837.139205][ T1311] team0 (unregistering): Port device team_slave_0 removed [ 837.179853][T13106] Bluetooth: hci1: command tx timeout [ 837.222554][ T1311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 837.308930][ T1311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 838.208113][ T1311] bond0 (unregistering): Released all slaves [ 838.414719][T17115] chnl_net:caif_netlink_parms(): no params data found [ 838.549750][T17229] fuse: Bad value for 'fd' [ 838.808847][T17234] fuse: Bad value for 'fd' [ 838.915567][T17115] bridge0: port 1(bridge_slave_0) entered blocking state [ 838.949517][T17115] bridge0: port 1(bridge_slave_0) entered disabled state [ 838.956816][T17115] bridge_slave_0: entered allmulticast mode [ 838.973630][T17115] bridge_slave_0: entered promiscuous mode [ 838.987322][T17115] bridge0: port 2(bridge_slave_1) entered blocking state [ 838.997645][T17115] bridge0: port 2(bridge_slave_1) entered disabled state [ 839.005389][T17115] bridge_slave_1: entered allmulticast mode [ 839.012791][T17115] bridge_slave_1: entered promiscuous mode [ 839.119629][T17115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 839.159868][T17115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 839.258561][T13106] Bluetooth: hci1: command tx timeout [ 839.269197][T17115] team0: Port device team_slave_0 added [ 839.290670][T17115] team0: Port device team_slave_1 added [ 839.443096][T17115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 839.456988][T17115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 839.519455][T17115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 839.554657][T17115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 839.569549][T17115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 839.623993][T17115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 839.872948][T17115] hsr_slave_0: entered promiscuous mode [ 839.918812][T17115] hsr_slave_1: entered promiscuous mode [ 839.933072][T17115] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 839.948032][T17115] Cannot create hsr debugfs directory [ 840.022037][T17256] syzkaller0: entered promiscuous mode [ 840.027616][T17256] syzkaller0: entered allmulticast mode [ 840.136951][T17262] fuse: Bad value for 'fd' [ 840.608903][T17115] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 840.623562][T17115] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 840.635178][T17115] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 840.642390][T17277] fuse: Bad value for 'fd' [ 840.657515][T17115] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 840.797378][T17115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 840.855205][T17115] 8021q: adding VLAN 0 to HW filter on device team0 [ 840.879460][ T1075] bridge0: port 1(bridge_slave_0) entered blocking state [ 840.886747][ T1075] bridge0: port 1(bridge_slave_0) entered forwarding state [ 840.917034][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state [ 840.924390][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 841.338683][T13106] Bluetooth: hci1: command tx timeout [ 841.680022][T17115] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 842.492392][T17331] syzkaller0: entered promiscuous mode [ 842.516418][T17331] syzkaller0: entered allmulticast mode [ 842.723722][T17115] veth0_vlan: entered promiscuous mode [ 842.772975][T17115] veth1_vlan: entered promiscuous mode [ 842.800301][T17330] loop2: detected capacity change from 0 to 8192 [ 842.912998][T17115] veth0_macvtap: entered promiscuous mode [ 842.953529][T17115] veth1_macvtap: entered promiscuous mode [ 843.036729][T17115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 843.094391][T17115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.125668][T17115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 843.146870][T17115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.167539][T17115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 843.187907][T17115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.214283][T17115] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 843.260502][T17115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 843.285240][T17115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.305958][T17115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 843.327795][T17115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.371480][T17115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 843.391471][T17115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.419339][T17115] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 843.447367][T17115] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.473776][T17115] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.482972][T17115] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.499906][T17115] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.616299][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 843.640716][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 843.703103][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 843.719081][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 843.937992][T17358] 9pnet_fd: Insufficient options for proto=fd [ 844.005740][T17360] fuse: Bad value for 'fd' [ 844.190081][T17367] syzkaller0: entered promiscuous mode [ 844.205096][T17367] syzkaller0: entered allmulticast mode [ 845.573970][T17402] fuse: Bad value for 'fd' [ 845.677000][T17404] loop0: detected capacity change from 0 to 128 [ 845.751854][T17409] fuse: Bad value for 'fd' [ 846.418549][T17419] syzkaller0: entered promiscuous mode [ 846.439221][T17419] syzkaller0: entered allmulticast mode [ 846.486909][T17423] loop2: detected capacity change from 0 to 128 [ 846.620325][T17423] syz.2.3422: attempt to access beyond end of device [ 846.620325][T17423] loop2: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 847.016337][ T27] audit: type=1800 audit(1762999402.939:415): pid=17424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3419" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 847.281017][T17446] syzkaller0: entered promiscuous mode [ 847.291923][T17446] syzkaller0: entered allmulticast mode [ 848.264148][T17481] syzkaller0: entered promiscuous mode [ 848.277361][T17481] syzkaller0: entered allmulticast mode [ 849.785869][T17520] overlayfs: failed to resolve './bus': -2 [ 850.652758][T17545] loop2: detected capacity change from 0 to 164 [ 850.701611][T17545] Unsupported NM flag settings (240) [ 850.985194][T17550] overlayfs: failed to clone upperpath [ 851.209895][T17554] fuse: Bad value for 'fd' [ 851.520260][T17560] vlan2: entered promiscuous mode [ 851.531483][T17560] bridge0: entered promiscuous mode [ 851.542767][T17560] bridge0: port 3(vlan2) entered blocking state [ 851.551889][T17560] bridge0: port 3(vlan2) entered disabled state [ 851.564086][T17560] vlan2: entered allmulticast mode [ 851.576283][T17560] bridge0: entered allmulticast mode [ 851.586586][T17560] vlan2: left allmulticast mode [ 851.592685][T17560] bridge0: left allmulticast mode [ 852.434362][T17582] fuse: Bad value for 'fd' [ 852.696230][T17589] overlayfs: failed to resolve './file2': -2 [ 852.921186][T17595] x_tables: ip_tables: osf match: only valid for protocol 6 [ 854.092936][T17604] syzkaller0: entered promiscuous mode [ 854.136756][T17604] syzkaller0: entered allmulticast mode [ 854.539484][T17626] overlayfs: failed to resolve './file2': -2 [ 855.575421][T17656] syzkaller0: entered promiscuous mode [ 855.594069][T17656] syzkaller0: entered allmulticast mode [ 855.807378][T17662] fuse: Unknown parameter '0x0000000000000003' [ 856.199254][ T27] audit: type=1800 audit(1762999412.109:416): pid=17654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3489" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 856.489855][T17675] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 856.921355][T17682] fuse: Unknown parameter '0x0000000000000003' [ 857.111615][T17690] loop2: detected capacity change from 0 to 1764 [ 858.348730][ T27] audit: type=1800 audit(1762999414.249:417): pid=17704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3508" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 858.588172][T17711] fuse: Unknown parameter '0x0000000000000003' [ 859.323696][T17742] overlayfs: failed to clone upperpath [ 859.517190][T17750] fuse: Unknown parameter '0x0000000000000003' [ 860.405467][T17778] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 860.846435][T17790] overlayfs: failed to clone upperpath [ 861.041705][ T27] audit: type=1800 audit(1762999416.969:418): pid=17776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3524" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 861.128440][T17793] fuse: Unknown parameter '0x0000000000000003' [ 862.400298][T17826] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 862.458268][T17827] fuse: Unknown parameter '0x0000000000000003' [ 863.417240][T17862] xt_hashlimit: max too large, truncated to 1048576 [ 863.911299][ T27] audit: type=1800 audit(1762999419.839:419): pid=17852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3547" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 863.948667][T17877] fuse: Unknown parameter 'fd0x0000000000000003' [ 864.288367][T17888] loop0: detected capacity change from 0 to 256 [ 864.518853][T17893] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 866.045613][T17927] fuse: Unknown parameter 'fd0x0000000000000003' [ 866.549304][T17937] overlayfs: failed to clone upperpath [ 867.144465][T17964] fuse: Unknown parameter 'fd0x0000000000000003' [ 867.274584][T17967] loop5: detected capacity change from 0 to 256 [ 867.381113][T17967] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 867.419277][T17967] FAT-fs (loop5): Filesystem has been set read-only [ 867.426197][T17967] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 867.467980][T17967] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 867.493283][ T27] audit: type=1800 audit(1762999423.419:420): pid=17967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3574" name="file1" dev="loop5" ino=1048624 res=0 errno=0 [ 868.064597][T14024] Process accounting resumed [ 868.631460][T18010] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3587'. [ 868.695515][T18013] kernel profiling enabled (shift: 63) [ 868.716285][T18013] profiling shift: 63 too large [ 870.016975][T18048] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3596'. [ 870.031312][T18049] overlayfs: missing 'lowerdir' [ 871.423361][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 871.430431][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 873.047962][ T786] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 873.129566][ T27] audit: type=1800 audit(1762999429.059:421): pid=18098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3609" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 873.231991][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 873.243333][ T786] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 873.252673][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 873.279738][ T786] usb 3-1: config 0 descriptor?? [ 873.593463][T18128] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3616'. [ 