last executing test programs: 10m17.669232983s ago: executing program 0 (id=892): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x8) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYRESDEC=r2, @ANYRESDEC=r2, @ANYBLOB="d17040ac9241ace1f29bfa9e53aec33ca78039b55c3d4593734e12c6e2ff117523c3c43a36fa644a829623d09216a5c8b6100dda10c04d0d0951c34f36ea83e2f12873f99e4d639c62ab3205efdd40447e28d88dff", @ANYRES8=r0, @ANYBLOB, @ANYRES8, @ANYBLOB="7c7ec8b5e2af6b18ae968800206e0b2af27c14e0fa0e176b5c8fdae426b3a8bb67efce925d42e9777cbe0db3297fb3e1a010a743b48e8d1e998971ae2acdaf7ef52ae601b5c6ccdad78c95ccad4acdf62d19c4", @ANYRESHEX, @ANYRES16], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c890}, 0xc081) bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) 10m16.465523054s ago: executing program 0 (id=895): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0x14, &(0x7f0000000900)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000020000000000000080000000950000000000000018180000", @ANYRES32, @ANYBLOB="00000000000000000000000010ffffff00b15b84000000000000001812f70d", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085200000030000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x29, &(0x7f00000000c0)=""/41, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0xa, 0x6, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0xffff}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)={0x44, r0, 0x1, 0x70bd29, 0xffffffbe, {{0x2}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x32b}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1}]]}, 0x44}, 0x1, 0x0, 0x0, 0x48080}, 0x20004056) r3 = socket$inet6(0xa, 0x2, 0x0) getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) bind$inet6(r3, 0x0, 0x0) setsockopt$inet6_int(r3, 0x29, 0x42, 0x0, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) r5 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_DELDEST(r4, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44) 10m16.315496363s ago: executing program 0 (id=897): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000000c0)='./file0\x00', 0x800, &(0x7f0000001180)=ANY=[], 0x4, 0x18d, &(0x7f00000001c0)="$eJzskrFu1EAURc/Mzq6zKESiTZMUkYACNrsIiY6UoaejwXJMiHAEsS2RRC6MEEpBgSipKPMh/AAUiA9InWJFCzKamTcrZ/mEzCl8Ndd35r039svqqEqAv/MmYwfHgDV+KIUBNpT3LrXXz6I/RT954bvknoj/XnS9OjkdSWaTW954lRZFXm4Cv523sKrH7zSX7qhfsuk50HVdB5o9sHFWQ2beZAPgaJGBdROG6BYZa9nFbWBSH76ZVCen9w4O0/18P1eS3344m7w4KPJt/1SJ1J83mYyC1btAsiJGuuqOHwIfxLrBVVSvNXmvxjwjtDYKd7imWEb39gY13gaaLLRor+DpDti23raq5265UwxupF0UA1lMTa8/X2vFvbifvS72zlCosO0cg0aFjzh0B44p8tmFLGzswaOWmz5xJskt0V3Rc9EL0Y2lX8a09vlRVndaGHGc1n/Kqa19PKYup0PZW86cl9Z1+dW04cfVrmrCF311uG/6v7uNRCKRSCQSiUQikevGvwAAAP//q2xp+A==") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000000340)={'sit0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x0, 0x5, 0x0, 0x0, 0x7, 0x0, 0x3, 0xfc, 0x0, 0xfc, 0x0, 0x0, 0x0, 0xff, 0x0, 0x45, [0x0, 0x1]}}) 10m15.84112731s ago: executing program 0 (id=899): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x1000000, &(0x7f0000000000), 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x141042, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRES8, @ANYRESHEX], 0x11, 0x6e4, &(0x7f0000000d00)="$eJzs3U9oJXcdAPDvvLwk720xm7bb7QqFxhaquLibP6QaLxtFJEKRsoKeQzfbDfv2j0kqaQ9uqoJXD16FeogXPSkiCMJCPeuteAueCoKXnnZ7cGT+vUzie8nLpslL7edTfju/md/Mb77znZnfvPdomAA+s5YuR/NhtGPp8mub2fzO9lxnZ3vuTlFvdCJiPCIaEc3aVsn7EYtRlPh8tqBq6LefX64uXP/go50Pi7lmWRpR/NPuH2BzkKPYKktMRcRIOT2GPf298WT9je9Wk25msoS9XCUOhm00ItI9fnhxt6WXdKQ20/d+Bz49kuK5WVPc/5MR5yKiVT3QtorGxulHeKgjjUVbJxcHAAAAnBnnHz2I2IyJYccBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnybl+/+Tsjyu6lORVO//H6u9Y39syOH2d3BkrarysHEawQAAAAAAAADAyXrxUfz2eppOVPNpEo3vj5Qz7XL6VqzHSjPiSmzGcmzERqzFTERM1joa21ze2FibiZfyuQsfp2kaTxVbxtqeLWd7bjk7YMDt4x4xAAAAAAAAAPxfuTY/nk9/EksxMexgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgLokYKSZ5uVDVJ6PRjIhWRIxl621F/L2qnyHNo27w8GTiAAAAgDPl/KN4FJsxUc2nSf6d/2L+vb8Vb8Xd2IjV2IhOrMSN/LeA4lt/Y2d7rrOzPXcnKxExurffb/x7t/6HiUPDyHuM4reH3nu+lK/Rjpuxmi+5Em/EvejEjWjkW2YuVfHU4qp5N4spuVZI0xgfJEE3yml25L8op6eifdgKk3lGRrsZmc5iS4o8Pn1wJupnZwD79zQTje4vPxf676n7Y0yV82sH7iX5T5oWtXPVkoinvnNgzvPrZfRIB3Ms+zMxW7v6Lh6c84gv/vF3P7jVuXv7VrJ1+dQuoyfyYu/F4/+szlCVicJWrMRcLRPPD5yJm+tnPBN97f2lsRHPdetL8e34XlyOqXg91mI1fhTLsRErMRXfymvL5fWc/Tt5cKYW98y9flhMY+V5GdkX0xfOF9ODYnop33YiVuO7cS9uxEq8mv83GzPx1ZiP+VioneHnBhhpGz3u+j/1D/7lL5WVbOD7+e4AeIp3dz9ZXp+u5bU+5k7mbfUljUjLJ8szR3geHTw2VnYfWdmZ+GntHhy+biZa0X1KVNE9W2VgtGcmfp0PK+udu7fXbi3f39dvstV7f6/E3sM/OwNJdr080x0j9l4dWduzPdtm8rYL3bbG/rbftLtth92pY+VnuP/taTZvez4iflVGm7VlsjE8a7tU2y77vNXK2z5O07T4vAXAmXfuy+fG2v9q/639Xvtn7Vvt11rfHP/a+AtjMfrX0a83p0deabyQ/D7eix/H4d/QAQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQ62//c7t5U5nZW1fJU3TB32aTqQSzYg9S/7y59o6+bvGImLwDrO1FxsR+ZJmlJWjBfbgyQ7n3SdNwj/Kc3IqCT+gkgy8cqvv9VNW7n2uPJzHaZqe+uFU72o78uZpaWin4BOuVK/IOspWQxmOgFN0dePO/avrb7/zldU7y2+uvLlyd2F+fmF6Yf7Vuas3VzutYYcHnKD8WZ9/zhl2JAAAAAAAAAAAAMCgBvvjnOT2chRLmkf8KwL/ZyEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwXEuXo/kwkpiZvjKdze9sz3WyUtWz6Ui+5uOIaEREMhWRvB+xGEWJyVp3Sb/9bEVc/+CjnQ+LuWZZ8vUbxz+KrbLEVBnuVO/1Wr0Wpg/69Zfk/dzv39+AkrKMdJcsHqs/+IT8NwAA///gUwsO") mount(&(0x7f0000000ac0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000b00)='./file1\x00', 0x0, 0x1000, 0x0) r1 = creat(&(0x7f0000000000)='./file1\x00', 0x4) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0x2000}]) write$binfmt_elf64(r0, &(0x7f0000002480)=ANY=[], 0xb71) socket$inet_udp(0x2, 0x2, 0x0) 10m14.022204766s ago: executing program 0 (id=901): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}}) tkill(0x0, 0x7) r5 = socket(0xa, 0x3, 0xff) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r6, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e20, 0x2, @loopback, 0x6}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)="5e546507da932c3e8c628a600b17cbe584d2f93ce23f60e91af3fbcf0e16db6e759d420151c6c575", 0x77}], 0x1}}], 0x1, 0x4046040) socket$inet(0x2, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) setsockopt$inet6_udp_int(r3, 0x11, 0xa, &(0x7f0000000080)=0x80, 0x4) syz_usb_connect$cdc_ecm(0x3, 0x56, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0xd0, 0x0, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0xff, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x0, 0x1, 0xf6, 0xae}}], {{0x9, 0x5, 0x82, 0x2, 0x400, 0xfe}}, {{0x9, 0x5, 0x3, 0x2, 0x40}}}}}]}}]}}, 0x0) 10m13.201518224s ago: executing program 0 (id=912): r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfff7e002, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}, {0x6, 0xc}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000041}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=@newtfilter={0x24, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x3}, {}, {0x4, 0xfff3}}}, 0x24}}, 0x24040084) 10m12.551947222s ago: executing program 32 (id=912): r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfff7e002, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}, {0x6, 0xc}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000041}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=@newtfilter={0x24, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x3}, {}, {0x4, 0xfff3}}}, 0x24}}, 0x24040084) 5m52.587918523s ago: executing program 5 (id=1951): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x60, 0x10, 0xffffffffffffffff, 0x703d2f, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2017, 0x22021}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x3}, @IFLA_VLAN_EGRESS_QOS={0x1c, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x40}}]}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x60}, 0x1, 0x0, 0x0, 0x41}, 0x8000002) r3 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x738, 0x1705, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = socket(0x2d, 0x2, 0x0) bind$xdp(r4, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0x23}, 0x10) connect$qrtr(r4, &(0x7f0000000300)={0x2d, 0x1, 0x4001}, 0xc) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000000140)=""/200}, 0x20) syz_usb_control_io(r3, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000400)=ANY=[@ANYBLOB="0013f90000000b248ef4ee18601725b5f838bdd6a46e02810a0cc6bdf699f6ae1682c4f8aa63f99e87d541f0a9debae1942b0d9ff4147fede84268686956796bd85d4e9694d3f40914805b55ca4c3c203a88bcc2fb4fbbc9854eed6d6b3b4922bc10bddec2f99a601179313e325bac48ff425c6500c77f75cbca9d719f302740bc5acc0c3d953308d59b808dfdb6d4a2a044b0311980be61ed2242974f427e26e36bcfef940f90d83b8fd316f828eab3375fbb2e9a0028d085e313f67ddb45de1fc71a449b4540eaf7897936fc320390eb32a332df91685e66269aedf9fbd0896d6d70fdf5b96dfdf2628d9c6c5d4c09147921"], &(0x7f0000000500)={0x0, 0xa, 0x1, 0xd4}, &(0x7f0000000540)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000580)={0x20, 0x0, 0x4, {0x3, 0x1}}, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x1c00, 0x8}}, &(0x7f0000000600)={0x40, 0x7, 0x2, 0x7f}, &(0x7f0000000640)={0x40, 0x9, 0x1, 0x7}, &(0x7f0000000680)={0x40, 0xb, 0x2, "923e"}, &(0x7f00000006c0)={0x40, 0xf, 0x2, 0xc}, &(0x7f0000000700)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000740)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000780)={0x40, 0x19, 0x2, "860b"}, &(0x7f00000007c0)={0x40, 0x1a, 0x2, 0x6}, &(0x7f0000000800)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000840)={0x40, 0x1e, 0x1, 0xb}, &(0x7f0000000880)={0x40, 0x21, 0x1, 0x6}}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = socket(0x1e, 0x4, 0x0) r8 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r7, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x2e288501978821b, 0x80) r9 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r10 = dup3(r8, r7, 0x0) recvmmsg$unix(r10, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000005140)=""/4111, 0x100f}], 0x1}}], 0x1, 0x58ca2280, 0x0) r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r11, 0xffffffffffffffff, 0x0) r12 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r13, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x400000ff, 0x0, 0x6}]}) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@ipv4_newrule={0x24, 0x1e, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x1}, [@FRA_DST={0x8, 0x1, @loopback}]}, 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x0) 5m46.378110065s ago: executing program 5 (id=1970): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000140)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 5m43.791743256s ago: executing program 5 (id=1979): r0 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340), &(0x7f0000000280)) r1 = openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x308, 0x0, 0x308, 0x220, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @empty}}}, {{@uncond, 0xc0, 0x308}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) gettid() write$UHID_CREATE2(r1, 0x0, 0x118) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x1) writev(r5, &(0x7f0000000780)=[{&(0x7f0000000040)='\a', 0x1}], 0x1) io_uring_register$IORING_REGISTER_PROBE(r0, 0x8, &(0x7f0000000380), 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1100"], 0x50) 5m41.109141242s ago: executing program 5 (id=1984): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001) 5m34.502094256s ago: executing program 5 (id=1997): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0xa, 0x6, 0x4, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r6, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x3, 0x6361, 0x5, 0xfffffffd, 0x40000004}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x9, 0xff, 0x4, 0x69, 0xc9fa, 0x3}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000804) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0xd, 0xb}, {0xffe0, 0xd}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x9, 0xb, 0x4}}}}]}, 0x40}}, 0x4010004) ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 5m31.776823265s ago: executing program 5 (id=2017): r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) r1 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) inotify_add_watch(r0, 0x0, 0x40000020) r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r2, &(0x7f0000048040)=""/102392, 0x18ff8) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x1}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000004c0)=[@in6={0xa, 0x4e24, 0x20b, @loopback, 0x7fff}]}, &(0x7f0000000440)=0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f0000000140)={r5}, &(0x7f0000000080)=0x8) 5m31.498456102s ago: executing program 33 (id=2017): r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) r1 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) inotify_add_watch(r0, 0x0, 0x40000020) r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r2, &(0x7f0000048040)=""/102392, 0x18ff8) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x1}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000004c0)=[@in6={0xa, 0x4e24, 0x20b, @loopback, 0x7fff}]}, &(0x7f0000000440)=0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f0000000140)={r5}, &(0x7f0000000080)=0x8) 11.50243636s ago: executing program 1 (id=2943): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x0, 0x0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x4, "f42a97b9"}}) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$bt_sco(r0, &(0x7f0000000280)={0x1f, @fixed}, 0x8) 11.310203591s ago: executing program 6 (id=2944): r0 = openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x19}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @broadcast}, @address_reply}}}}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) tee(r0, 0xffffffffffffffff, 0x1, 0xf) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r4, &(0x7f00000002c0)={'#! ', './file0', [{0x20, '\t\t\xf2`:y\xd4H\xfa\xee=d\xd7T\x0f7\x93`\xc6\xd04\xa3\xacQT\x8cj\x83\xa8\xb1\x88H\xe3\x16\xeb\x16\xaa\x91Pn\xcd\xde}$\xad`\xd6(\xa8\xaa\xc67?anM_\xa0\xcf\x82\x84\xf8\xb0\x8amlKL!