873.612249][T18128] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3616'. [ 873.951830][T14024] kernel write not supported for file bpf-prog (pid: 14024 comm: kworker/1:0) [ 874.991542][ T27] audit: type=1800 audit(1762999430.919:422): pid=18145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3627" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 876.228805][ T786] usbhid 3-1:0.0: can't add hid device: -71 [ 876.235008][ T786] usbhid: probe of 3-1:0.0 failed with error -71 [ 876.296774][ T786] usb 3-1: USB disconnect, device number 65 [ 877.166288][T18191] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 877.406937][T18197] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3645'. [ 877.420937][T18197] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3645'. [ 879.636786][T18244] 8021q: VLANs not supported on sit0 [ 879.652408][T18245] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 879.929570][T18252] syzkaller0: entered promiscuous mode [ 879.940726][T18252] syzkaller0: entered allmulticast mode [ 880.426808][T18258] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 880.464261][T18258] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 880.511846][T18258] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 881.843118][T18283] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3676'. [ 881.893060][T18283] @: renamed from team0 (while UP) [ 881.964277][T18283] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3676'. [ 882.559849][T18289] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3678'. [ 882.599419][T18289] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3678'. [ 882.819125][T18294] overlayfs: missing 'lowerdir' [ 882.828482][T18295] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 883.416411][T18306] loop5: detected capacity change from 0 to 256 [ 884.338265][T18322] overlayfs: missing 'lowerdir' [ 885.308666][T18333] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 885.787361][T18352] fuse: Bad value for 'fd' [ 886.642145][ T5848] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 886.864426][ T5848] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 886.947501][ T5848] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 886.969229][ T5848] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 887.011275][ T5848] usb 6-1: config 0 descriptor?? [ 887.097600][T18380] loop2: detected capacity change from 0 to 256 [ 887.175939][T18382] fuse: Bad value for 'fd' [ 887.375671][T18369] netlink: 156 bytes leftover after parsing attributes in process `syz.5.3707'. [ 887.451544][T18369] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3707'. [ 887.654945][T18395] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 888.353013][T18415] fuse: Bad value for 'fd' [ 889.454846][T18440] syzkaller0: entered promiscuous mode [ 889.476499][T18440] syzkaller0: entered allmulticast mode [ 889.518453][ T5848] usbhid 6-1:0.0: can't add hid device: -71 [ 889.524699][ T5848] usbhid: probe of 6-1:0.0 failed with error -71 [ 889.556381][ T5848] usb 6-1: USB disconnect, device number 2 [ 889.855795][T18444] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3730'. [ 889.902769][T18444] @: renamed from team0 (while UP) [ 891.005054][T18467] ptrace attach of "./syz-executor exec"[18468] was attempted by "./syz-executor exec"[18467] [ 892.236285][T18489] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3746'. [ 892.256081][T18489] @: renamed from team0 (while UP) [ 894.543882][T18520] loop5: detected capacity change from 0 to 512 [ 894.880110][T18531] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3764'. [ 894.917954][T18531] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3764'. [ 895.489375][T18554] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 895.508193][T18554] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 896.362344][T18570] 9pnet: Could not find request transport: Ngu7%ifJqKgږ^G5b~CH9|# [ 896.575641][T18577] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 896.587183][T18577] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 897.716216][ T27] audit: type=1800 audit(1762999453.639:423): pid=18586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3785" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 898.444621][T18595] loop5: detected capacity change from 0 to 256 [ 898.797033][T18601] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 898.807025][T18601] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 899.447941][ T9] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 899.652539][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 899.663895][ T9] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 899.673664][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 899.685156][ T9] usb 3-1: config 0 descriptor?? [ 900.022290][T18608] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3795'. [ 901.061319][T18603] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 901.087835][T18608] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3795'. [ 902.583282][ T9] usbhid 3-1:0.0: can't add hid device: -71 [ 902.611577][ T9] usbhid: probe of 3-1:0.0 failed with error -71 [ 902.615545][T18629] overlayfs: missing 'lowerdir' [ 902.648109][ T9] usb 3-1: USB disconnect, device number 66 [ 903.838481][T18653] overlayfs: missing 'lowerdir' [ 908.936344][T18678] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 909.573405][ T27] audit: type=1800 audit(1762999465.479:424): pid=18708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3831" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 910.206508][T18736] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 910.656251][T18746] 9pnet_fd: Insufficient options for proto=fd [ 912.298986][T18777] 9pnet_fd: Insufficient options for proto=fd [ 912.484256][T18778] loop2: detected capacity change from 0 to 1764 [ 912.495992][ T27] audit: type=1800 audit(1762999468.409:425): pid=18768 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3852" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 914.041421][T18805] 9pnet_fd: Insufficient options for proto=fd [ 916.012869][ T27] audit: type=1800 audit(1762999471.949:426): pid=18818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3869" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 916.635722][T18786] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 916.830702][T18833] 9pnet_fd: Insufficient options for proto=fd [ 917.563399][T18862] kvm: requested 19276 ns i8254 timer period limited to 200000 ns [ 917.574457][T18862] kvm: requested 25980 ns i8254 timer period limited to 200000 ns [ 917.595435][T18862] kvm: requested 172647 ns i8254 timer period limited to 200000 ns [ 917.613657][T18862] kvm: requested 129066 ns i8254 timer period limited to 200000 ns [ 917.646694][T18862] kvm: requested 66209 ns i8254 timer period limited to 200000 ns [ 917.675111][T18862] kvm: requested 25142 ns i8254 timer period limited to 200000 ns [ 917.697291][T18862] kvm: requested 128228 ns i8254 timer period limited to 200000 ns [ 918.127375][T18867] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 923.431489][T18890] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3891'. [ 923.440722][T18890] 8021q: VLANs not supported on gre0 [ 924.103947][T18930] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3903'. [ 924.156477][T18930] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3903'. [ 929.551871][T18984] 9pnet_fd: Insufficient options for proto=fd [ 931.911669][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.918177][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.672054][T19033] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 933.745958][T19034] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 935.483345][T19088] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 936.884612][T19111] binder: 19110:19111 ioctl c0306201 2000000001c0 returned -14 [ 937.397390][T19128] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 938.797343][T19179] binder: 19178:19179 ioctl c0306201 2000000001c0 returned -14 [ 939.890752][T19196] loop2: detected capacity change from 0 to 8192 [ 940.279264][T19204] binder: 19203:19204 ioctl c0306201 2000000001c0 returned -14 [ 940.782938][T19220] netlink: 67 bytes leftover after parsing attributes in process `syz.2.4002'. [ 941.418860][T19240] binder: 19238:19240 ioctl c0306201 2000000001c0 returned -14 [ 941.613603][T19246] overlayfs: failed to clone upperpath [ 942.692590][T19273] 9pnet_fd: Insufficient options for proto=fd [ 944.159810][T19307] lo: entered promiscuous mode [ 944.176827][T19307] tunl0: entered promiscuous mode [ 944.199080][T19307] gre0: entered promiscuous mode [ 944.209058][T19307] gretap0: entered promiscuous mode [ 944.242416][T19307] erspan0: entered promiscuous mode [ 944.269259][T19307] ip_vti0: entered promiscuous mode [ 944.283875][T19307] ip6_vti0: entered promiscuous mode [ 944.296678][T19307] sit0: entered promiscuous mode [ 944.309589][T19307] ip6tnl0: entered promiscuous mode [ 944.316059][T19307] ip6gre0: entered promiscuous mode [ 944.332849][T19307] syz_tun: entered promiscuous mode [ 944.344972][T19307] ip6gretap0: entered promiscuous mode [ 944.366475][T19307] bridge0: entered promiscuous mode [ 944.402566][T19307] vcan0: entered promiscuous mode [ 944.423429][T19307] bond0: entered promiscuous mode [ 944.446556][T19307] bond_slave_0: entered promiscuous mode [ 944.479127][T19307] bond_slave_1: entered promiscuous mode [ 944.486356][T19307] @: entered promiscuous mode [ 944.511838][T19307] team_slave_0: entered promiscuous mode [ 944.521596][T19307] team_slave_1: entered promiscuous mode [ 944.529166][T19307] dummy0: entered promiscuous mode [ 944.535507][T19307] nlmon0: entered promiscuous mode [ 944.577010][T19307] caif0: entered promiscuous mode [ 944.588643][T19307] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 946.288940][T19349] netlink: 156 bytes leftover after parsing attributes in process `syz.4.4042'. [ 946.354302][T19349] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4042'. [ 947.641862][T19391] netlink: 67 bytes leftover after parsing attributes in process `syz.0.4052'. [ 947.872427][T19394] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4053'. [ 948.254627][T19404] binder: 19403:19404 ioctl c0306201 2000000001c0 returned -14 [ 950.153448][T19436] binder: 19435:19436 ioctl c0306201 2000000001c0 returned -14 [ 950.889416][T19451] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.040779][T19451] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.192178][T19451] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.333008][T19451] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.511132][T19451] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.539509][T19451] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.581439][T19451] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.602260][T19451] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.874357][T16019] syzkaller0: tun_net_xmit 76 [ 951.882000][T16019] syzkaller0: tun_net_xmit 48 [ 952.178641][T19490] binder: 19489:19490 ioctl c0306201 2000000001c0 returned -14 [ 952.951974][T19516] overlayfs: failed to clone upperpath [ 