\xd7\xaaK\xces\x04\x1e*p\x9e\xf2\x16\x01`\xd2+FG\tX)\x910\x00\x00\x00B\x1d\xc7\xd8\xb5\x81\x15\x0f[D8\x88@A$\x88\xa5O&\xae\xe3\b\xa8\xd4\x9b\xabo\xf4\xd1\f\"e\xcdzA\xf49\xc1\xc8\f\x8c\xf3\xa7*O\xe3\xc3L\xd6H\ta\xf5\xc6\xee\xa2\xd4\xde\xe5\x1b\x1e34~\xa8\xb8aQtp\xc8r_\x14K\xd35;\x8f_\xe0|Y\x8b'}]}, 0xbf) close(r4) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 9.814060648s ago: executing program 1 (id=2945): mount$overlay(0x0, 0x0, 0x0, 0x40000, &(0x7f0000000040)={[], [{@dont_appraise}], 0x3a}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) close(0xffffffffffffffff) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000", @ANYRES32, @ANYBLOB="0bb1000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704020002000000009500000000000000"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180), 0x4) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000500), 0x40002, 0x0) preadv(r1, &(0x7f0000004040)=[{&(0x7f0000002e00)=""/156, 0x9c}], 0x1, 0x401, 0x0) r2 = semget(0x0, 0x4, 0x39c) semop(r2, &(0x7f0000000000)=[{0x1, 0xffff, 0x1000}, {0x0, 0x7fc0, 0x800}], 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1c, 0x4, 0x6, 0x801, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc011}, 0x800) 9.812118628s ago: executing program 3 (id=2946): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r1, 0x4048aecb, &(0x7f0000000240)={0x2, 0x0, [{0x7, 0xffffffff, 0x1, 0x27, 0x6, 0x9, 0x3}, {0xc0000000, 0x4904136c, 0x2, 0x4, 0x4, 0x4, 0x4}]}) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) 9.09417216s ago: executing program 6 (id=2947): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$sw_sync(0xffffffffffffff9c, 0x0, 0x4000, 0x0) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000380)={0x1d, r4, 0x1, {0x0, 0x0, 0x3}, 0xff}, 0x18) sendmmsg$unix(r3, &(0x7f0000002980)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000540)="1e", 0x1}], 0x1, 0x0, 0x0, 0x40000}}], 0x1, 0x4001) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) 8.946105778s ago: executing program 2 (id=2948): r0 = socket$alg(0x26, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {0x0}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 7.993098454s ago: executing program 2 (id=2949): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)={0x20, 0x7, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xffffffff, 0xffffffffffffffff}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r5, 0xc008ae88, &(0x7f0000000140)={0x1, 0x0, [{0x40000002, 0x0, 0x3}]}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = fsopen(&(0x7f0000000280)='devtmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fsmount(r6, 0x0, 0x0) syz_emit_ethernet(0x8e, &(0x7f0000000380)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x58, 0x2c, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[@hopopts={0x3a}], @pkt_toobig={0x2, 0x0, 0x0, 0x4, {0x8, 0x6, "cd85b5", 0x7, 0x84, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, [], "aad25a7f302d4579b298392ccf95e1e48f10658b1a1c7edc1ffd13d9ccbf356d"}}}}}}}, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r6, 0x7, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x18, 0x0, 0x1) clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x0, 0x0, 0x7, 0x0, 0xfffffffffffffffd, 0x77, 0x0, 0x0, 0x0, 0x3, 0x248a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6, 0x5, 0x0, 0xf439}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r8) ptrace$setregs(0xd, r8, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r8, 0x2, &(0x7f0000000380)={&(0x7f0000000000)=""/120, 0x78}) mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x1000800, 0x0) 7.289063825s ago: executing program 3 (id=2951): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0900000004000000040000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0200000001"], 0x48) fsmount(r1, 0x1, 0x7a) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r3, &(0x7f0000000440), &(0x7f0000000040)=@udp=r2}, 0x20) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'veth1_to_batadv\x00', 0x0}) setsockopt$packet_drop_memb(r4, 0x107, 0x2, &(0x7f0000000000)={r6, 0x1, 0x6}, 0x10) r7 = msgget$private(0x0, 0x80) msgrcv(r7, 0x0, 0x0, 0x2, 0x1000) msgsnd(r7, &(0x7f0000000300)=ANY=[@ANYBLOB="014000760000000000"], 0x8, 0x0) 7.233434108s ago: executing program 4 (id=2952): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x2b, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20) getsockopt$rose(r0, 0x104, 0x3, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0xcb, 0xf, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./cgroup\x00', 0x0, 0x2000010, 0x0) 6.426685465s ago: executing program 2 (id=2953): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_rxfh_indir={0x39}}) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0xa, 0x0, &(0x7f00000001c0)) openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x4, 0x9, 0x0, 0x1, 0xe7030000}, {0x16, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x24, 0x9}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.667522689s ago: executing program 1 (id=2954): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000200)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179", 0x56}, {&(0x7f0000000340)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb00"/135, 0x87}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3", 0x17f}], 0x3}, 0x4) 5.497986199s ago: executing program 6 (id=2955): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0xfc, @mcast2, 0x7}, 0x1c) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x4000, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x2400, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a80000000060a010400000000000000000a0000010900010073797a310000000054000480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000000000000000000008000100544545000900020073797a320000000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 5.459242372s ago: executing program 3 (id=2956): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) mq_open(&(0x7f0000001880)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\x1c`\xbd\xe1e\x80\x7f\xd2&l0\xc1b\xac\x8b\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL%Jw\x99y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3\x05\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xc8\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xc7\xa7\x82\xb9V}`\xb7\xfc@\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5m\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v>\x9b\n0\xb2 h\xad5\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\'/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f9\xce\x1eYV\xa2\xc4\x03PV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x9b\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xd1\x06F\xef\xbd\xeb\xf0\'\f\f\x003\xecp\x18\x9e\x1d\xeaH\xdaQ%+\xf4\xae\xab0\b\x17W\xba\xaf4E\xe62\xefm\xdd+\xb2\x1b:\xc0cc\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x97s\x03`\xba\xf1\xdb\x05\xe5C)\x8f\xbchyL1:\xc2\xea\x8a\xfc\tq\xfa\xec&\xc7\xde\xf4\xf2\xb9\xe1\xa1\x80)1\xbe@Bt\xb7\xce\xc9\xee\xa8v\t\xfa,\xa2\x9a\xa3\\\xfbM\xb5\xfd\xa9\xe3\x9f\xf7\x85\x87w\x1d]& 8\xb5\xba\xea\xad\xa9\xd4V\xf1\xe9\xaaT\xc8\xff\xaf\xef\x91\xca\x9c\x80\xbeYd]\xfb\x1a\x96?\xb6\xd7{X\xa1H\xeb\xce\xd7\xb7\xf7\x15\xd6\x88\x91\xef{\xf8K@\xb6ch\x1e\x16\xd5m@\xa8\x91\xa5\xc5@\xa7\x00\xab\xc5\xc8\xc8\x9c\xe3:\xac\x1eG\xa0e\'/\x15G\x8e\xe5\x16\xd5S ]\xf8\xa1\xa46\x9a\xf0d!\xc8\x81S\xbc\x18\xdf\xa0\xfek\xb0(\xf7\xba5\x8e\xe5A\xd5l\xfbp\xcb\xa8\xf0b\x91\xc4\xd3+)Sy\x81\xe3\r%C\x03enM\xf1\xdf\xe3b\xb7\x9b\f\x82\xb1z\xcf^\x06\xcd\xa2\x96\xe3\xd5\xbd@1\xbe\x02\xad\\\x89\xd0\xe0\xa8\x11\xb4B\\\x14\\\xed5\x9c\xd7n\x8d\xec\xb5\xcc\xf8q', 0x42, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r0 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x2000) ioctl$CEC_DQEVENT(r0, 0xc0506107, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1ffffffffee, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x5}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8003, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0) 5.210912226s ago: executing program 2 (id=2957): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4) setsockopt$rose(r0, 0x104, 0x3, &(0x7f0000000000)=0x3, 0x4) 4.96917223s ago: executing program 2 (id=2958): socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000) fanotify_mark(0xffffffffffffffff, 0x80, 0x48001059, 0xffffffffffffff9c, 0x0) futex(0x0, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 4.583207412s ago: executing program 3 (id=2959): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000005a00)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0xfffffffd, @dev}, 0x1c, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x400800c) 4.518777037s ago: executing program 4 (id=2960): r0 = socket$alg(0x26, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {0x0}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 4.44831805s ago: executing program 1 (id=2961): socket$inet_udp(0x2, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2) syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$tun(0xffffffffffffffff, 0x0, 0x32) r1 = socket$nl_route(0x10, 0x3, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x20200, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1}}, 0x3c) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, r4, 0x800}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x600}, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) prctl$PR_SET_SECUREBITS(0x1c, 0x2c) setreuid(0x0, 0xee01) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_procs(r6, &(0x7f0000000600)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000040), 0x12) 4.342529646s ago: executing program 6 (id=2962): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chroot(&(0x7f0000000a40)='./file0\x00') syz_open_dev$tty20(0xc, 0x4, 0x1) syz_open_dev$tty20(0xc, 0x4, 0x1) 4.213166684s ago: executing program 3 (id=2963): r0 = fsopen(0x0, 0x0) readv(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xfd, 0x7fff0000}]}) r5 = socket$isdn_base(0x22, 0x3, 0x0) r6 = dup(r5) ioctl$IMGETCOUNT(r6, 0x80044943, &(0x7f0000000000)) read$msr(r6, 0x0, 0x0) ioctl$FIONREAD(r6, 0x541b, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000700), r6) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, 0x0, 0x4001) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCSIFBR(r7, 0x890c, &(0x7f0000000200)=@generic={0x2, 0x10000000000002, 0xffffffffffffffff}) syslog(0x4, &(0x7f0000000000)=""/19, 0xb12288e90d7c8384) sendmsg$BATADV_CMD_SET_VLAN(r6, 0x0, 0x4048048) close_range(r4, 0xffffffffffffffff, 0x0) 3.407168341s ago: executing program 4 (id=2964): socket(0x1f, 0x3, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301) ioctl$USBDEVFS_SUBMITURB(r3, 0x802c550a, &(0x7f0000000500)=@urb_type_control={0x2, {0x0, 0x1}, 0x5959aab4, 0xe0, &(0x7f0000000000)={0x40, 0xd, 0xf801, 0x220}, 0x8, 0x400, 0x10002, 0x0, 0x1676ab34, 0xdffffff8, 0x0}) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000288000/0x4000)=nil, 0xfffffffffffffcf7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, 0xffffffffffffffff, 0x2000) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f0000000340)}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000380)={0x3ff}) 3.092167029s ago: executing program 6 (id=2965): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x0, 0x3}, 0xff}, 0x18) sendmmsg$unix(r0, &(0x7f0000002980)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000540)="1e", 0x1}], 0x1, 0x0, 0x0, 0x40000}}], 0x1, 0x4001) 3.070380641s ago: executing program 1 (id=2966): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0900000004000000040000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0200000001"], 0x48) fsmount(r1, 0x1, 0x7a) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r3, &(0x7f0000000440), &(0x7f0000000040)=@udp=r2}, 0x20) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'veth1_to_batadv\x00', 0x0}) setsockopt$packet_drop_memb(r4, 0x107, 0x2, &(0x7f0000000000)={r6, 0x1, 0x6}, 0x10) r7 = msgget$private(0x0, 0x80) msgrcv(r7, 0x0, 0x0, 0x2, 0x1000) msgsnd(r7, &(0x7f0000000300)=ANY=[@ANYBLOB="014000760000000000"], 0x8, 0x0) 1.276562025s ago: executing program 2 (id=2967): socket$nl_crypto(0x10, 0x3, 0x15) io_uring_setup(0x7b5a, &(0x7f0000000900)={0x0, 0x1246, 0x800, 0x1, 0x285}) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000300), 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) socket$inet6(0xa, 0x2, 0x3a) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 1.259096266s ago: executing program 6 (id=2968): r0 = getpgrp(0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) 909.025176ms ago: executing program 3 (id=2969): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) bind$bt_sco(0xffffffffffffffff, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2d, 0x25dfdbfd, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0xd, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa, 0x0, 0xa}}}}]}, 0x44}}, 0x44080) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001180)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd25, 0x0, {0x60, 0x0, 0x0, r4, {}, {0x0, 0xa}, {0x0, 0x10}}, [@qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0xfffffc00}}]}, 0x38}, 0x1, 0x0, 0x0, 0x55}, 0x4000) 741.771636ms ago: executing program 4 (id=2970): r0 = socket(0x10, 0x803, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x42, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) listxattr(0x0, 0x0, 0x0) chmod(&(0x7f0000000300)='./file0\x00', 0x2d9) 525.086989ms ago: executing program 4 (id=2971): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000200)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179", 0x56}, {&(0x7f0000000340)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb00"/135, 0x87}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3", 0x17f}], 0x3}, 0x4) 309.743271ms ago: executing program 1 (id=2972): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0xfc, @mcast2, 0x7}, 0x1c) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x4000, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x2400, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a80000000060a010400000000000000000a0000010900010073797a310000000054000480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000000000000000000008000100544545000900020073797a320000000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 0s ago: executing program 4 (id=2973): ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40088a01, 0x0) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="043ef50d2b95bb2f426e"], 0xf8) kernel console output (not intermixed with test programs): ecomes ready [ 299.278374][ T8777] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 299.318752][ T8777] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 299.368710][ T8777] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 299.433209][ T8777] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan3: link becomes ready [ 299.488987][ T8792] tipc: Enabling of bearer rejected, failed to enable media [ 300.219557][ T8795] loop2: detected capacity change from 0 to 1024 [ 300.351061][ T8795] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodelalloc,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 300.417179][ T8795] ext4 filesystem being mounted at /265/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 300.675544][ T4749] udevd[4749]: incorrect jbd checksum on /dev/loop2 [ 300.687030][ T8795] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm syz.2.1347: Invalid inode table block 0 in block_group 0 [ 300.740308][ T8795] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5854: Corrupt filesystem [ 302.382922][ T8826] device syzkaller0 entered promiscuous mode [ 302.458046][ T8828] device syzkaller0 entered promiscuous mode [ 302.475568][ T8828] tipc: Enabled bearer , priority 0 [ 302.519178][ T8827] tipc: Resetting bearer [ 302.591732][ T8827] tipc: Disabling bearer [ 303.837159][ T8852] loop5: detected capacity change from 0 to 8 [ 303.951892][ T8852] Page size > filesystem block size (0). This is currently not supported! [ 305.658007][ T8876] device syzkaller0 entered promiscuous mode [ 307.353497][ T8885] netlink: 'syz.5.1374': attribute type 13 has an invalid length. [ 307.372958][ T8885] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 307.383169][ T8885] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 307.417905][ T8885] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 307.480680][ T8886] tipc: Enabling of bearer rejected, failed to enable media [ 307.576615][ T8900] tipc: Enabled bearer , priority 0 [ 307.675960][ T8898] tipc: Disabling bearer [ 307.733875][ T8908] loop5: detected capacity change from 0 to 512 [ 307.945221][ T8908] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 308.252517][ T8908] EXT4-fs (loop5): 1 truncate cleaned up [ 308.423102][ T8908] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000080,stripe=0x0000000000004000,errors=remount-ro,max_batch_time=0x0000000000000004,. Quota mode: none. [ 308.480162][ T8914] device syzkaller0 entered promiscuous mode [ 308.646428][ T8923] loop5: detected capacity change from 0 to 1024 [ 308.675580][ T8926] device syzkaller0 entered promiscuous mode [ 308.896149][ T8924] device syzkaller0 entered promiscuous mode [ 309.157642][ T8931] tipc: Enabled bearer , priority 0 [ 309.230780][ T8925] tipc: Resetting bearer [ 309.279169][ T8925] tipc: Disabling bearer [ 309.320468][ T8930] device syzkaller0 entered promiscuous mode [ 310.143144][ T8949] loop2: detected capacity change from 0 to 8 [ 310.460028][ T8949] Page size > filesystem block size (0). This is currently not supported! [ 310.562765][ T8958] device syzkaller0 entered promiscuous mode [ 310.757876][ T8968] device syzkaller0 entered promiscuous mode [ 311.096843][ T8963] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1403'. [ 311.179532][ T8974] device syzkaller0 entered promiscuous mode [ 311.232939][ T8978] device syzkaller0 entered promiscuous mode [ 311.251453][ T8978] tipc: Enabled bearer , priority 0 [ 311.266537][ T8986] tipc: Enabled bearer , priority 0 [ 311.278304][ T8969] tipc: Resetting bearer [ 311.319148][ T8969] tipc: Disabling bearer [ 311.334516][ T8989] loop2: detected capacity change from 0 to 512 [ 311.342409][ T8984] tipc: Disabling bearer [ 311.367205][ T8989] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 311.405433][ T8989] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a80ce01c, mo2=0002] [ 311.415716][ T8989] System zones: 1-12 [ 311.422311][ T8989] EXT4-fs (loop2): orphan cleanup on readonly fs [ 311.433495][ T8989] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1411: invalid indirect mapped block 12 (level 1) [ 311.487797][ T8989] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1411: invalid indirect mapped block 2 (level 2) [ 311.964200][ T7] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 311.975147][ T8989] EXT4-fs (loop2): 1 truncate cleaned up [ 312.022751][ T8989] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,nobarrier,,,errors=continue. Quota mode: writeback. [ 312.075414][ T7] Bluetooth: hci1: Injecting HCI hardware error event [ 312.186263][ T4194] Bluetooth: hci1: hardware error 0x00 [ 312.440380][ T9007] device syzkaller0 entered promiscuous mode [ 312.502261][ T9013] loop5: detected capacity change from 0 to 128 [ 314.214825][ T13] Bluetooth: hci2: command 0x0405 tx timeout [ 314.236814][ T9016] loop2: detected capacity change from 0 to 1024 [ 314.460860][ T9016] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 314.514123][ T9043] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1424'. [ 314.544644][ T9043] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1424'. [ 317.794868][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.801187][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.818970][ T9071] loop3: detected capacity change from 0 to 256 [ 317.841367][ T9072] device syzkaller0 entered promiscuous mode [ 317.885349][ T9071] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 317.901410][ T9071] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 317.915891][ T9071] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000ff98, chksum : 0x65b64522, utbl_chksum : 0xe619d30d) [ 318.057846][ T9071] exFAT-fs (loop3): hint_cluster is invalid (17) [ 318.082853][ T9071] exFAT-fs (loop3): error, invalid access to FAT (entry 0xffffffff) [ 318.098736][ T9071] exFAT-fs (loop3): Filesystem has been set read-only [ 320.065917][ T9088] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1438'. [ 320.085840][ T9088] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1438'. [ 320.929232][ T9101] loop3: detected capacity change from 0 to 1764 [ 321.483203][ T4237] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 322.313449][ T4237] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 322.349220][ T4237] usb 4-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00 [ 322.362952][ T4237] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.429065][ T4237] usb 4-1: config 0 descriptor?? [ 322.705683][ T9128] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1441'. [ 322.726420][ T9128] device vlan2 entered promiscuous mode [ 322.732001][ T9128] device bond0 entered promiscuous mode [ 322.767507][ T9128] device bond_slave_0 entered promiscuous mode [ 322.779878][ T9128] device bond_slave_1 entered promiscuous mode [ 322.876008][ T9135] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1451'. [ 322.900800][ T9135] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1451'. [ 322.920666][ T4237] wacom 0003:056A:00EC.0006: hidraw0: USB HID v10.00 Device [HID 056a:00ec] on usb-dummy_hcd.3-1/input0 [ 324.241915][ T4344] Bluetooth: hci2: command 0x0406 tx timeout [ 324.284431][ T23] usb 4-1: USB disconnect, device number 9 [ 324.298165][ T9143] loop5: detected capacity change from 0 to 2048 [ 324.364219][ T9150] loop3: detected capacity change from 0 to 128 [ 324.376672][ T9143] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 324.409276][ T9143] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 324.484921][ T9152] device syzkaller0 entered promiscuous mode [ 326.458986][ T9171] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1464'. [ 327.122392][ T9171] device vlan3 entered promiscuous mode [ 329.241370][ T9187] device syzkaller0 entered promiscuous mode [ 329.676472][ T9187] tipc: Enabled bearer , priority 0 [ 329.836809][ T9185] tipc: Resetting bearer [ 330.041250][ T9185] tipc: Disabling bearer [ 330.155327][ T9195] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1463'. [ 330.172786][ T9195] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1463'. [ 331.136641][ T9195] device dummy0 entered promiscuous mode [ 331.173561][ T9195] device dummy0 left promiscuous mode [ 331.462210][ T9204] device syzkaller0 entered promiscuous mode [ 332.501292][ T9215] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1479'. [ 333.006553][ T9220] device syzkaller0 entered promiscuous mode [ 333.727895][ T9225] mmap: syz.5.1483 (9225): VmData 37462016 exceed data ulimit 33554432. Update limits or use boot option ignore_rlimit_data. [ 337.308230][ T9246] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 337.829036][ T9255] loop3: detected capacity change from 0 to 128 [ 337.958172][ T9251] loop2: detected capacity change from 0 to 1024 [ 339.610577][ T9251] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 339.817762][ T9251] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 339.844874][ T9251] EXT4-fs (loop2): orphan cleanup on readonly fs [ 339.860347][ T9251] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz.2.1492: Inode bitmap for bg 0 marked uninitialized [ 339.877297][ T9251] EXT4-fs (loop2): Remounting filesystem read-only [ 339.887030][ T9251] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000080,errors=remount-ro,inode_readahead_blks=0x0000000000800000,lazytime,. Quota mode: writeback. [ 340.127668][ T9251] EXT4-fs (loop2): shut down requested (1) [ 340.250637][ T9263] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1486'. [ 340.286320][ T9263] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1486'. [ 340.341725][ T9263] device dummy0 entered promiscuous mode [ 340.375813][ T9263] device team0 entered promiscuous mode [ 340.391118][ T9263] device team_slave_0 entered promiscuous mode [ 340.425091][ T9263] device team_slave_1 entered promiscuous mode [ 340.465303][ T9263] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 340.474945][ T9263] Cannot create hsr debugfs directory [ 340.481403][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 340.639828][ T9267] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1497'. [ 340.675664][ T9267] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1497'. [ 341.336905][ T9270] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1493'. [ 341.347797][ T9270] 8021q: VLANs not supported on vcan0 [ 341.924973][ T9286] device syzkaller0 entered promiscuous mode [ 341.964672][ T9289] tipc: Enabling of bearer rejected, failed to enable media [ 343.580955][ T9310] loop2: detected capacity change from 0 to 1024 [ 344.430589][ T9317] loop5: detected capacity change from 0 to 1024 [ 344.463703][ T9310] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 347.023951][ T9359] qfq: no options [ 348.490239][ T9375] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1511'. [ 348.861334][ T9375] device vlan2 entered promiscuous mode [ 350.941213][ T9396] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1528'. [ 350.965402][ T9396] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1528'. [ 351.037165][ T9396] device dummy0 entered promiscuous mode [ 351.076016][ T9396] device dummy0 left promiscuous mode [ 352.909880][ T9410] qfq: no options [ 353.194947][ T9412] device syzkaller0 entered promiscuous mode [ 353.450843][ T9417] device syzkaller0 entered promiscuous mode [ 353.663898][ T9430] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1536'. [ 353.904892][ T9438] loop5: detected capacity change from 0 to 1024 [ 353.915590][ T9436] device syzkaller0 entered promiscuous mode [ 356.603751][ T9464] loop3: detected capacity change from 0 to 1764 [ 357.506900][ T9468] device syzkaller0 entered promiscuous mode [ 357.957019][ T4237] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 358.732891][ T4237] usb 4-1: Using ep0 maxpacket: 32 [ 358.866231][ T4237] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 359.345755][ T4237] usb 4-1: config 0 has no interface number 0 [ 360.845244][ T4237] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 360.885414][ T4237] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.975012][ T4237] usb 4-1: Product: syz [ 360.994958][ T4237] usb 4-1: Manufacturer: syz [ 361.020407][ T4237] usb 4-1: config 0 descriptor?? [ 361.055112][ T4237] usb 4-1: can't set config #0, error -71 [ 361.082332][ T4237] usb 4-1: USB disconnect, device number 10 [ 361.284222][ T9529] loop2: detected capacity change from 0 to 1024 [ 361.356677][ T9529] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1565'. [ 364.476697][ T9546] device syzkaller0 entered promiscuous mode [ 364.805528][ T9554] loop5: detected capacity change from 0 to 512 [ 365.103421][ T9554] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 365.165729][ T9554] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 365.555719][ T7100] EXT4-fs error (device loop5): __ext4_get_inode_loc:4327: comm syz-executor: Invalid inode table block 1935764490 in block_group 0 [ 366.006727][ T9564] binder_alloc: 9562: binder_alloc_buf, no vma [ 366.619694][ T7100] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5854: Corrupt filesystem [ 366.726107][ T7100] EXT4-fs error (device loop5): ext4_quota_off:6540: inode #3: comm syz-executor: mark_inode_dirty error [ 367.329907][ T7100] EXT4-fs error (device loop5): __ext4_get_inode_loc:4327: comm syz-executor: Invalid inode table block 1935764490 in block_group 0 [ 367.822056][ T7100] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5854: Corrupt filesystem [ 367.891861][ T7100] EXT4-fs error (device loop5): ext4_quota_off:6540: inode #4: comm syz-executor: mark_inode_dirty error [ 368.151465][ T9577] loop5: detected capacity change from 0 to 128 [ 369.117051][ T9589] device pim6reg1 entered promiscuous mode [ 369.198468][ T9589] loop5: detected capacity change from 0 to 512 [ 369.478159][ T9589] EXT4-fs (loop5): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 369.589231][ T9589] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 369.669225][ T9605] device syzkaller0 entered promiscuous mode [ 369.749886][ T9589] __quota_error: 16 callbacks suppressed [ 369.749898][ T9589] Quota error (device loop5): find_block_dqentry: Quota for id 62708 referenced but not present [ 369.842555][ T9607] device syzkaller0 entered promiscuous mode [ 369.856078][ T9589] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 62708 [ 369.883974][ T9589] EXT4-fs error (device loop5): ext4_acquire_dquot:6234: comm syz.5.1580: Failed to acquire dquot type 0 [ 370.055085][ T9613] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 370.212526][ T9620] loop2: detected capacity change from 0 to 256 [ 370.233677][ T9618] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1586'. [ 371.160021][ T9618] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1586'. [ 371.305954][ T9620] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001207b, chksum : 0x1e861e4d, utbl_chksum : 0xe619d30d) [ 371.466572][ T9626] lo: Caught tx_queue_len zero misconfig [ 371.488112][ T9626] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 371.806157][ T9643] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1570'. [ 372.326706][ T9666] loop5: detected capacity change from 0 to 8 [ 372.647389][ T9677] device syzkaller0 entered promiscuous mode [ 375.168869][ T9702] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1604'. [ 375.412629][ T9715] netlink: 1276 bytes leftover after parsing attributes in process `syz.1.1608'. [ 375.478880][ T9716] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1609'. [ 375.707845][ T9718] device syzkaller0 entered promiscuous mode [ 376.744066][ T9729] loop5: detected capacity change from 0 to 128 [ 376.954825][ T9731] device syzkaller0 entered promiscuous mode [ 377.010019][ T9734] loop2: detected capacity change from 0 to 164 [ 377.892457][ T9753] binder: BC_ATTEMPT_ACQUIRE not supported [ 377.905307][ T9753] binder: 9752:9753 ioctl c0306201 200000000180 returned -22 [ 378.466444][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.472857][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.672814][ T9769] device syzkaller0 entered promiscuous mode [ 379.182686][ T9788] netlink: 'syz.1.1630': attribute type 13 has an invalid length. [ 379.242101][ T9788] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 379.320499][ T9788] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 379.345781][ T1108] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 379.361361][ T9788] gretap0: refused to change device tx_queue_len [ 379.385868][ T9788] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 379.393386][ T9788] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 379.615655][ T1108] usb 4-1: Using ep0 maxpacket: 16 [ 379.735633][ T1108] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 379.755531][ T1108] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 379.965680][ T1108] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 379.985040][ T1108] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.993920][ T1108] usb 4-1: Product: syz [ 379.998507][ T1108] usb 4-1: Manufacturer: syz [ 380.003118][ T1108] usb 4-1: SerialNumber: syz [ 381.379568][ T9829] device syzkaller0 entered promiscuous mode [ 381.445714][ T9835] netlink: 'syz.1.1642': attribute type 13 has an invalid length. [ 381.464266][ T9835] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 381.556423][ T9835] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 381.574460][ T9835] gretap0: refused to change device tx_queue_len [ 381.594395][ T9835] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 381.608438][ T9835] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 381.657501][ T1108] usb 4-1: 0:2 : does not exist [ 382.119299][ T1108] usb 4-1: USB disconnect, device number 11 [ 382.265700][ T9862] loop5: detected capacity change from 0 to 128 [ 382.522957][ T9862] attempt to access beyond end of device [ 382.522957][ T9862] loop5: rw=2049, want=234, limit=128 [ 382.675831][ T9872] loop2: detected capacity change from 0 to 128 [ 382.756881][ T9862] attempt to access beyond end of device [ 382.756881][ T9862] loop5: rw=2049, want=1041, limit=128 [ 383.977427][ T9872] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 383.995168][ T9862] attempt to access beyond end of device [ 383.995168][ T9862] loop5: rw=524288, want=497, limit=128 [ 384.007930][ T9872] ext4 filesystem being mounted at /323/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 384.148881][ T9869] attempt to access beyond end of device [ 384.148881][ T9869] loop5: rw=0, want=242, limit=128 [ 384.256765][ T9860] attempt to access beyond end of device [ 384.256765][ T9860] loop5: rw=0, want=242, limit=128 [ 385.164802][ T9860] buffer_io_error: 10 callbacks suppressed [ 385.164816][ T9860] Buffer I/O error on dev loop5, logical block 241, async page read [ 385.208370][ T9890] netlink: 'syz.4.1657': attribute type 13 has an invalid length. [ 385.223534][ T9890] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 385.230662][ T9860] attempt to access beyond end of device [ 385.230662][ T9860] loop5: rw=0, want=243, limit=128 [ 385.271867][ T9890] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 385.272618][ T9860] Buffer I/O error on dev loop5, logical block 242, async page read [ 385.287683][ T9890] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 385.306871][ T9890] gretap0: refused to change device tx_queue_len [ 385.313379][ T9860] attempt to access beyond end of device [ 385.313379][ T9860] loop5: rw=0, want=244, limit=128 [ 385.340114][ T9860] Buffer I/O error on dev loop5, logical block 243, async page read [ 385.348359][ T9890] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 385.363380][ T9860] attempt to access beyond end of device [ 385.363380][ T9860] loop5: rw=0, want=245, limit=128 [ 385.382821][ T9890] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 385.412809][ T9860] Buffer I/O error on dev loop5, logical block 244, async page read [ 385.420933][ T9860] attempt to access beyond end of device [ 385.420933][ T9860] loop5: rw=0, want=246, limit=128 [ 385.443117][ T9860] Buffer I/O error on dev loop5, logical block 245, async page read [ 385.458957][ T9860] attempt to access beyond end of device [ 385.458957][ T9860] loop5: rw=0, want=247, limit=128 [ 385.492735][ T9860] Buffer I/O error on dev loop5, logical block 246, async page read [ 385.529482][ T9860] Buffer I/O error on dev loop5, logical block 247, async page read [ 385.545808][ T9860] Buffer I/O error on dev loop5, logical block 248, async page read [ 385.691001][ T9911] loop2: detected capacity change from 0 to 128 [ 385.787003][ T9911] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 385.855881][ T9920] loop5: detected capacity change from 0 to 512 [ 385.925651][ T9920] EXT4-fs (loop5): Test dummy encryption mode enabled [ 385.950694][ T9920] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 385.976956][ T9920] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,errors=continue,delalloc,prjquota,usrquota,resuid=0x000000000000ee00,usrjquota=min_batch_time=0x00000000fffffffc,nodiscard,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 387.079682][ T9940] 9pnet: Insufficient options for proto=fd [ 387.099923][ T9938] device syzkaller0 entered promiscuous mode [ 387.515803][ T9947] loop5: detected capacity change from 0 to 512 [ 387.532603][ T9945] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1675'. [ 387.542068][ T9945] netlink: 33 bytes leftover after parsing attributes in process `syz.4.1675'. [ 387.551008][ T9945] netlink: 33 bytes leftover after parsing attributes in process `syz.4.1675'. [ 387.631252][ T9947] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 387.655123][ T9947] EXT4-fs (loop5): Online resizing not supported with sparse_super2 [ 388.170802][ T9957] device syzkaller0 entered promiscuous mode [ 388.363312][ T9959] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1679'. [ 388.445086][ T9959] 8021q: VLANs not supported on vcan0 [ 388.755311][ T9966] binder: BC_ACQUIRE_RESULT not supported [ 388.761567][ T9966] binder: 9965:9966 ioctl c0306201 200000000180 returned -22 [ 390.646444][ T9989] netlink: 'syz.4.1690': attribute type 2 has an invalid length. [ 391.664134][ T9989] netlink: 'syz.4.1690': attribute type 1 has an invalid length. [ 391.794451][ T9994] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1691'. [ 391.833624][ T9994] device vlan4 entered promiscuous mode [ 393.381716][T10011] netlink: 'syz.1.1695': attribute type 13 has an invalid length. [ 393.395209][T10011] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1695'. [ 393.888577][T10012] device syzkaller0 entered promiscuous mode [ 394.518544][T10026] loop3: detected capacity change from 0 to 1764 [ 396.220237][T10030] loop3: detected capacity change from 0 to 256 [ 396.408686][T10032] loop2: detected capacity change from 0 to 256 [ 396.864957][T10030] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 396.877457][T10032] exfat: Deprecated parameter 'namecase' [ 396.895405][T10032] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 396.907866][T10030] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 396.971438][T10030] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 397.440333][T10047] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1706'. [ 399.330521][T10057] device syzkaller0 entered promiscuous mode [ 400.705401][ T4325] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 400.985924][ T4325] usb 3-1: Using ep0 maxpacket: 16 [ 401.115449][ T4325] usb 3-1: config 222 has an invalid descriptor of length 0, skipping remainder of the config [ 401.127355][T10083] device syzkaller0 entered promiscuous mode [ 401.135390][ T4325] usb 3-1: config 222 has 0 interfaces, different from the descriptor's value: 1 [ 401.228091][T10090] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1720'. [ 401.905003][ T4325] usb 3-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb [ 401.914086][ T4325] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.937502][ T4325] usb 3-1: Product: syz [ 401.941743][ T4325] usb 3-1: Manufacturer: syz [ 401.952207][ T4325] usb 3-1: SerialNumber: syz [ 401.980244][T10098] loop5: detected capacity change from 0 to 2048 [ 402.021652][T10098] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 402.089323][T10098] UDF-fs: unknown compression code (0) [ 402.119759][T10100] device syzkaller0 entered promiscuous mode [ 402.247628][ T4353] usb 3-1: USB disconnect, device number 6 [ 402.304183][T10104] netlink: 'syz.1.1726': attribute type 13 has an invalid length. [ 404.961033][T10126] netlink: 'syz.2.1733': attribute type 16 has an invalid length. [ 404.969101][T10126] netlink: 'syz.2.1733': attribute type 17 has an invalid length. [ 404.979019][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 404.997047][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 405.012417][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 405.022269][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 405.030862][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 405.039449][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 405.047927][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 405.056309][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 405.064896][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 405.073487][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 405.082295][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 