952.964458][T19516] overlayfs: failed to clone upperpath [ 954.623117][T19534] 9pnet_fd: Insufficient options for proto=fd [ 955.555855][T19554] netlink: 156 bytes leftover after parsing attributes in process `syz.4.4107'. [ 956.759634][T19554] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4107'. [ 956.769315][T19561] netlink: 'syz.0.4108': attribute type 1 has an invalid length. [ 956.806726][T19561] 8021q: adding VLAN 0 to HW filter on device bond1 [ 956.891581][T19563] veth3: entered promiscuous mode [ 956.909363][T19563] bond1: (slave veth3): Enslaving as an active interface with a down link [ 956.923794][T19564] erspan0: left promiscuous mode [ 956.929011][T19564] erspan0: entered allmulticast mode [ 956.956830][T19564] bond1: (slave erspan0): making interface the new active one [ 956.968222][T19564] erspan0: entered promiscuous mode [ 956.975546][T19564] bond1: (slave erspan0): Enslaving as an active interface with an up link [ 957.414228][T19581] loop5: detected capacity change from 0 to 256 [ 957.788214][ T27] audit: type=1800 audit(1762999513.719:427): pid=19569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4109" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 959.848651][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 961.366787][T19618] netlink: 67 bytes leftover after parsing attributes in process `syz.2.4125'. [ 961.668112][T19631] netlink: 156 bytes leftover after parsing attributes in process `syz.4.4128'. [ 961.690703][T19631] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4128'. [ 961.713144][T19633] netlink: 'syz.0.4130': attribute type 1 has an invalid length. [ 961.746444][T19633] 8021q: adding VLAN 0 to HW filter on device bond2 [ 962.533606][ T27] audit: type=1800 audit(1762999518.459:428): pid=19636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.4129" name="file0" dev="fuse" ino=0 res=0 errno=0 [ 964.902206][T19689] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4147'. [ 966.268622][T19696] @: Port device team_slave_0 removed [ 966.466826][T19711] loop0: detected capacity change from 0 to 512 [ 966.503295][T19711] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 966.552691][T19711] EXT4-fs (loop0): invalid journal inode [ 966.580703][T19711] EXT4-fs (loop0): can't get journal size [ 966.732881][T19711] EXT4-fs (loop0): 1 truncate cleaned up [ 966.740728][T19711] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 966.745013][T19721] fuse: Bad value for 'fd' [ 967.379700][ T5880] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 968.063241][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 968.065502][T13104] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 968.077793][ T5880] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 968.098834][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 968.192576][ T5880] usb 3-1: config 0 descriptor?? [ 969.093791][T19739] loop0: detected capacity change from 0 to 256 [ 969.149523][T19739] exfat: Deprecated parameter 'namecase' [ 969.182652][T19739] exfat: Deprecated parameter 'utf8' [ 969.277851][T19745] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4158'. [ 969.426998][T19745] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4158'. [ 969.524061][T19739] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012366, chksum : 0x6ab66362, utbl_chksum : 0xe619d30d) [ 971.384909][ T5880] usbhid 3-1:0.0: can't add hid device: -71 [ 971.404354][ T5880] usbhid: probe of 3-1:0.0 failed with error -71 [ 971.441272][ T5880] usb 3-1: USB disconnect, device number 67 [ 971.587306][T19765] fuse: Bad value for 'fd' [ 971.941704][ T2939] erspan0: left promiscuous mode [ 971.963961][T19773] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4175'. [ 971.985813][T19773] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4175'. [ 972.011228][T19777] loop5: detected capacity change from 0 to 512 [ 972.056349][T19777] EXT4-fs (loop5): Test dummy encryption mode enabled [ 972.098677][T19777] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 972.145827][T19777] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 972.220484][T19777] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.4177: bad orphan inode 131083 [ 972.243547][T19777] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 972.458213][ T5863] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 972.469412][T19787] syzkaller0: entered promiscuous mode [ 972.474959][T19787] syzkaller0: entered allmulticast mode [ 972.478127][T19777] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 972.678743][ T5863] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 972.692451][ T5863] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 972.702812][ T5863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 972.720330][ T5863] usb 3-1: config 0 descriptor?? [ 972.828705][ T5880] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 973.017898][ T5880] usb 6-1: Using ep0 maxpacket: 32 [ 973.030827][ T5880] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 973.058643][ T5880] usb 6-1: config 0 has no interface number 0 [ 973.065772][ T5880] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 973.090609][T19794] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4178'. [ 973.108363][ T5880] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 973.128104][ T5880] usb 6-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 973.146358][T19794] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4178'. [ 973.148061][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 973.192142][ T5880] usb 6-1: config 0 descriptor?? [ 973.844559][ T5880] input: HID 28bd:0094 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.1/0003:28BD:0094.0010/input/input38 [ 973.994745][ T5880] uclogic 0003:28BD:0094.0010: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.5-1/input1 [ 974.061335][ T5880] usb 6-1: USB disconnect, device number 3 [ 974.287514][T19801] fido_id[19801]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 974.652380][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 974.963875][T19811] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4186'. [ 974.993886][T19811] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4186'. [ 975.291462][T19823] netlink: 67 bytes leftover after parsing attributes in process `syz.5.4190'. [ 975.467539][ T5863] usbhid 3-1:0.0: can't add hid device: -71 [ 975.484479][ T5863] usbhid: probe of 3-1:0.0 failed with error -71 [ 975.517400][ T5863] usb 3-1: USB disconnect, device number 68 [ 976.653076][T19848] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4199'. [ 976.749309][T19848] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4199'. [ 977.218211][ T5848] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 977.440130][ T5848] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 978.279126][ T5848] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 978.303397][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 978.331830][ T5848] usb 3-1: config 0 descriptor?? [ 978.815811][T19880] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4202'. [ 978.934723][T19880] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4202'. [ 979.476506][T19891] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4212'. [ 979.542816][T19891] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4212'. [ 979.557654][ C1] sched: RT throttling activated [ 980.823133][ T5848] usbhid 3-1:0.0: can't add hid device: -71 [ 980.841301][ T5848] usbhid: probe of 3-1:0.0 failed with error -71 [ 980.871439][ T5848] usb 3-1: USB disconnect, device number 69 [ 981.160110][T19920] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4224'. [ 981.189895][T19920] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4224'. [ 981.316117][T19925] loop5: detected capacity change from 0 to 512 [ 982.281849][ T27] audit: type=1326 audit(1762999538.209:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19936 comm="syz.2.4229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 982.307233][ T27] audit: type=1326 audit(1762999538.239:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19936 comm="syz.2.4229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 982.349733][T19925] EXT4-fs (loop5): 1 orphan inode deleted [ 982.356816][T19925] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 982.357744][ T27] audit: type=1326 audit(1762999538.239:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19936 comm="syz.2.4229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 982.402972][ T2939] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 982.408131][T19925] ext4 filesystem being mounted at /180/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 982.420658][ T2939] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u4:9: Failed to release dquot type 1 [ 982.458047][ T27] audit: type=1326 audit(1762999538.239:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19936 comm="syz.2.4229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 982.532627][ T27] audit: type=1326 audit(1762999538.239:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19936 comm="syz.2.4229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 982.612926][ T27] audit: type=1326 audit(1762999538.269:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19936 comm="syz.2.4229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 982.720120][ T27] audit: type=1326 audit(1762999538.269:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19936 comm="syz.2.4229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 982.772188][ T27] audit: type=1326 audit(1762999538.269:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19936 comm="syz.2.4229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 982.795062][ T27] audit: type=1326 audit(1762999538.269:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19936 comm="syz.2.4229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 983.810094][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 983.900412][T19959] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4236'. [ 983.936033][T19959] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4236'. [ 985.816998][T19981] random: crng reseeded on system resumption [ 985.871734][T19992] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4241'. [ 985.880847][T19992] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 986.299328][T19992] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 988.567135][T20010] syzkaller0: entered promiscuous mode [ 988.602361][T20010] syzkaller0: entered allmulticast mode [ 989.783450][T20029] loop2: detected capacity change from 0 to 512 [ 989.857525][T20029] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 989.888716][T20029] ext4 filesystem being mounted at /432/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 989.945597][T20029] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #2: comm syz.2.4254: corrupted inode contents [ 990.010620][T20029] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #2: comm syz.2.4254: mark_inode_dirty error [ 990.099797][T20029] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #2: comm syz.2.4254: corrupted inode contents [ 990.162790][T20029] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.4254: mark_inode_dirty error [ 990.242395][T20027] input: syz1 as /devices/virtual/input/input39 [ 990.376850][T14022] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 992.127029][T20073] tipc: Started in network mode [ 992.132420][T20073] tipc: Node identity fffffff8, cluster identity 6 [ 992.139090][T20073] tipc: Node number set to 4294967288 [ 992.502880][T20073] tipc: Cannot configure node identity twice [ 993.567135][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.573980][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1001.102921][T20134] netlink: 'syz.0.4281': attribute type 12 has an invalid length. [ 1004.310556][T20173] lo: entered promiscuous mode [ 1004.331848][T20173] tunl0: entered promiscuous mode [ 1004.349182][T20173] gre0: entered promiscuous mode [ 1004.395668][T20173] gretap0: entered promiscuous mode [ 1004.420214][T20173] erspan0: entered promiscuous mode [ 1004.431365][T20173] ip_vti0: entered promiscuous mode [ 1004.486344][T20173] ip6_vti0: entered promiscuous mode [ 1004.532805][T20173] sit0: entered promiscuous mode [ 1004.619821][T20173] ip6tnl0: entered promiscuous mode [ 1004.660468][T20173] ip6gre0: entered promiscuous mode [ 1004.738128][T20173] syz_tun: entered promiscuous mode [ 1004.766080][T20182] overlayfs: missing 'lowerdir' [ 1004.772924][T20173] ip6gretap0: entered promiscuous mode [ 1004.781879][T20173] bridge0: entered promiscuous mode [ 1004.801507][T20173] bond0: entered promiscuous mode [ 1004.817080][T20173] bond_slave_0: entered promiscuous mode [ 1004.835091][T20173] bond_slave_1: entered promiscuous mode [ 1004.856562][T20173] team0: entered promiscuous mode [ 1004.897154][T20173] team_slave_0: entered promiscuous mode [ 1004.926597][T20173] team_slave_1: entered promiscuous mode [ 1004.945036][T20173] dummy0: entered promiscuous mode [ 1004.958549][T20173] nlmon0: entered promiscuous mode [ 1004.964912][T20173] caif0: entered promiscuous mode [ 1004.972786][T20173] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1006.855883][T20212] overlayfs: missing 'lowerdir' [ 1008.079568][T20221] can: request_module (can-proto-0) failed. [ 1011.063246][T20241] syz.5.4310[20241] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1011.063452][T20241] syz.5.4310[20241] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1011.311024][T20245] loop0: detected capacity change from 0 to 512 [ 1011.364735][T20245] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 1011.406695][T20245] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec098, mo2=0002] [ 1011.457114][T20245] System zones: 1-12 [ 1011.512736][T20245] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 1011.567455][T20245] EXT4-fs (loop0): 1 truncate cleaned up [ 1011.595358][T20245] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1011.595827][T20255] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1011.659020][T20255] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1012.387420][T13104] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1015.572566][T20298] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1015.606486][T20298] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1017.848520][T20331] bridge_slave_0: left allmulticast mode [ 1017.854256][T20331] bridge_slave_0: left promiscuous mode [ 1017.860223][T20331] bridge0: port 1(bridge_slave_0) entered disabled state [ 1018.771275][T20331] bridge_slave_1: left allmulticast mode [ 1018.777025][T20331] bridge_slave_1: left promiscuous mode [ 1018.783078][T20331] bridge0: port 2(bridge_slave_1) entered disabled state [ 1018.814042][T20331] bond0: (slave bond_slave_0): Releasing backup interface [ 1018.833023][T20331] bond0: (slave bond_slave_1): Releasing backup interface [ 1018.882170][T20331] @: Port device team_slave_1 removed [ 1018.888851][T20331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1018.896796][T20331] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1018.917503][T20331] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1018.925275][T20331] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1018.938551][T20331] bond0: (slave macvlan0): Releasing backup interface [ 1018.947546][T20331] veth1_vlan: left allmulticast mode [ 1019.537487][T20336] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4333'. [ 1019.553891][T20336] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1020.054291][T20336] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1020.784320][T20343] overlayfs: missing 'lowerdir' [ 1022.081275][T20355] loop2: detected capacity change from 0 to 512 [ 1022.188011][T20355] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.4340: bad orphan inode 13 [ 1022.227600][T20355] ext4_test_bit(bit=12, block=4) = 1 [ 1022.237901][T20355] is_bad_inode(inode)=0 [ 1022.242117][T20355] NEXT_ORPHAN(inode)=0 [ 1022.288362][T20355] max_ino=32 [ 1022.306317][T20355] i_nlink=1 [ 1022.417135][T20355] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1023.374182][T20364] loop5: detected capacity change from 0 to 16 [ 1023.468723][T20364] erofs: (device loop5): mounted with root inode @ nid 36. [ 1024.360681][T14022] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1024.470563][T20374] x_tables: ip_tables: CT.1 target: invalid size 72 (kernel) != (user) 0 [ 1025.630178][T20380] overlayfs: missing 'lowerdir' [ 1025.784713][T20382] loop0: detected capacity change from 0 to 512 [ 1025.815882][T20382] ext2: Unknown parameter 'smackfsfloor' [ 1026.012587][T20388] loop5: detected capacity change from 0 to 256 [ 1026.233326][T20394] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4347'. [ 1026.248176][T20394] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4347'. [ 1027.048308][T20407] loop5: detected capacity change from 0 to 512 [ 1030.313614][T20407] EXT4-fs: error -4 creating inode table initialization thread [ 1030.322153][T20407] EXT4-fs (loop5): mount failed [ 1031.122789][T20412] overlayfs: missing 'lowerdir' [ 1031.229862][ T27] kauditd_printk_skb: 14 callbacks suppressed [ 1031.231144][ T27] audit: type=1326 audit(1762999587.159:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20413 comm="syz.4.4355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f620658f6c9 code=0x7ffc0000 [ 1031.300821][ T27] audit: type=1326 audit(1762999587.159:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20413 comm="syz.4.4355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f620658f6c9 code=0x7ffc0000 [ 1031.388809][ T27] audit: type=1326 audit(1762999587.159:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20413 comm="syz.4.4355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f620658f6c9 code=0x7ffc0000 [ 1031.450935][ T27] audit: type=1326 audit(1762999587.159:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20413 comm="syz.4.4355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f620658f6c9 code=0x7ffc0000 [ 1031.633254][ T27] audit: type=1326 audit(1762999587.159:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20413 comm="syz.4.4355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f620658f6c9 code=0x7ffc0000 [ 1032.497962][ T5862] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1034.902332][T20444] loop0: detected capacity change from 0 to 4096 [ 1034.910126][T20444] EXT4-fs: Ignoring removed orlov option [ 1035.188495][ T5862] usb 6-1: device not accepting address 4, error -71 [ 1035.604225][T20444] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 1035.613634][T20444] System zones: 0-5 [ 1035.642451][T20444] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1036.171137][T20453] overlayfs: missing 'workdir' [ 1036.649129][T13104] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1038.828317][T20479] @: Port device team_slave_0 removed [ 1038.847408][T20483] overlayfs: missing 'workdir' [ 1039.280942][T20495] lo: entered promiscuous mode [ 1039.297143][T20495] tunl0: entered promiscuous mode [ 1039.314282][T20495] gre0: entered promiscuous mode [ 1039.329758][T20495] gretap0: entered promiscuous mode [ 1039.335097][T20499] loop0: detected capacity change from 0 to 512 [ 1039.349490][T20495] erspan0: entered promiscuous mode [ 1039.369146][T20495] ip_vti0: entered promiscuous mode [ 1039.381516][T20495] ip6_vti0: entered promiscuous mode [ 1039.399782][T20495] sit0: entered promiscuous mode [ 1039.422747][T20495] ip6tnl0: entered promiscuous mode [ 1039.455875][T20499] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.4383: bad orphan inode 13 [ 1039.456961][T20495] ip6gre0: entered promiscuous mode [ 1039.473534][T20495] syz_tun: entered promiscuous mode [ 1039.481337][T20495] ip6gretap0: entered promiscuous mode [ 1039.488367][T20495] bridge0: entered promiscuous mode [ 1039.495424][T20495] vcan0: entered promiscuous mode [ 1039.501891][T20495] bond0: entered promiscuous mode [ 1039.509460][T20495] @: entered promiscuous mode [ 1039.516608][T20495] dummy0: entered promiscuous mode [ 1039.517491][T20499] ext4_test_bit(bit=12, block=4) = 1 [ 1039.524822][T20495] nlmon0: entered promiscuous mode [ 1039.534578][T20495] caif0: entered promiscuous mode [ 1039.540591][T20495] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1039.557108][T20499] is_bad_inode(inode)=0 [ 1039.561819][T20499] NEXT_ORPHAN(inode)=0 [ 1039.565938][T20499] max_ino=32 [ 1039.569832][T20499] i_nlink=1 [ 1039.574425][T20499] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1040.570919][T13104] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1041.031158][T20532] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1041.514300][T20547] loop5: detected capacity change from 0 to 512 [ 1041.918747][T20547] EXT4-fs error (device loop5): ext4_orphan_get:1399: inode #15: comm syz.5.4400: inode has both inline data and extents flags [ 1042.201940][T20547] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.4400: couldn't read orphan inode 15 (err -117) [ 1042.232056][T20547] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1042.581819][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1042.699689][T20562] loop2: detected capacity change from 0 to 512 [ 1042.712842][T20562] ext2: Unknown parameter 'smackfsfloor' [ 1042.975226][T20567] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1043.047962][T20569] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4404'. [ 1043.057078][T20569] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4404'. [ 1044.014268][ T27] audit: type=1326 audit(1762999599.939:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20575 comm="syz.2.4410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 1044.097119][ T27] audit: type=1326 audit(1762999599.969:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20575 comm="syz.2.4410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 1044.165831][ T27] audit: type=1326 audit(1762999599.969:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20575 comm="syz.2.4410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 1044.201866][ T27] audit: type=1326 audit(1762999599.969:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20575 comm="syz.2.4410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 