405.091194][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 405.100131][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 405.109057][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 405.133302][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 405.141575][T10126] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 405.593189][T10126] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 405.665509][T10131] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1734'. [ 405.733882][T10134] netlink: 'syz.3.1737': attribute type 13 has an invalid length. [ 405.761194][T10134] netlink: 'syz.3.1737': attribute type 27 has an invalid length. [ 405.784074][T10140] device syzkaller0 entered promiscuous mode [ 407.230756][T10161] device syzkaller0 entered promiscuous mode [ 408.488932][T10171] tipc: Enabled bearer , priority 0 [ 409.064350][T10170] tipc: Disabling bearer [ 409.086581][T10176] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1751'. [ 409.218810][T10179] device syzkaller0 entered promiscuous mode [ 409.410409][T10182] device syzkaller0 entered promiscuous mode [ 409.470656][T10187] loop5: detected capacity change from 0 to 8 [ 410.797321][T10194] device wlan0 entered promiscuous mode [ 410.969289][T10205] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1761'. [ 412.300527][T10219] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1765'. [ 413.401019][T10234] loop5: detected capacity change from 0 to 8 [ 413.476507][T10234] SQUASHFS error: zlib decompression failed, data probably corrupt [ 413.515802][T10234] SQUASHFS error: Failed to read block 0x4de: -5 [ 413.542378][T10234] SQUASHFS error: Failed to read block 0x4e2: -5 [ 413.579393][T10234] SQUASHFS error: Failed to read block 0x9ca: -5 [ 413.585836][T10234] SQUASHFS error: Failed to read block 0x2cf2: -5 [ 413.655842][T10234] SQUASHFS error: Failed to read block 0x52cf2: -5 [ 413.699692][T10234] SQUASHFS error: Failed to read block 0x535f2: -5 [ 413.723554][T10249] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1772'. [ 413.743486][ T26] audit: type=1800 audit(1769294299.472:126): pid=10234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1769" name="file1" dev="loop5" ino=5 res=0 errno=0 [ 413.868695][T10259] device syzkaller0 entered promiscuous mode [ 415.637836][T10275] device syzkaller0 entered promiscuous mode [ 415.769762][T10283] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1784'. [ 415.825282][T10285] loop2: detected capacity change from 0 to 512 [ 415.944342][T10285] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 416.017236][T10285] FAT-fs (loop2): Filesystem has been set read-only [ 416.050789][T10289] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 416.899968][T10302] device syzkaller0 entered promiscuous mode [ 417.187658][T10309] loop3: detected capacity change from 0 to 128 [ 417.203012][ T4237] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 417.981302][T10313] device syzkaller0 entered promiscuous mode [ 418.807847][ T4237] usb 6-1: unable to get BOS descriptor or descriptor too short [ 419.986986][ T4237] usb 6-1: unable to read config index 0 descriptor/all [ 420.502117][ T4237] usb 6-1: can't read configurations, error -71 [ 420.600400][T10327] device syzkaller0 entered promiscuous mode [ 420.796524][ T1108] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 420.922553][T10336] netlink: 'syz.5.1805': attribute type 13 has an invalid length. [ 420.942517][T10336] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1805'. [ 421.075361][T10338] device syzkaller0 entered promiscuous mode [ 421.104186][T10340] loop3: detected capacity change from 0 to 128 [ 421.156412][ T1108] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 421.167652][ T1108] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 421.178113][ T1108] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 421.187436][ T1108] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.203855][ T1108] usb 3-1: config 0 descriptor?? [ 421.207119][T10340] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 421.225428][T10340] ext4 filesystem being mounted at /309/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 421.269503][T10340] syz.3.1801 (pid 10340) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 421.283925][T10347] device syzkaller0 entered promiscuous mode [ 421.399563][T10349] device syzkaller0 entered promiscuous mode [ 422.537667][ T1108] steelseries_srws1 0003:1038:1410.0007: unbalanced collection at end of report description [ 422.604874][ T1108] steelseries_srws1 0003:1038:1410.0007: parse failed [ 422.635559][ T1108] steelseries_srws1: probe of 0003:1038:1410.0007 failed with error -22 [ 422.744129][T10367] loop3: detected capacity change from 0 to 512 [ 422.770489][ T13] usb 3-1: USB disconnect, device number 7 [ 422.868005][T10367] EXT4-fs (loop3): mounted filesystem without journal. Opts: stripe=0x0000000000000001,nolazytime,delalloc,i_version,lazytime,nodiscard,grpjquota=,block_validity,errors=remount-ro,. Quota mode: writeback. [ 422.895979][T10367] ext4 filesystem being mounted at /312/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 422.937184][T10367] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #2: comm syz.3.1815: corrupted inode contents [ 423.009266][T10367] EXT4-fs (loop3): Remounting filesystem read-only [ 423.042000][T10367] EXT4-fs error (device loop3): ext4_dirty_inode:6058: inode #2: comm syz.3.1815: mark_inode_dirty error [ 423.075772][T10367] EXT4-fs (loop3): Remounting filesystem read-only [ 423.096749][T10367] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #2: comm syz.3.1815: corrupted inode contents [ 423.122006][T10367] EXT4-fs (loop3): Remounting filesystem read-only [ 423.146047][T10377] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #2: comm syz.3.1815: corrupted inode contents [ 423.190987][T10377] EXT4-fs (loop3): Remounting filesystem read-only [ 423.192165][T10384] netlink: 'syz.4.1818': attribute type 13 has an invalid length. [ 423.201130][T10377] EXT4-fs error (device loop3): ext4_dirty_inode:6058: inode #2: comm syz.3.1815: mark_inode_dirty error [ 423.230398][T10384] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1818'. [ 423.241541][T10377] EXT4-fs (loop3): Remounting filesystem read-only [ 423.258606][T10377] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #2: comm syz.3.1815: corrupted inode contents [ 423.284622][T10377] EXT4-fs (loop3): Remounting filesystem read-only [ 423.486067][T10377] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #2: comm syz.3.1815: mark_inode_dirty error [ 423.755097][T10377] EXT4-fs (loop3): Remounting filesystem read-only [ 423.768594][T10377] EXT4-fs error (device loop3): ext4_do_update_inode:5222: inode #2: comm syz.3.1815: corrupted inode contents [ 423.787716][T10377] EXT4-fs (loop3): Remounting filesystem read-only [ 423.794804][T10377] EXT4-fs error (device loop3): ext4_dirty_inode:6058: inode #2: comm syz.3.1815: mark_inode_dirty error [ 423.811819][T10377] EXT4-fs (loop3): Remounting filesystem read-only [ 423.969905][T10391] binder: BINDER_SET_CONTEXT_MGR already set [ 423.992225][T10391] binder: 10390:10391 ioctl 4018620d 200000000040 returned -16 [ 425.057735][T10400] device syzkaller0 entered promiscuous mode [ 425.688656][T10404] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1824'. [ 425.714143][T10404] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1824'. [ 425.733797][T10404] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1824'. [ 425.750955][T10404] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1824'. [ 425.924813][T10406] device syzkaller0 entered promiscuous mode [ 426.209319][ T4353] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 426.474111][ T4353] usb 4-1: Using ep0 maxpacket: 16 [ 426.616374][T10416] loop5: detected capacity change from 0 to 256 [ 426.643672][ T4353] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 426.663980][ T4353] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 427.323805][T10425] binder_alloc: 10424: binder_alloc_buf, no vma [ 427.441058][ T4353] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 427.467684][ T4353] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.497204][ T4353] usb 4-1: Product: syz [ 427.505528][ T4353] usb 4-1: Manufacturer: syz [ 427.510298][ T4353] usb 4-1: SerialNumber: syz [ 427.659754][T10438] device syzkaller0 entered promiscuous mode [ 427.851260][ T4353] usb 4-1: 0:2 : does not exist [ 427.908452][ T4353] usb 4-1: USB disconnect, device number 12 [ 427.948238][ T4749] udevd[4749]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 428.697805][ T1108] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 429.002466][ T1108] usb 3-1: Using ep0 maxpacket: 16 [ 429.162574][ T1108] usb 3-1: config 125 has an invalid interface number: 165 but max is 0 [ 429.181198][ T1108] usb 3-1: config 125 has no interface number 0 [ 429.193755][ T1108] usb 3-1: config 125 interface 165 has no altsetting 0 [ 429.212452][ T1108] usb 3-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice=d5.16 [ 429.232338][ T1108] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.294030][ T4353] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 429.622064][ T4353] usb 2-1: Using ep0 maxpacket: 32 [ 429.952006][ T1108] usb 3-1: string descriptor 0 read error: -71 [ 430.172281][ T4353] usb 2-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 430.187570][ T4353] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.208567][ T1108] gspca_main: spca501-2.14.0 probing 0497:c001 [ 430.245973][ T1108] gspca_spca501: reg write: error -71 [ 430.251390][ T1108] spca501 3-1:125.165: Reg write failed for 0x02,0x07,0x05 [ 430.260449][ T1108] spca501: probe of 3-1:125.165 failed with error -22 [ 430.272571][ T1108] usb 3-1: USB disconnect, device number 8 [ 430.311041][ T4353] usb 2-1: Product: syz [ 430.318780][ T4353] usb 2-1: Manufacturer: syz [ 430.336296][ T4353] usb 2-1: SerialNumber: syz [ 430.388914][ T4353] usb 2-1: config 0 descriptor?? [ 430.463490][ T4353] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 430.489663][ T4353] dvb-usb: bulk message failed: -22 (2/0) [ 430.524765][T10478] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1850'. [ 430.551783][ T4353] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 430.581558][T10478] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1850'. [ 430.602014][ T4353] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 430.621590][ T4353] usb 2-1: media controller created [ 430.662077][ T4353] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 430.673775][T10457] cxusb: i2c wr: len=8192 is too big! [ 430.673775][T10457] [ 431.637256][ T4344] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 431.663287][ T4353] usb 2-1: selecting invalid altsetting 7 [ 431.671127][ T4353] cxusb: set interface failed [ 431.682050][ T4353] dvb-usb: bulk message failed: -22 (1/0) [ 431.714546][ T4353] DVB: Unable to find symbol lgdt330x_attach() [ 431.731028][ T4353] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 431.860987][ T4353] rc_core: IR keymap rc-dvico-portable not found [ 431.867349][ T4353] Registered IR keymap rc-empty [ 431.884871][ T4353] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 432.002868][ T4353] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input14 [ 432.334057][ T4344] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 432.360240][ T4353] dvb-usb: schedule remote query interval to 100 msecs. [ 432.367383][ T4344] usb 4-1: config 0 has no interface number 0 [ 432.378677][ T4353] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 432.398131][ T4344] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 432.460099][ T4353] usb 2-1: USB disconnect, device number 6 [ 432.466256][ T4344] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 432.494482][T10506] tipc: Enabling of bearer rejected, failed to enable media [ 432.542003][ T4353] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 433.364173][T10518] device syzkaller0 entered promiscuous mode [ 433.380266][ T4344] usb 4-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 433.391011][ T4344] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.410163][ T4344] usb 4-1: Product: syz [ 433.414423][ T4344] usb 4-1: Manufacturer: syz [ 433.426130][ T4344] usb 4-1: config 0 descriptor?? [ 433.450529][ T4344] usb 4-1: can't set config #0, error -71 [ 433.487029][ T4344] usb 4-1: USB disconnect, device number 13 [ 433.920099][ T26] audit: type=1326 audit(1769294319.502:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10523 comm="syz.5.1853" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f00a1902cb9 code=0x0 [ 436.115271][T10555] overlayfs: missing 'lowerdir' [ 436.159650][T10555] overlayfs: failed to clone upperpath [ 437.298459][ T4344] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 437.588512][ T4344] usb 6-1: too many configurations: 17, using maximum allowed: 8 [ 437.716272][T10575] device syzkaller0 entered promiscuous mode [ 440.047677][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.054009][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.097145][ T4344] usb 6-1: unable to read config index 7 descriptor/all [ 440.112779][ T4344] usb 6-1: can't read configurations, error -71 [ 440.609427][T10603] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1893'. [ 441.002817][T10611] device syzkaller0 entered promiscuous