1044.316095][T20583] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1044.377166][ T27] audit: type=1326 audit(1762999599.969:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20575 comm="syz.2.4410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 1044.421192][ T27] audit: type=1326 audit(1762999599.969:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20575 comm="syz.2.4410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 1045.167480][ T27] audit: type=1326 audit(1762999599.969:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20575 comm="syz.2.4410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 1045.236626][ T27] audit: type=1326 audit(1762999599.969:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20575 comm="syz.2.4410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 1045.335199][ T27] audit: type=1326 audit(1762999599.969:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20575 comm="syz.2.4410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6fb8f6c9 code=0x7ffc0000 [ 1045.738400][T20599] fuse: Bad value for 'group_id' [ 1046.393389][T20607] loop5: detected capacity change from 0 to 4096 [ 1046.413808][T20607] EXT4-fs: Ignoring removed orlov option [ 1047.317450][T20607] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 1047.326100][T20607] System zones: 0-5 [ 1048.782363][T20607] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1048.943384][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1049.200025][T20617] fuse: Bad value for 'group_id' [ 1049.264561][T20618] syz.5.4420 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1050.161241][T20628] can: request_module (can-proto-0) failed. [ 1050.425461][T20633] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1050.467947][ T5863] usb 3-1: new full-speed USB device number 70 using dummy_hcd [ 1050.669779][ T5863] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1050.697910][ T5863] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1050.724458][ T5863] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 1050.748603][ T5863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1050.764615][T20642] lo: entered promiscuous mode [ 1050.774961][ T5863] usb 3-1: config 0 descriptor?? [ 1050.781115][T20642] tunl0: entered promiscuous mode [ 1050.798287][T20642] gre0: entered promiscuous mode [ 1050.807160][T20642] gretap0: entered promiscuous mode [ 1050.818857][T20642] erspan0: entered promiscuous mode [ 1050.823427][T20646] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4431'. [ 1050.825051][T20642] ip_vti0: entered promiscuous mode [ 1050.835135][T20646] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4431'. [ 1050.864592][T20642] ip6_vti0: entered promiscuous mode [ 1050.876361][T20642] sit0: entered promiscuous mode [ 1050.930653][T20642] ip6tnl0: entered promiscuous mode [ 1050.939456][T20642] ip6gre0: entered promiscuous mode [ 1050.954911][T20642] syz_tun: entered promiscuous mode [ 1050.966460][T20642] ip6gretap0: entered promiscuous mode [ 1050.977489][T20642] vcan0: entered promiscuous mode [ 1050.999672][T20653] fuse: Bad value for 'group_id' [ 1051.035705][T20642] bond0: entered promiscuous mode [ 1051.061733][T20642] bond_slave_0: entered promiscuous mode [ 1051.086626][T20642] bond_slave_1: entered promiscuous mode [ 1051.110851][T20642] @: entered promiscuous mode [ 1051.134043][T20642] team_slave_1: entered promiscuous mode [ 1051.154313][T20642] dummy0: entered promiscuous mode [ 1051.171353][T20642] nlmon0: entered promiscuous mode [ 1051.195981][T20642] caif0: entered promiscuous mode [ 1051.210391][T20642] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1051.213513][T20627] loop2: detected capacity change from 0 to 512 [ 1051.265140][T20627] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1051.306416][T20627] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1051.362187][T20627] EXT4-fs (loop2): 1 truncate cleaned up [ 1051.394131][T20627] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1052.326835][T20666] can: request_module (can-proto-0) failed. [ 1052.645585][ T5863] usbhid 3-1:0.0: can't add hid device: -71 [ 1052.660307][ T5863] usbhid: probe of 3-1:0.0 failed with error -71 [ 1052.676100][ T5863] usb 3-1: USB disconnect, device number 70 [ 1052.781801][T14022] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1053.803350][T20681] overlayfs: failed to clone upperpath [ 1053.907904][T20687] fuse: Bad value for 'group_id' [ 1054.104902][T20692] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1054.799956][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.811934][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1056.634179][T20708] can: request_module (can-proto-0) failed. [ 1059.376152][T20728] netlink: 75 bytes leftover after parsing attributes in process `syz.4.4454'. [ 1060.645377][T20738] can: request_module (can-proto-0) failed. [ 1060.735956][T20730] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1060.914702][T20744] netlink: 'syz.0.4458': attribute type 12 has an invalid length. [ 1061.959228][ T5880] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 1061.966815][ T5880] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 1061.975199][ T5880] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 1062.017994][ T5880] hid-generic 0003:0004:0000.0011: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 1062.282490][T20767] fido_id[20767]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1062.990478][T20770] can: request_module (can-proto-0) failed. [ 1063.264234][T20776] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1064.003324][T20788] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1068.088651][T20812] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1068.819821][T20817] can: request_module (can-proto-0) failed. [ 1069.086208][T20823] loop2: detected capacity change from 0 to 512 [ 1069.096739][T20823] ext2: Unknown parameter 'smackfsfloor' [ 1069.324883][T20828] loop5: detected capacity change from 0 to 512 [ 1069.435158][T20834] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4481'. [ 1069.444569][T20834] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4481'. [ 1069.834869][T20828] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.4482: bad orphan inode 13 [ 1070.113931][T20828] ext4_test_bit(bit=12, block=4) = 1 [ 1070.167841][T20828] is_bad_inode(inode)=0 [ 1070.181800][T20828] NEXT_ORPHAN(inode)=0 [ 1070.219654][T20828] max_ino=32 [ 1070.222952][T20828] i_nlink=1 [ 1070.227522][T20828] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1070.449154][ T5848] Process accounting resumed [ 1070.559565][T20839] Process accounting resumed [ 1071.325666][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1071.548658][T20853] loop0: detected capacity change from 0 to 256 [ 1073.419653][T20853] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1073.430479][T20853] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 1075.109273][T20853] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x44ede5da, utbl_chksum : 0xe619d30d) [ 1076.195028][T20863] can: request_module (can-proto-0) failed. [ 1076.442642][T20875] loop2: detected capacity change from 0 to 512 [ 1076.451293][T20875] ext2: Unknown parameter 'smackfsfloor' [ 1076.521152][T13949] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1077.277899][T20882] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4493'. [ 1077.287019][T20882] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4493'. [ 1078.413038][T20887] loop2: detected capacity change from 0 to 512 [ 1079.733910][T20887] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.4496: bad orphan inode 13 [ 1079.813941][T20887] ext4_test_bit(bit=12, block=4) = 1 [ 1079.865758][T20887] is_bad_inode(inode)=0 [ 1079.881897][T20887] NEXT_ORPHAN(inode)=0 [ 1079.903078][T20897] overlayfs: failed to clone upperpath [ 1079.927865][T20887] max_ino=32 [ 1079.941951][T20887] i_nlink=1 [ 1079.966041][T20887] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1080.801455][T20893] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters [ 1081.091391][T14022] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1083.253823][T20923] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4504'. [ 1083.263287][T20923] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4504'. [ 1083.547748][T20920] can: request_module (can-proto-0) failed. [ 1084.129625][T20929] netlink: 75 bytes leftover after parsing attributes in process `syz.2.4506'. [ 1084.287147][T20933] loop2: detected capacity change from 0 to 512 [ 1084.613743][T20933] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.4510: bad orphan inode 13 [ 1086.441704][T20933] ext4_test_bit(bit=12, block=4) = 1 [ 1086.447073][T20933] is_bad_inode(inode)=0 [ 1086.477906][T20933] NEXT_ORPHAN(inode)=0 [ 1086.503834][T20933] max_ino=32 [ 1086.507113][T20933] i_nlink=1 [ 1086.545748][T20933] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1087.763409][T14022] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1088.411149][T20961] loop2: detected capacity change from 0 to 512 [ 1088.446853][T20961] ext2: Unknown parameter 'smackfsfloor' [ 1089.030632][T20962] can: request_module (can-proto-0) failed. [ 1089.835229][T20961] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4515'. [ 1089.859164][T20961] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4515'. [ 1090.231814][T20984] loop5: detected capacity change from 0 to 512 [ 1090.296983][T20984] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.4521: bad orphan inode 13 [ 1090.343403][T20984] ext4_test_bit(bit=12, block=4) = 1 [ 1090.362587][T20984] is_bad_inode(inode)=0 [ 1090.606248][T20984] NEXT_ORPHAN(inode)=0 [ 1091.119246][T20984] max_ino=32 [ 1091.132253][T20984] i_nlink=1 [ 1091.139464][T20984] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1092.311757][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1092.841516][ T27] audit: type=1326 audit(1762999648.739:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20998 comm="syz.5.4524" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff98058f6c9 code=0x0 [ 1093.896419][T21006] can: request_module (can-proto-0) failed. [ 1095.513454][T21028] loop5: detected capacity change from 0 to 512 [ 1095.570114][T21028] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.4532: bad orphan inode 13 [ 1095.632430][T21028] ext4_test_bit(bit=12, block=4) = 1 [ 1095.734872][T21028] is_bad_inode(inode)=0 [ 1095.751711][T21028] NEXT_ORPHAN(inode)=0 [ 1095.755857][T21028] max_ino=32 [ 1095.759230][T21028] i_nlink=1 [ 1095.763829][T21028] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1096.851917][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1097.123822][T21051] erspan0: entered promiscuous mode [ 1097.155444][T21051] erspan0: left allmulticast mode [ 1097.308348][T21051] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1098.017340][T21057] can: request_module (can-proto-0) failed. [ 1098.574769][T21067] loop2: detected capacity change from 0 to 512 [ 1098.588453][T21067] ext2: Unknown parameter 'smackfsfloor' [ 1098.930383][T21080] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4542'. [ 1098.939678][T21080] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4542'. [ 1100.506094][T21091] can: request_module (can-proto-0) failed. [ 1101.082720][T21109] loop2: detected capacity change from 0 to 512 [ 1101.098949][T21109] ext2: Unknown parameter 'smackfsfloor' [ 1101.766948][T21115] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4556'. [ 1101.776123][T21115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4556'. [ 1102.130187][T21112] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 1102.190880][T21112] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1102.236840][T21112] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 1102.338883][T21120] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4558'. [ 1102.378916][T21120] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4558'. [ 1102.658854][T21123] loop0: detected capacity change from 0 to 512 [ 1102.720029][T21123] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.4559: bad orphan inode 13 [ 1102.736325][T21123] ext4_test_bit(bit=12, block=4) = 1 [ 1102.742310][T21123] is_bad_inode(inode)=0 [ 1102.746700][T21123] NEXT_ORPHAN(inode)=0 [ 1102.750962][T21123] max_ino=32 [ 1102.754203][T21123] i_nlink=1 [ 1102.759310][T21123] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1102.792615][T21134] fuse: Invalid rootmode [ 1103.815327][T13104] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1103.886378][T21149] overlayfs: failed to clone upperpath [ 1103.900286][T21149] overlayfs: failed to clone upperpath [ 1104.088724][T21152] loop2: detected capacity change from 0 to 128 [ 1104.657743][T21159] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4569'. [ 1104.668641][T21159] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4569'. [ 1105.152128][T21163] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4571'. [ 1105.203578][T21163] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4571'. [ 1105.392604][T21168] fuse: Invalid rootmode [ 1106.211026][T21192] fuse: Unknown parameter 'group_i00000000000000000000' [ 1106.747401][T21195] netlink: 83 bytes leftover after parsing attributes in process `syz.0.4581'. [ 1106.998874][T21199] fuse: Bad value for 'rootmode' [ 1107.977068][T21227] netlink: 83 bytes leftover after parsing attributes in process `syz.0.4592'. [ 1108.079376][T21226] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1108.226250][T21235] fuse: Bad value for 'rootmode' [ 1109.093274][T21255] fuse: Unknown parameter 'group_id00000000000000000000' [ 1109.185132][T21259] netlink: 83 bytes leftover after parsing attributes in process `syz.2.4604'. [ 1111.041093][T21261] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1111.089376][T21267] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1111.172348][T21272] program syz.5.4608 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1111.522378][T21278] 9pnet_fd: Insufficient options for proto=fd [ 1111.722946][T21281] netlink: 83 bytes leftover after parsing attributes in process `syz.2.4614'. [ 1112.916512][T21302] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1113.820726][T21316] team_slave_0 (unregistering): left promiscuous mode [ 1113.866316][T21316] @: Port device team_slave_0 removed [ 1115.448089][T21349] overlayfs: failed to clone upperpath [ 1115.586954][T21351] fuse: Bad value for 'fd' [ 1116.225484][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.232018][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.590627][T21386] fuse: Bad value for 'fd' [ 1116.709580][T21390] program syz.0.4650 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1117.938158][T21406] loop5: detected capacity change from 0 to 512 [ 1117.945596][T21406] ext2: Unknown parameter 'smackfsfloor' [ 1119.201939][T21413] fuse: Bad value for 'fd' [ 1119.490371][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1119.501273][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1119.518167][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1119.526356][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1119.534271][ T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1119.541821][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1119.775656][ T1311] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1120.215127][ T1311] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1121.038942][ T1311] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1121.139102][ T1311] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1121.436799][T21416] chnl_net:caif_netlink_parms(): no params data found [ 1121.579775][ T51] Bluetooth: hci2: command tx timeout [ 1122.013688][T21416] bridge0: port 1(bridge_slave_0) entered blocking state [ 1122.045000][T21416] bridge0: port 1(bridge_slave_0) entered disabled state [ 1122.088959][T21416] bridge_slave_0: entered allmulticast mode [ 1122.115936][T21416] bridge_slave_0: entered promiscuous mode [ 1122.441711][T21416] bridge0: port 2(bridge_slave_1) entered blocking state [ 1124.138299][ T51] Bluetooth: hci2: command tx timeout [ 1124.194556][T21416] bridge0: port 2(bridge_slave_1) entered disabled state [ 1124.218391][T21416] bridge_slave_1: entered allmulticast mode [ 1124.236487][T21416] bridge_slave_1: entered promiscuous mode [ 1124.395818][T21461] loop2: detected capacity change from 0 to 512 [ 1124.416676][T21461] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.4670: bad orphan inode 13 [ 1124.433288][T21461] ext4_test_bit(bit=12, block=4) = 1 [ 1124.442689][T21461] is_bad_inode(inode)=0 [ 1124.447797][T21461] NEXT_ORPHAN(inode)=0 [ 1124.458972][T21461] max_ino=32 [ 1124.462299][T21461] i_nlink=1 [ 1124.467117][T21461] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1125.529038][T14022] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1125.781696][T21416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1125.830793][T21416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1126.207073][T21416] team0: Port device team_slave_0 added [ 1126.223458][ T51] Bluetooth: hci2: command tx timeout [ 1126.365312][T21416] team0: Port device team_slave_1 added [ 1126.505362][ T1311] bond1: (slave erspan0): Releasing active interface [ 1128.617804][ T51] Bluetooth: hci2: command tx timeout [ 1128.808590][T21416] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1128.834992][T21416] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1128.928304][T21416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1128.986067][T21504] loop5: detected capacity change from 0 to 512 [ 1129.068227][T21504] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.4678: bad orphan inode 13 [ 1129.093633][T21504] ext4_test_bit(bit=12, block=4) = 1 [ 1129.107616][T21504] is_bad_inode(inode)=0 [ 1129.111967][T21504] NEXT_ORPHAN(inode)=0 [ 1129.116164][T21504] max_ino=32 [ 1129.120439][T21504] i_nlink=1 [ 1129.125287][T21504] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1130.115299][T21416] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1130.131304][T21416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1130.150708][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1130.173200][T21416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1130.681311][T21416] hsr_slave_0: entered promiscuous mode [ 1130.688520][T21416] hsr_slave_1: entered promiscuous mode [ 1130.696817][T21416] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1130.725146][T21416] Cannot create hsr debugfs directory [ 1132.771288][ T1311] hsr_slave_0: left promiscuous mode [ 1132.797040][ T1311] hsr_slave_1: left promiscuous mode [ 1132.811230][T21536] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1132.830773][ T1311] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1132.876455][ T1311] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1132.894926][T21536] overlayfs: failed to set xattr on upper [ 1132.914174][T21536] overlayfs: ...falling back to redirect_dir=nofollow. [ 1132.934993][ T1311] bridge_slave_1: left allmulticast mode [ 1132.961265][ T1311] bridge_slave_1: left promiscuous mode [ 1132.967176][ T1311] bridge0: port 2(bridge_slave_1) entered disabled state [ 1132.974974][T21536] overlayfs: ...falling back to index=off. [ 1132.986786][T21536] overlayfs: ...falling back to uuid=null. [ 1133.166899][ T1311] bridge_slave_0: left allmulticast mode [ 1133.173709][ T1311] bridge_slave_0: left promiscuous mode [ 1133.187640][ T1311] bridge0: port 1(bridge_slave_0) entered disabled state [ 1133.733723][T21556] loop2: detected capacity change from 0 to 128 [ 1133.942873][ T1311] veth1_macvtap: left promiscuous mode [ 1133.964075][ T1311] veth0_macvtap: left promiscuous mode [ 1134.011435][ T1311] veth1_vlan: left promiscuous mode [ 1134.032356][ T1311] veth0_vlan: left promiscuous mode [ 1134.737047][T21571] 9pnet_fd: Insufficient options for proto=fd [ 1135.010250][ T1311] bond2 (unregistering): Released all slaves [ 1135.091707][ T1311] bond1 (unregistering): (slave veth3): Releasing active interface [ 1135.333275][ T1311] bond1 (unregistering): Released all slaves [ 1136.370922][ T1311] team_slave_1 (unregistering): left promiscuous mode [ 1136.388792][ T1311] @ (unregistering): Port device team_slave_1 removed [ 1136.529129][ T1311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1136.538522][ T1311] bond_slave_1 (unregistering): left promiscuous mode [ 1136.639078][ T1311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1136.656194][ T1311] bond_slave_0 (unregistering): left promiscuous mode [ 1138.092257][ T1311] bond0 (unregistering): Released all slaves [ 1139.964927][T21416] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1140.029881][T21416] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1140.072096][T21416] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1140.141064][T21416] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1140.655293][T21416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1140.733226][T21416] 8021q: adding VLAN 0 to HW filter on device team0 [ 1140.765632][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 1140.772909][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1140.823813][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 1140.831078][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1141.727381][T21416] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1141.895177][T21416] veth0_vlan: entered promiscuous mode [ 1142.026699][T21416] veth1_vlan: entered promiscuous mode [ 1142.126783][T21416] veth0_macvtap: entered promiscuous mode [ 1142.202313][T21416] veth1_macvtap: entered promiscuous mode [ 1142.319842][T21416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1142.360626][T21416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.380686][T21416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1142.402402][T21416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.425268][T21416] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1142.459940][T21416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1142.499631][T21416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1142.531709][T21416] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1142.603757][T21416] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1142.635638][T21416] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1142.654461][T21416] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1142.671138][T21416] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1142.944827][T20988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1143.013870][T20988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1143.112157][ T1075] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1143.138442][ T1075] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1143.154398][T21701] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4727'. [ 1143.234780][T21701] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4727'. [ 1145.131453][T21752] kvm: emulating exchange as write [ 1145.727037][T21766] loop5: detected capacity change from 0 to 512 [ 1145.817976][T21766] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.4742: bad orphan inode 13 [ 1145.897173][T21766] ext4_test_bit(bit=12, block=4) = 1 [ 1145.911782][T21766] is_bad_inode(inode)=0 [ 1145.916020][T21766] NEXT_ORPHAN(inode)=0 [ 1145.927924][T21766] max_ino=32 [ 1145.931189][T21766] i_nlink=1 [ 1145.935791][T21766] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1147.079371][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1147.199903][T21792] loop5: detected capacity change from 0 to 7 [ 1147.237136][T21792] Dev loop5: unable to read RDB block 7 [ 1147.279173][ T1138] loop: Write error at byte offset 4, length 3584. [ 1147.286235][ C1] I/O error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 1147.295739][ C1] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 1147.306349][T21792] loop5: unable to read partition table [ 1147.338784][T21792] loop5: partition table beyond EOD, truncated [ 1147.346160][T13106] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1147.360616][T13106] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1147.371408][T13106] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1147.386143][T13106] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1147.397843][T21792] loop_reread_partitions: partition scan of loop5 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 1147.399790][T13106] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1147.422141][T13106] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1147.586832][T21800] overlayfs: failed to resolve './file1': -2 [ 1148.015088][T21821] loop2: detected capacity change from 0 to 512 [ 1148.054928][T21821] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.4756: bad orphan inode 13 [ 1148.104874][T21821] ext4_test_bit(bit=12, block=4) = 1 [ 1148.111035][T21821] is_bad_inode(inode)=0 [ 1148.115266][T21821] NEXT_ORPHAN(inode)=0 [ 1148.119521][T21821] max_ino=32 [ 1148.122846][T21821] i_nlink=1 [ 1148.130051][T21821] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1148.998780][T21797] chnl_net:caif_netlink_parms(): no params data found [ 1149.229397][T14022] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1149.429453][T21842] overlayfs: failed to resolve './file0/file0': -2 [ 1149.455027][T21846] overlayfs: failed to resolve './file1': -2 [ 1149.501798][T21797] bridge0: port 1(bridge_slave_0) entered blocking state [ 1149.530331][T21797] bridge0: port 1(bridge_slave_0) entered disabled state [ 1149.539121][T21797] bridge_slave_0: entered allmulticast mode [ 1149.547046][T21797] bridge_slave_0: entered promiscuous mode [ 1149.578281][ T51] Bluetooth: hci4: command tx timeout [ 1149.613095][T21797] bridge0: port 2(bridge_slave_1) entered blocking state [ 1149.642101][T21797] bridge0: port 2(bridge_slave_1) entered disabled state [ 1149.682033][T21797] bridge_slave_1: entered allmulticast mode [ 1149.699750][T21797] bridge_slave_1: entered promiscuous mode [ 1149.809423][T21797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1149.822506][T21797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1149.835649][T21858] loop5: detected capacity change from 0 to 512 [ 1149.885150][T21858] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.4766: bad orphan inode 13 [ 1149.944296][T21858] ext4_test_bit(bit=12, block=4) = 1 [ 1149.959222][T21858] is_bad_inode(inode)=0 [ 1149.963466][T21858] NEXT_ORPHAN(inode)=0 [ 1149.971491][T21797] team0: Port device team_slave_0 added [ 1149.998076][T21858] max_ino=32 [ 1150.001379][T21858] i_nlink=1 [ 1150.005967][T21858] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1150.036659][T21797] team0: Port device team_slave_1 added [ 1150.112326][T21867] overlayfs: failed to resolve './file1': -2 [ 1150.306603][T21870] overlayfs: failed to resolve './file0/file0': -2 [ 1150.324853][T21797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1150.513678][T21797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1150.839214][T21797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1150.913071][T21797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1150.965314][T21797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1151.029350][T21797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1151.042705][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1151.151684][T21879] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1151.210204][T21797] hsr_slave_0: entered promiscuous mode [ 1151.221341][T21797] hsr_slave_1: entered promiscuous mode [ 1151.228857][T21797] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1151.236554][T21797] Cannot create hsr debugfs directory [ 1151.428836][T21892] overlayfs: failed to resolve './file0': -2 [ 1151.636958][T21898] loop0: detected capacity change from 0 to 512 [ 1151.669757][ T51] Bluetooth: hci4: command tx timeout [ 1151.688317][T21898] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.4781: bad orphan inode 13 [ 1151.729527][T21898] ext4_test_bit(bit=12, block=4) = 1 [ 1151.755474][T21898] is_bad_inode(inode)=0 [ 1151.768215][T21898] NEXT_ORPHAN(inode)=0 [ 1151.772371][T21898] max_ino=32 [ 1151.775726][T21898] i_nlink=1 [ 1151.785284][T21797] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1151.797864][T21898] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1152.165468][T21797] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1152.341192][T21797] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1152.444833][T21797] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1152.471256][T21917] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1152.563180][T21416] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1152.763469][T21797] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1152.779130][T21797] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1152.802421][T21797] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1152.814544][T21797] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1152.963399][T21930] overlayfs: failed to resolve './file0': -2 [ 1153.013118][T21797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1153.045946][T21797] 8021q: adding VLAN 0 to HW filter on device team0 [ 1153.075461][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 1153.082774][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1153.124604][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 1153.131859][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1153.716289][T21948] loop0: detected capacity change from 0 to 512 [ 1153.740340][ T51] Bluetooth: hci4: command tx timeout [ 1153.752722][T21797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1153.761608][T21948] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.4794: bad orphan inode 13 [ 1153.773951][T21948] ext4_test_bit(bit=12, block=4) = 1 [ 1153.780726][T21948] is_bad_inode(inode)=0 [ 1153.785050][T21948] NEXT_ORPHAN(inode)=0 [ 1153.789740][T21948] max_ino=32 [ 1153.792999][T21948] i_nlink=1 [ 1153.799093][T21948] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1154.476959][T21797] veth0_vlan: entered promiscuous mode [ 1154.510930][T21797] veth1_vlan: entered promiscuous mode [ 1154.602490][T21797] veth0_macvtap: entered promiscuous mode [ 1154.656003][T21797] veth1_macvtap: entered promiscuous mode [ 1154.666453][T21416] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1154.684331][T21797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1154.708597][T21797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1154.719058][T21797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1154.730304][T21797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1154.761818][T21797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1154.772528][T21797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1154.806769][T21797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1154.833497][T21797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1154.849104][T21797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1154.878155][T21965] overlayfs: failed to resolve './file0': -2 [ 1154.885733][T21797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1154.905418][T21797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1154.929872][T21797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1154.962171][T21797] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1154.990063][T21797] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1155.028000][T21797] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1155.036869][T21797] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1155.153543][T21971] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1155.297095][T20773] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1155.322348][T20773] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1155.430419][ T1311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1155.462823][ T1311] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1155.494245][T21981] loop2: detected capacity change from 0 to 512 [ 1155.582514][T21981] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.4803: bad orphan inode 13 [ 1155.644244][T21981] ext4_test_bit(bit=12, block=4) = 1 [ 1155.685049][T21981] is_bad_inode(inode)=0 [ 1155.718385][T21981] NEXT_ORPHAN(inode)=0 [ 1155.722876][T21981] max_ino=32 [ 1155.726100][T21981] i_nlink=1 [ 1155.759222][T21981] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1155.818005][ T51] Bluetooth: hci4: command tx timeout [ 1155.938102][T21991] program syz.4.4744 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1156.372970][T21999] overlayfs: failed to resolve './file0': -2 [ 1156.450389][T14022] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1156.529117][T22003] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1157.411110][T22017] program syz.2.4813 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1157.669778][T22025] loop5: detected capacity change from 0 to 512 [ 1157.777789][T22025] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.4816: bad orphan inode 13 [ 1157.864868][T22025] ext4_test_bit(bit=12, block=4) = 1 [ 1157.882172][T22025] is_bad_inode(inode)=0 [ 1157.886412][T22025] NEXT_ORPHAN(inode)=0 [ 1157.921696][T22025] max_ino=32 [ 1157.924978][T22025] i_nlink=1 [ 1157.949995][T22025] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1158.373809][T22038] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1158.610660][T17115] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1158.908313][T22050] program