mode [ 441.228899][T10613] tipc: Enabled bearer , priority 0 [ 441.267928][T10612] tipc: Disabling bearer [ 441.980179][T10623] loop2: detected capacity change from 0 to 128 [ 442.098238][T10626] netlink: 6716 bytes leftover after parsing attributes in process `syz.1.1891'. [ 442.982548][T10630] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1903'. [ 443.098658][T10630] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1903'. [ 443.363476][T10646] device syzkaller0 entered promiscuous mode [ 444.452095][T10656] tipc: Enabled bearer , priority 0 [ 444.494199][T10655] tipc: Disabling bearer [ 446.237661][T10667] loop5: detected capacity change from 0 to 128 [ 446.473684][T10668] handle_bad_sector: 2 callbacks suppressed [ 446.473698][T10668] attempt to access beyond end of device [ 446.473698][T10668] loop5: rw=2049, want=889, limit=128 [ 446.671532][T10667] attempt to access beyond end of device [ 446.671532][T10667] loop5: rw=524288, want=369, limit=128 [ 446.686065][T10670] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1916'. [ 446.690157][T10667] attempt to access beyond end of device [ 446.690157][T10667] loop5: rw=0, want=153, limit=128 [ 446.705986][T10670] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1916'. [ 446.711414][T10667] attempt to access beyond end of device [ 446.711414][T10667] loop5: rw=0, want=153, limit=128 [ 446.963311][T10667] attempt to access beyond end of device [ 446.963311][T10667] loop5: rw=0, want=153, limit=128 [ 446.979966][T10667] attempt to access beyond end of device [ 446.979966][T10667] loop5: rw=0, want=153, limit=128 [ 446.991069][T10667] attempt to access beyond end of device [ 446.991069][T10667] loop5: rw=0, want=153, limit=128 [ 447.007119][T10667] attempt to access beyond end of device [ 447.007119][T10667] loop5: rw=0, want=153, limit=128 [ 447.019134][T10667] attempt to access beyond end of device [ 447.019134][T10667] loop5: rw=0, want=153, limit=128 [ 447.144143][T10667] attempt to access beyond end of device [ 447.144143][T10667] loop5: rw=0, want=153, limit=128 [ 447.264885][T10686] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 448.951878][T10697] device syzkaller0 entered promiscuous mode [ 449.020753][T10701] loop2: detected capacity change from 0 to 128 [ 452.099458][T10729] device syzkaller0 entered promiscuous mode [ 457.894125][T10783] loop5: detected capacity change from 0 to 128 [ 460.406703][T10796] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1954'. [ 460.432936][T10796] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1954'. [ 460.906370][T10804] device syzkaller0 entered promiscuous mode [ 461.680606][T10817] device syzkaller0 entered promiscuous mode [ 461.999884][ T4237] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 462.048039][T10824] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1965'. [ 462.657759][T10824] lo: Caught tx_queue_len zero misconfig [ 462.767570][ T4237] usb 6-1: Using ep0 maxpacket: 16 [ 463.498044][ T4237] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.527269][ T4237] usb 6-1: New USB device found, idVendor=0738, idProduct=1705, bcdDevice= 0.00 [ 463.541258][ T4237] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.574877][ T4237] usb 6-1: config 0 descriptor?? [ 465.245626][T10838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1959'. [ 465.426543][ T4237] usbhid 6-1:0.0: can't add hid device: -71 [ 465.432534][ T4237] usbhid: probe of 6-1:0.0 failed with error -71 [ 465.541446][ T4237] usb 6-1: USB disconnect, device number 7 [ 466.462171][T10864] tipc: Enabling of bearer rejected, failed to enable media [ 466.598487][T10870] loop3: detected capacity change from 0 to 128 [ 473.122993][T10901] input: syz1 as /devices/virtual/input/input15 [ 475.527746][T10937] wg0: Caught tx_queue_len zero misconfig [ 479.186841][ T4237] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 479.341857][T10988] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2007'. [ 479.369844][T10988] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2007'. [ 479.429733][ T4237] usb 3-1: Using ep0 maxpacket: 8 [ 479.464081][T10996] netlink: 'syz.1.2009': attribute type 10 has an invalid length. [ 479.544948][T10996] device wlan1 entered promiscuous mode [ 479.550987][ T4237] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 479.599010][ T4237] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 479.627125][T10996] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 479.638686][ T4237] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 479.653575][ T4237] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 479.674981][ T4237] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 479.684706][ T4237] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.960210][ T4237] usb 3-1: GET_CAPABILITIES returned 0 [ 479.968201][ T4237] usbtmc 3-1:16.0: can't read capabilities [ 479.982710][T11016] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2016'. [ 480.252828][ T4237] usb 3-1: USB disconnect, device number 9 [ 480.840643][T11036] QAT: Stopping all acceleration devices. [ 481.158457][T11042] tipc: Enabling of bearer rejected, failed to enable media [ 482.614572][T11052] device syzkaller0 entered promiscuous mode [ 482.717727][T11066] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2033'. [ 482.810845][T11030] chnl_net:caif_netlink_parms(): no params data found [ 482.858976][ T4237] Bluetooth: hci2: command 0x0409 tx timeout [ 482.887506][T11030] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.896892][T11030] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.906098][T11030] device bridge_slave_0 entered promiscuous mode [ 482.917219][T11030] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.945981][T11030] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.028622][T11030] device bridge_slave_1 entered promiscuous mode [ 483.384789][T11030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 483.396792][T11030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 483.423879][T11030] team0: Port device team_slave_0 added [ 483.438143][T11030] team0: Port device team_slave_1 added [ 483.457829][T11030] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 483.464871][T11030] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.517499][T11030] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 483.542954][T11030] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 483.550594][T11030] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.637832][T11030] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 483.737250][T11030] device hsr_slave_0 entered promiscuous mode [ 483.874584][T11030] device hsr_slave_1 entered promiscuous mode [ 483.883133][T11030] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 483.896302][T11030] Cannot create hsr debugfs directory [ 484.614301][ T4353] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 484.632032][T11030] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 484.650863][T11030] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 484.666796][T11030] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 484.683494][T11030] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 485.736000][ T4325] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 486.345619][ T4354] Bluetooth: hci2: command 0x041b tx timeout [ 486.476221][ T4353] usb 4-1: Using ep0 maxpacket: 8 [ 486.580821][T11030] 8021q: adding VLAN 0 to HW filter on device bond0 [ 486.606138][ T4353] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 486.613729][ T4353] usb 4-1: can't read configurations, error -71 [ 486.620377][ T4325] usb 2-1: Using ep0 maxpacket: 8 [ 486.638921][ T4547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 486.647566][ T4547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 486.658480][T11030] 8021q: adding VLAN 0 to HW filter on device team0 [ 486.680776][ T4547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 486.697210][ T4547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 486.716170][ T4547] bridge0: port 1(bridge_slave_0) entered blocking state [ 486.723244][ T4547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 486.746533][ T4547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 486.766376][T11115] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2046'. [ 486.803032][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 486.816117][ T4325] usb 2-1: unable to read config index 0 descriptor/all [ 486.823107][ T4325] usb 2-1: can't read configurations, error -71 [ 486.826808][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 486.869188][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 486.876335][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 486.920524][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 486.942137][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 486.981545][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 486.993353][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 487.003166][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 487.028858][T11030] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 487.039367][T11030] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 487.084995][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 487.226390][ T4325] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 487.258770][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 487.347870][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 487.360940][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 487.374685][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 487.486215][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 487.494656][T11125] tipc: Enabling of bearer rejected, failed to enable media [ 487.509608][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 487.587635][T11136] loop3: detected capacity change from 0 to 128 [ 487.708508][ T4325] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 488.770689][ T4353] Bluetooth: hci2: command 0x040f tx timeout [ 488.864932][ T4325] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 488.874591][ T4325] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 488.886014][ T4325] usb 2-1: config 0 interface 0 has no altsetting 0 [ 489.675063][ T4325] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 489.793217][T11030] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 489.829350][ T4325] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 489.853250][ T5247] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 489.863240][ T5247] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 489.871463][ T4325] usb 2-1: config 0 interface 0 has no altsetting 0 [ 490.230535][ T4325] usb 2-1: unable to read config index 2 descriptor/start: -71 [ 490.248382][ T4325] usb 2-1: can't read configurations, error -71 [ 490.303445][ T4325] usb usb2-port1: attempt power cycle [ 490.724466][ T1108] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 490.854848][ T4237] Bluetooth: hci2: command 0x0419 tx timeout [ 491.234373][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 492.329142][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 492.351748][T11030] device veth0_vlan entered promiscuous mode [ 492.373578][ T1108] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 492.386716][ T1108] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.404621][ T4612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 492.410218][ T1108] usb 3-1: Product: syz [ 492.413979][ T4612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 493.506930][ T4612] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 493.515324][ T4612] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 493.542757][T11179] tipc: Enabling of bearer rejected, failed to enable media [ 493.551705][ T1108] usb 3-1: Manufacturer: syz [ 493.571778][ T1108] usb 3-1: SerialNumber: syz [ 493.687206][ T1108] usb 3-1: can't set config #1, error -71 [ 493.691816][T11030] device veth1_vlan entered promiscuous mode [ 493.765695][ T1108] usb 3-1: USB disconnect, device number 10 [ 493.844811][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 494.154994][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 494.205821][T11030] device veth0_macvtap entered promiscuous mode [ 494.217460][T11030] device veth1_macvtap entered promiscuous mode [ 494.294985][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.332154][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.354356][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.388018][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.417714][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.463711][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.474549][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.486009][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.497728][T11030] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 494.507812][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 494.516489][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 494.528523][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 494.538333][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 494.550620][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.578786][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.594510][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.616576][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.633075][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.647282][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.682332][T11030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.701347][T11030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.764024][T11030] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 