syz.2.4826 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1159.186612][T22055] overlayfs: failed to resolve './file1': -2 [ 1159.234326][T22055] overlayfs: failed to resolve './file1': -2 [ 1159.521954][T22063] loop2: detected capacity change from 0 to 512 [ 1159.555106][T22063] ext2: Unknown parameter 'smackfsfloor' [ 1159.778590][T22063] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4832'. [ 1159.787797][T22063] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4832'. [ 1160.488131][T22074] program syz.5.4837 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1160.812300][T22084] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1160.885989][T22086] dvmrp1: tun_chr_ioctl cmd 2147767520 [ 1161.086194][T22091] loop4: detected capacity change from 0 to 512 [ 1161.097325][T22091] ext2: Unknown parameter 'smackfsfloor' [ 1161.140499][T22091] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4843'. [ 1161.149877][T22091] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4843'. [ 1162.216183][T22116] loop5: detected capacity change from 0 to 512 [ 1162.227487][T22116] ext2: Unknown parameter 'smackfsfloor' [ 1162.257512][T22116] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4853'. [ 1162.266715][T22116] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4853'. [ 1162.723181][T22120] [ 1162.725580][T22120] ====================================================== [ 1162.732893][T22120] WARNING: possible circular locking dependency detected [ 1162.739936][T22120] syzkaller #0 Not tainted [ 1162.744352][T22120] ------------------------------------------------------ [ 1162.751368][T22120] syz.5.4855/22120 is trying to acquire lock: [ 1162.757428][T22120] ffff8880b8f29370 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x15a/0x780 [ 1162.766146][T22120] [ 1162.766146][T22120] but task is already holding lock: [ 1162.773505][T22120] ffff8880b8f29598 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 1162.782394][T22120] [ 1162.782394][T22120] which lock already depends on the new lock. [ 1162.782394][T22120] [ 1162.792819][T22120] [ 1162.792819][T22120] the existing dependency chain (in reverse order) is: [ 1162.801831][T22120] [ 1162.801831][T22120] -> #1 (&base->lock){-.-.}-{2:2}: [ 1162.809214][T22120] _raw_spin_lock_irqsave+0xa8/0xf0 [ 1162.814940][T22120] lock_timer_base+0x123/0x270 [ 1162.820238][T22120] __mod_timer+0xf9/0xdb0 [ 1162.825090][T22120] queue_delayed_work_on+0x12a/0x1e0 [ 1162.830897][T22120] kvfree_call_rcu+0x541/0x780 [ 1162.836184][T22120] rtnl_register_internal+0x486/0x590 [ 1162.842076][T22120] rtnl_register+0x32/0x70 [ 1162.847012][T22120] ip_rt_init+0x2ec/0x390 [ 1162.851881][T22120] ip_init+0xe/0x20 [ 1162.856241][T22120] inet_init+0x2c1/0x3e0 [ 1162.861007][T22120] do_one_initcall+0x1fd/0x750 [ 1162.866323][T22120] do_initcall_level+0x137/0x1f0 [ 1162.871794][T22120] do_initcalls+0x69/0xd0 [ 1162.876659][T22120] kernel_init_freeable+0x3d2/0x570 [ 1162.882393][T22120] kernel_init+0x1d/0x1c0 [ 1162.887247][T22120] ret_from_fork+0x48/0x80 [ 1162.892205][T22120] ret_from_fork_asm+0x11/0x20 [ 1162.897549][T22120] [ 1162.897549][T22120] -> #0 (krc.lock){..-.}-{2:2}: [ 1162.904625][T22120] __lock_acquire+0x2ddb/0x7c80 [ 1162.910110][T22120] lock_acquire+0x197/0x410 [ 1162.915138][T22120] _raw_spin_lock+0x2e/0x40 [ 1162.920180][T22120] kvfree_call_rcu+0x15a/0x780 [ 1162.925472][T22120] trie_delete_elem+0x535/0x6a0 [ 1162.930850][T22120] bpf_prog_41385012b43a9f2e+0x48/0x4c [ 1162.936845][T22120] bpf_trace_run3+0x1e7/0x400 [ 1162.942038][T22120] __bpf_trace_timer_start+0x14a/0x1b0 [ 1162.948022][T22120] __traceiter_timer_start+0x77/0xc0 [ 1162.953836][T22120] enqueue_timer+0x398/0x530 [ 1162.958959][T22120] __mod_timer+0x977/0xdb0 [ 1162.963915][T22120] sk_reset_timer+0x23/0xc0 [ 1162.968949][T22120] tipc_sk_finish_conn+0x154/0x7e0 [ 1162.974602][T22120] tipc_socketpair+0x254/0x470 [ 1162.979901][T22120] __sys_socketpair+0x2b0/0x550 [ 1162.985277][T22120] __x64_sys_socketpair+0x9b/0xb0 [ 1162.990836][T22120] do_syscall_64+0x55/0xb0 [ 1162.995784][T22120] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1163.002377][T22120] [ 1163.002377][T22120] other info that might help us debug this: [ 1163.002377][T22120] [ 1163.012598][T22120] Possible unsafe locking scenario: [ 1163.012598][T22120] [ 1163.020041][T22120] CPU0 CPU1 [ 1163.025397][T22120] ---- ---- [ 1163.030752][T22120] lock(&base->lock); [ 1163.034816][T22120] lock(krc.lock); [ 1163.041137][T22120] lock(&base->lock); [ 1163.047722][T22120] lock(krc.lock); [ 1163.051533][T22120] [ 1163.051533][T22120] *** DEADLOCK *** [ 1163.051533][T22120] [ 1163.059679][T22120] 2 locks held by syz.5.4855/22120: [ 1163.064876][T22120] #0: ffff8880b8f29598 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 1163.074229][T22120] #1: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0xf4/0x400 [ 1163.083556][T22120] [ 1163.083556][T22120] stack backtrace: [ 1163.089462][T22120] CPU: 1 PID: 22120 Comm: syz.5.4855 Not tainted syzkaller #0 [ 1163.096924][T22120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1163.106988][T22120] Call Trace: [ 1163.110271][T22120] [ 1163.113206][T22120] dump_stack_lvl+0x16c/0x230 [ 1163.117893][T22120] ? load_image+0x3b0/0x3b0 [ 1163.122417][T22120] ? show_regs_print_info+0x20/0x20 [ 1163.127625][T22120] ? print_circular_bug+0x12b/0x1a0 [ 1163.132839][T22120] check_noncircular+0x2bd/0x3c0 [ 1163.137780][T22120] ? print_deadlock_bug+0x5d0/0x5d0 [ 1163.142979][T22120] ? lockdep_lock+0xe0/0x220 [ 1163.147572][T22120] ? _find_first_zero_bit+0xd3/0x100 [ 1163.152866][T22120] __lock_acquire+0x2ddb/0x7c80 [ 1163.157729][T22120] ? stack_trace_snprint+0xf0/0xf0 [ 1163.162849][T22120] ? __stack_depot_save+0x560/0x630 [ 1163.168068][T22120] ? verify_lock_unused+0x140/0x140 [ 1163.173299][T22120] ? kasan_save_stack+0x4d/0x60 [ 1163.178322][T22120] ? kasan_save_stack+0x3e/0x60 [ 1163.183174][T22120] ? __kasan_record_aux_stack+0xaf/0xc0 [ 1163.188722][T22120] ? kvfree_call_rcu+0xee/0x780 [ 1163.193601][T22120] ? trie_delete_elem+0x535/0x6a0 [ 1163.198638][T22120] ? bpf_prog_41385012b43a9f2e+0x48/0x4c [ 1163.204276][T22120] ? bpf_trace_run3+0x1e7/0x400 [ 1163.209123][T22120] ? __bpf_trace_timer_start+0x14a/0x1b0 [ 1163.214782][T22120] ? __traceiter_timer_start+0x77/0xc0 [ 1163.220267][T22120] ? enqueue_timer+0x398/0x530 [ 1163.225057][T22120] ? __mod_timer+0x977/0xdb0 [ 1163.229666][T22120] ? sk_reset_timer+0x23/0xc0 [ 1163.234351][T22120] ? tipc_sk_finish_conn+0x154/0x7e0 [ 1163.239648][T22120] ? tipc_socketpair+0x254/0x470 [ 1163.244610][T22120] ? __sys_socketpair+0x2b0/0x550 [ 1163.249839][T22120] ? __x64_sys_socketpair+0x9b/0xb0 [ 1163.255053][T22120] ? do_syscall_64+0x55/0xb0 [ 1163.259656][T22120] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1163.265733][T22120] lock_acquire+0x197/0x410 [ 1163.270251][T22120] ? kvfree_call_rcu+0x15a/0x780 [ 1163.275213][T22120] ? read_lock_is_recursive+0x20/0x20 [ 1163.280629][T22120] ? __phys_addr+0xba/0x170 [ 1163.285205][T22120] _raw_spin_lock+0x2e/0x40 [ 1163.289728][T22120] ? kvfree_call_rcu+0x15a/0x780 [ 1163.294682][T22120] kvfree_call_rcu+0x15a/0x780 [ 1163.299464][T22120] ? call_rcu+0x930/0x930 [ 1163.303807][T22120] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 1163.309790][T22120] ? _raw_spin_unlock+0x40/0x40 [ 1163.314657][T22120] trie_delete_elem+0x535/0x6a0 [ 1163.319543][T22120] bpf_prog_41385012b43a9f2e+0x48/0x4c [ 1163.325113][T22120] bpf_trace_run3+0x1e7/0x400 [ 1163.329807][T22120] ? bpf_trace_run3+0xf4/0x400 [ 1163.334616][T22120] ? bpf_trace_run2+0x3c0/0x3c0 [ 1163.339489][T22120] ? __bpf_trace_timer_start+0x133/0x1b0 [ 1163.345154][T22120] __bpf_trace_timer_start+0x14a/0x1b0 [ 1163.350640][T22120] ? debug_object_activate+0x2f7/0x4b0 [ 1163.356117][T22120] ? __bpf_trace_timer_class+0x100/0x100 [ 1163.361769][T22120] ? __rwlock_init+0x150/0x150 [ 1163.366545][T22120] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 1163.372456][T22120] ? _raw_spin_unlock+0x40/0x40 [ 1163.377311][T22120] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 1163.382703][T22120] ? _raw_spin_lock+0x40/0x40 [ 1163.387382][T22120] ? __bpf_trace_timer_class+0x100/0x100 [ 1163.393059][T22120] __traceiter_timer_start+0x77/0xc0 [ 1163.398355][T22120] enqueue_timer+0x398/0x530 [ 1163.403073][T22120] __mod_timer+0x977/0xdb0 [ 1163.407510][T22120] sk_reset_timer+0x23/0xc0 [ 1163.412018][T22120] tipc_sk_finish_conn+0x154/0x7e0 [ 1163.417139][T22120] tipc_socketpair+0x254/0x470 [ 1163.421911][T22120] __sys_socketpair+0x2b0/0x550 [ 1163.426773][T22120] __x64_sys_socketpair+0x9b/0xb0 [ 1163.431807][T22120] do_syscall_64+0x55/0xb0 [ 1163.436226][T22120] ? clear_bhb_loop+0x40/0x90 [ 1163.440907][T22120] ? clear_bhb_loop+0x40/0x90 [ 1163.445587][T22120] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1163.451511][T22120] RIP: 0033:0x7ff98058f6c9 [ 1163.455943][T22120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1163.475564][T22120] RSP: 002b:00007ff9814c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 1163.484004][T22120] RAX: ffffffffffffffda RBX: 00007ff9807e5fa0 RCX: 00007ff98058f6c9 [ 1163.491978][T22120] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 1163.499951][T22120] RBP: 00007ff980611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1163.507932][T22120] R10: 0000200000000940 R11: 0000000000000246 R12: 0000000000000000 [ 1163.515911][T22120] R13: 00007ff9807e6038 R14: 00007ff9807e5fa0 R15: 00007ffe3d137b08 [ 1163.523889][T22120] [ 1163.576843][T22122] lo: entered promiscuous mode [ 1163.593674][T22122] tunl0: entered promiscuous mode [ 1163.602458][T22122] gre0: entered promiscuous mode [ 1163.609229][T22122] gretap0: entered promiscuous mode [ 1163.615711][T22122] erspan0: entered promiscuous mode [ 1163.665977][T22122] ip_vti0: entered promiscuous mode [ 1163.672362][T22122] ip6_vti0: entered promiscuous mode [ 1163.679552][T22122] sit0: entered promiscuous mode [ 1163.685875][T22122] ip6tnl0: entered promiscuous mode [ 1163.702898][T22122] ip6gre0: entered promiscuous mode [ 1163.710163][T22122] syz_tun: entered promiscuous mode [ 1163.716247][T22122] ip6gretap0: entered promiscuous mode [ 1163.723329][T22122] bridge0: entered promiscuous mode [ 1163.729666][T22122] vcan0: entered promiscuous mode [ 1163.735108][T22122] bond0: entered promiscuous mode [ 1163.740517][T22122] bond_slave_0: entered promiscuous mode [ 1163.746309][T22122] bond_slave_1: entered promiscuous mode [ 1163.753547][T22122] team0: entered promiscuous mode [ 1163.759336][T22122] team_slave_0: entered promiscuous mode [ 1163.765161][T22122] team_slave_1: entered promiscuous mode [ 1163.773222][T22122] dummy0: entered promiscuous mode [ 1163.779770][T22122] nlmon0: entered promiscuous mode [ 1163.785764][T22122] chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 [ 1163.795202][T22122] caif:caif_disconnect_client(): nothing to disconnect [ 1163.802447][T22122] chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT [ 1163.811431][T22122] chnl_net:chnl_net_open(): state disconnected [ 1163.817881][T22122] caif0: entered promiscuous mode [ 1163.822966][T22122] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.