495.135617][T11199] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2061'. [ 495.163788][ T4612] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 495.184567][ T4612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 495.249399][T11030] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.878538][T11030] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.900944][T11030] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.910360][T11030] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.939481][T11218] loop2: detected capacity change from 0 to 128 [ 495.942345][T11217] tipc: Enabled bearer , priority 0 [ 496.808623][T11223] device syzkaller0 entered promiscuous mode [ 497.318215][T11223] tipc: Resetting bearer [ 497.434774][T11216] tipc: Resetting bearer [ 497.453548][T11216] tipc: Disabling bearer [ 497.522532][ T4613] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.560811][ T4613] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.604536][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 497.651455][ T4613] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.673964][ T4613] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.713607][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 499.354182][T11245] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2073'. [ 499.536245][T11248] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2083'. [ 500.907395][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x4 [ 500.938909][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x2 [ 500.975510][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 500.985732][T11263] device syzkaller0 entered promiscuous mode [ 501.004051][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.025296][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.041439][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.058208][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.081916][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.105639][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.127700][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.152009][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.175230][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.197313][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.223428][ T23] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x0 [ 501.241395][ T23] hid-generic 0000:3000000:0000.0008: hidraw0: HID v0.00 Device [sy] on syz0 [ 501.253941][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.254031][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.531879][T11275] fido_id[11275]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 506.201670][T11299] device syzkaller0 entered promiscuous mode [ 507.117164][T11310] netlink: 92 bytes leftover after parsing attributes in process `syz.6.2099'. [ 507.692204][T11318] overlayfs: failed to clone lowerpath [ 509.749390][T11341] device syzkaller0 entered promiscuous mode [ 510.324246][ T23] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 510.592349][T11360] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 510.614144][ T23] usb 2-1: too many configurations: 30, using maximum allowed: 8 [ 510.622381][T11360] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 511.478689][T11369] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2118'. [ 511.502083][ T23] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 511.525336][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 511.567561][ T23] usb 2-1: Product: syz [ 511.583848][ T23] usb 2-1: Manufacturer: syz [ 511.656839][ T23] usb 2-1: SerialNumber: syz [ 511.744896][ T23] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 514.062490][ T23] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 514.627067][ T1108] usb 2-1: USB disconnect, device number 10 [ 514.710702][T11428] device syzkaller0 entered promiscuous mode [ 515.726196][ T23] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 515.753312][ T23] ath9k_htc: Failed to initialize the device [ 515.761994][ T1108] usb 2-1: ath9k_htc: USB layer deinitialized [ 515.762974][T11450] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2131'. [ 515.836671][T11452] tipc: Enabling of bearer rejected, failed to enable media [ 520.740765][T11515] tipc: Enabled bearer , priority 0 [ 522.318843][T11522] syz.2.2149 (11522) used greatest stack depth: 19568 bytes left [ 522.412251][ T4237] tipc: Node number set to 4078478897 [ 522.508247][T11526] device syzkaller0 entered promiscuous mode [ 522.603658][T11526] tipc: Resetting bearer [ 522.674085][T11525] device syzkaller0 entered promiscuous mode [ 522.733637][T11537] No such timeout policy "syz1" [ 522.749936][T11537] autofs4:pid:11537:autofs_fill_super: called with bogus options [ 522.767215][T11537] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2138'. [ 522.923085][T11513] tipc: Resetting bearer [ 523.045050][T11513] tipc: Disabling bearer [ 524.517197][ T13] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 524.907150][ T13] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 525.469059][ T13] usb 7-1: config 0 has no interfaces? [ 525.489396][ T13] usb 7-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 525.583070][ T13] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.662960][ T13] usb 7-1: config 0 descriptor?? [ 525.717676][T11578] tipc: Enabled bearer , priority 0 [ 525.792926][T11579] device syzkaller0 entered promiscuous mode [ 525.894037][T11587] tipc: Resetting bearer [ 525.940068][T11581] device syzkaller0 entered promiscuous mode [ 525.983539][T11577] tipc: Resetting bearer [ 526.016991][T11577] tipc: Disabling bearer [ 526.903974][T11596] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2174'. [ 527.672413][ T23] usb 7-1: USB disconnect, device number 2 [ 529.643045][T11628] binder_alloc: 11624: binder_alloc_buf, no vma [ 530.950319][T11635] tipc: Enabled bearer , priority 0 [ 530.998524][T11635] device syzkaller0 entered promiscuous mode [ 531.028631][T11635] tipc: Resetting bearer [ 531.834685][T11634] tipc: Resetting bearer [ 531.864896][T11634] tipc: Disabling bearer [ 532.166257][ T4344] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 534.475724][ T4344] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 534.585789][ T4344] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 534.814204][ T4344] usb 4-1: New USB device found, idVendor=1038, idProduct=12c2, bcdDevice= 0.00 [ 534.919632][ T4344] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.118086][ T4344] usb 4-1: config 0 descriptor?? [ 535.176620][ T4344] usb 4-1: can't set config #0, error -71 [ 535.185889][ T4344] usb 4-1: USB disconnect, device number 16 [ 535.205429][T11680] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2188'. [ 536.271501][ T4344] libceph: connect (1)[c::]:6789 error -101 [ 536.279970][ T4344] libceph: mon0 (1)[c::]:6789 connect error [ 536.319789][ T4344] libceph: connect (1)[c::]:6789 error -101 [ 536.338656][ T4344] libceph: mon0 (1)[c::]:6789 connect error [ 536.579764][T11699] ceph: No mds server is up or the cluster is laggy [ 536.643002][ T4344] libceph: connect (1)[c::]:6789 error -101 [ 536.967644][ T4344] libceph: mon0 (1)[c::]:6789 connect error [ 537.723866][ T4325] libceph: connect (1)[c::]:6789 error -101 [ 537.730515][ T4325] libceph: mon0 (1)[c::]:6789 connect error [ 538.513113][T11728] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2211'. [ 542.701767][T11790] crypto_alloc_aead failed rc=-4 [ 544.091857][T11858] tipc: Enabling of bearer rejected, failed to enable media [ 544.332746][T11867] netlink: 'syz.4.2249': attribute type 1 has an invalid length. [ 544.710247][T11867] 8021q: adding VLAN 0 to HW filter on device bond2 [ 544.808686][T11871] bond2: (slave geneve2): making interface the new active one [ 544.857526][T11871] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 544.872583][T11400] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 544.882596][T11873] netlink: 'syz.1.2250': attribute type 1 has an invalid length. [ 546.038292][T11873] 8021q: adding VLAN 0 to HW filter on device bond2 [ 546.107800][T11874] bond2: (slave ip6erspan0): making interface the new active one [ 546.119727][ T4250] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 546.666363][T11874] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link [ 546.712612][T11400] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 546.754097][T11889] netlink: 68 bytes leftover after parsing attributes in process `syz.6.2254'. [ 547.006978][T11895] tipc: Started in network mode [ 547.026513][ T4250] usb 3-1: Using ep0 maxpacket: 16 [ 547.027054][T11895] tipc: Node identity 06589133da59, cluster identity 4711 [ 547.053505][T11895] tipc: Enabled bearer , priority 0 [ 547.071750][T11895] device syzkaller0 entered promiscuous mode [ 547.683033][T11895] tipc: Resetting bearer [ 547.762573][ T4250] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 547.806192][ T4250] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 547.963996][ T4250] usb 3-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 547.973811][ T4250] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.986084][T11894] tipc: Resetting bearer [ 547.993444][ T4250] usb 3-1: config 0 descriptor?? [ 548.012553][T11894] tipc: Disabling bearer [ 548.015829][ T4250] usb 3-1: can't set config #0, error -71 [ 548.035506][ T4250] usb 3-1: USB disconnect, device number 11 [ 549.530864][T11925] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2266'. [ 549.579806][T11925] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2266'. [ 550.158293][ T4353] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 550.530223][ T4353] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 550.540936][ T4353] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 550.552291][ T4353] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 551.367845][ T4353] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 551.456975][ T26] audit: type=1326 audit(1769295206.415:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11954 comm="syz.1.2275" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff85a468cb9 code=0x0 [ 551.524429][ T4353] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 551.544227][ T4353] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 551.601558][ T4353] usb 4-1: Manufacturer: syz [ 551.617781][ T4353] usb 4-1: config 0 descriptor?? [ 552.072592][ T4353] rc_core: IR keymap rc-hauppauge not found [ 552.079464][ T4353] Registered IR keymap rc-empty [ 552.092748][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 552.167969][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 552.350677][ T4353] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 552.366236][ T4353] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input16 [ 552.391431][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 552.425075][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 552.463202][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 552.465765][T11980] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2279'. [ 552.510646][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 552.518071][T11980] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2279'. [ 552.539290][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 552.577359][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 553.003504][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 553.050228][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 553.577402][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 553.643696][ T4353] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 553.683375][ T4353] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 553.720419][ T4353] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 553.745464][ T4353] usb 4-1: USB disconnect, device number 17 [ 555.745444][T12010] xt_socket: unknown flags 0x4 [ 560.009821][T12054] device syzkaller1 entered promiscuous mode [ 560.049138][T12054] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 560.084301][T12056] device syzkaller0 entered promiscuous mode [ 561.018622][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 561.025132][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 561.863915][ T4344] Bluetooth: hci3: command 0x0409 tx timeout [ 562.006582][ T4344] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 562.276449][T12099] netlink: 52 bytes leftover after parsing attributes in process `syz.6.2317'. [ 562.416423][ T4344] usb 2-1: Using ep0 maxpacket: 32 [ 562.530964][ T4344] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 562.548325][ T4344] usb 2-1: config 0 has no interfaces? [ 562.706515][ T4344] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 563.268627][ T4344] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 563.751522][ T4344] usb 2-1: Product: syz [ 563.756599][ T4344] usb 2-1: Manufacturer: syz [ 563.812113][ T4344] usb 2-1: config 0 descriptor?? [ 563.826820][T12112] netlink: 'syz.4.2322': attribute type 39 has an invalid length. [ 563.901832][T12112] bridge0: port 1(syz_tun) entered disabled state [ 563.956912][T12112] device syz_tun left promiscuous mode [ 563.969747][T12112] bridge0: port 1(syz_tun) entered disabled state [ 564.003767][T12117] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2324'. [ 564.062067][T12118] bridge1: port 1(veth11) entered blocking state [ 564.073479][ T4325] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 564.093646][T12118] bridge1: port 1(veth11) entered disabled state [ 564.113237][T12118] device veth11 entered promiscuous mode [ 564.193740][T12119] bridge1: port 2(veth13) entered blocking state [ 564.228680][T12119] bridge1: port 2(veth13) entered disabled state [ 564.250178][T12119] device veth13 entered promiscuous mode [ 565.302027][ T4325] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 565.349709][ T4325] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 565.379462][ T4325] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 565.408716][ T4325] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.473893][T12115] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 565.494419][ T4353] usb 2-1: USB disconnect, device number 11 [ 565.776054][T12141] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2330'. [ 565.786225][ T4353] usb 7-1: USB disconnect, device number 3 [ 567.829186][T12169] tipc: Enabled bearer , priority 0 [ 567.903888][T12169] device syzkaller0 entered promiscuous mode [ 569.055090][T12169] tipc: Resetting bearer [ 569.098882][T12167] tipc: Resetting bearer [ 569.140045][T12167] tipc: Disabling bearer [ 570.737144][T12191] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2343'. [ 570.748097][T12192] binder: BINDER_SET_CONTEXT_MGR already set [ 570.795891][T12192] binder: 12190:12192 ioctl 4018620d 200000000040 returned -16 [ 574.242019][ T4344] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 574.584962][ T4344] usb 3-1: Using ep0 maxpacket: 32 [ 574.731498][ T4344] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 574.759189][ T4344] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 574.775528][ T4344] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 574.787891][ T4344] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 574.880098][ T4344] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 574.899372][ T4344] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 574.912905][ T4344] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 574.930010][T12243] netlink: 'syz.4.2366': attribute type 3 has an invalid length. [ 574.953361][ T4344] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.563993][ T4344] usb 3-1: config 0 descriptor?? [ 575.774258][T12251] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2358'. [ 575.805823][ T4344] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 575.960438][T12255] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2351'. [ 576.062353][ T4344] usb 3-1: USB disconnect, device number 12 [ 576.079623][ T4344] usblp0: removed [ 577.479148][ T4237] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 577.841699][ T4237] usb 2-1: Using ep0 maxpacket: 16 [ 577.866493][T12272] binder_alloc: 12271: binder_alloc_buf, no vma [ 577.955349][ T4237] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 577.964653][ T4237] usb 2-1: config 0 has no interface number 0 [ 577.989964][ T4237] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 578.002949][ T4237] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 578.013313][ T4237] usb 2-1: config 0 interface 41 has no altsetting 0 [ 578.174443][ T4237] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 578.916793][ T4237] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.933674][ T4237] usb 2-1: Product: syz [ 578.938363][ T4237] usb 2-1: Manufacturer: syz [ 578.943041][ T4237] usb 2-1: SerialNumber: syz [ 578.986267][ T4237] usb 2-1: config 0 descriptor?? [ 579.155314][ T4237] usb 2-1: can't set config #0, error -71 [ 579.256031][ T4237] usb 2-1: USB disconnect, device number 12 [ 582.096326][T12308] 9pnet: Insufficient options for proto=fd [ 584.352203][T12318] binder_alloc: 12314: binder_alloc_buf, no vma [ 585.805427][T12327] tipc: Enabled bearer , priority 0 [ 585.880666][T12328] device syzkaller0 entered promiscuous mode [ 585.960728][T12327] tipc: Resetting bearer [ 585.997735][T12324] tipc: Resetting bearer [ 586.463310][T12324] tipc: Disabling bearer [ 590.752895][T12365] 9pnet_virtio: no channels available for device syz [ 590.768992][T12365] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 590.789799][T12365] overlayfs: failed to look up (tracing) for ino (-66) [ 594.448361][T12402] tipc: Enabling of bearer rejected, failed to enable media [ 598.471607][T12438] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2407'. [ 600.806438][T12455] tipc: Enabled bearer , priority 0 [ 600.816221][T12455] device syzkaller0 entered promiscuous mode [ 600.860170][T12455] tipc: Resetting bearer [ 600.898424][T12454] tipc: Resetting bearer [ 600.937092][T12454] tipc: Disabling bearer [ 601.996316][ T21] Bluetooth: hci2: command 0x0406 tx timeout [ 602.263024][T12485] net veth1_virt_wifi virt_wifi0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 604.830291][T12505] tipc: Enabled bearer , priority 0 [ 604.887707][T12507] device syzkaller0 entered promiscuous mode [ 605.075191][T12507] tipc: Resetting bearer [ 605.101105][T12504] tipc: Resetting bearer [ 605.158762][T12504] tipc: Disabling bearer [ 609.546142][ T21] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 609.676441][T12546] tipc: Enabled bearer , priority 0 [ 609.725870][T12546] device syzkaller0 entered promiscuous mode [ 609.831332][T12546] tipc: Resetting bearer [ 609.892236][T12545] tipc: Resetting bearer [ 609.927196][ T21] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 609.939284][T12545] tipc: Disabling bearer [ 609.953104][ T21] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 610.069949][ T21] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 610.090402][ T21] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 610.116749][ T21] usb 3-1: Manufacturer: syz [ 610.164534][ T21] usb 3-1: config 0 descriptor?? [ 611.469921][ T21] uclogic 0003:256C:006D.0009: failed retrieving string descriptor #100: -71 [ 611.479109][ T21] uclogic 0003:256C:006D.0009: failed retrieving pen parameters: -71 [ 611.487248][ T21] uclogic 0003:256C:006D.0009: failed probing pen v1 parameters: -71 [ 612.807134][ T21] uclogic 0003:256C:006D.0009: failed probing parameters: -71 [ 612.882269][ T21] uclogic: probe of 0003:256C:006D.0009 failed with error -71 [ 612.952281][ T21] usb 3-1: USB disconnect, device number 13 [ 614.409166][T12600] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2459'. [ 619.079923][T12645] tipc: Enabling of bearer rejected, failed to enable media [ 619.319700][T12649] IPVS: sh: FWM 3 0x00000003 - no destination available [ 619.338915][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 619.346116][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 620.565466][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 620.571814][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 622.157740][T12683] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2483'. [ 622.422411][T12687] tipc: Enabling of bearer rejected, failed to enable media [ 625.066054][T12732] tipc: Enabling of bearer rejected, failed to enable media [ 625.780516][T12745] overlayfs: failed to clone lowerpath [ 627.880412][T12770] 9pnet_virtio: no channels available for device syz [ 630.865554][T12807] autofs4:pid:12807:autofs_fill_super: called with bogus options [ 631.294091][T12809] 9pnet_virtio: no channels available for device syz [ 633.164087][T12833] hub 2-0:1.0: USB hub found [ 633.172713][T12833] hub 2-0:1.0: 1 port detected [ 635.032105][T12851] 9pnet_virtio: no channels available for device syz [ 636.122926][ T23] Bluetooth: hci0: command 0x0c20 tx timeout [ 636.380874][T12872] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2534'. [ 640.359813][T12913] device syzkaller0 entered promiscuous mode [ 640.777424][T12922] 9pnet_virtio: no channels available for device syz [ 640.799298][T12922] overlayfs: failed to clone lowerpath [ 640.811227][T12924] tipc: Enabled bearer , priority 0 [ 640.839777][T12924] device syzkaller0 entered promiscuous mode [ 640.882805][T12924] tipc: Resetting bearer [ 640.985238][T12928] device batadv0 left promiscuous mode [ 641.019137][T12923] tipc: Resetting bearer [ 641.147514][T12923] tipc: Disabling bearer [ 641.820429][T12934] device syzkaller0 entered promiscuous mode [ 641.939942][T12937] tipc: Enabling of bearer rejected, failed to enable media [ 641.951978][T12939] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2563'. [ 642.825211][T12950] device syzkaller0 entered promiscuous mode [ 643.769271][ T4325] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 643.874203][ T4344] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 644.003231][ T4325] usb 4-1: Using ep0 maxpacket: 8 [ 644.122273][ T4325] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 644.167281][ T4325] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 644.205082][ T4325] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.247294][ T4344] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 644.283214][ T4325] usb 4-1: config 0 descriptor?? [ 644.313536][ T4344] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 644.345529][ T4344] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 644.397708][ T4344] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.449786][ T4344] usb 3-1: config 0 descriptor?? [ 644.600569][ T4325] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 645.634958][ T4344] arvo 0003:1E7D:30D4.000A: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.2-1/input0 [ 645.827617][T12975] device syzkaller0 entered promiscuous mode [ 645.964998][ T4250] usb 3-1: USB disconnect, device number 14 [ 647.051960][ T154] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.231862][ T154] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.260372][T12991] device syzkaller0 entered promiscuous mode [ 647.274024][ T1108] usb 4-1: USB disconnect, device number 18 [ 647.367037][ T154] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.079189][ T154] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.385087][T13022] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 650.225453][ T4237] Bluetooth: hci1: command 0x0409 tx timeout [ 650.259678][T13017] device syzkaller0 entered promiscuous mode [ 650.875083][T13001] chnl_net:caif_netlink_parms(): no params data found [ 651.204029][T13001] bridge0: port 1(bridge_slave_0) entered blocking state [ 651.235357][T13001] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.366979][T13001] device bridge_slave_0 entered promiscuous mode [ 652.069695][T13001] bridge0: port 2(bridge_slave_1) entered blocking state [ 652.077085][T13001] bridge0: port 2(bridge_slave_1) entered disabled state [ 652.088681][T13001] device bridge_slave_1 entered promiscuous mode [ 652.206190][ T4250] Bluetooth: hci1: command 0x041b tx timeout [ 652.333983][T13001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 652.373529][T13054] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2590'. [ 652.388357][T13001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 652.413039][T13056] device syzkaller0 entered promiscuous mode [ 652.596140][T13001] team0: Port device team_slave_0 added [ 653.465748][T13001] team0: Port device team_slave_1 added [ 654.176792][ T4237] Bluetooth: hci1: command 0x040f tx timeout [ 654.319064][T13001] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 654.347565][T13001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 654.485907][T13001] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 654.819195][T13001] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 654.845308][T13001] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 655.004934][T13001] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 655.243719][T13001] device hsr_slave_0 entered promiscuous mode [ 655.271043][T13001] device hsr_slave_1 entered promiscuous mode [ 655.293446][T13001] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 655.330255][T13001] Cannot create hsr debugfs directory [ 656.166401][ T4237] Bluetooth: hci1: command 0x0419 tx timeout [ 657.378613][ T154] device team0 left promiscuous mode [ 657.383988][ T154] device team_slave_0 left promiscuous mode [ 657.415833][ T154] device team_slave_1 left promiscuous mode [ 657.528630][ T154] device bond0 left promiscuous mode [ 657.534401][ T154] device bond_slave_0 left promiscuous mode [ 657.561751][ T154] device bond_slave_1 left promiscuous mode [ 657.860201][ T154] device hsr_slave_0 left promiscuous mode [ 658.128233][ T154] device hsr_slave_1 left promiscuous mode [ 658.174968][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 658.194308][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 659.287564][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 659.347105][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 659.366624][ T154] device bridge_slave_1 left promiscuous mode [ 659.384086][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.430631][ T154] device dummy0 left promiscuous mode [ 659.447248][ T154] device veth1_macvtap left promiscuous mode [ 659.468860][ T154] device veth0_macvtap left promiscuous mode [ 659.495380][ T154] device veth1_vlan left promiscuous mode [ 659.512473][ T154] device veth0_vlan left promiscuous mode [ 660.114706][ T154] bond2 (unregistering): (slave geneve2): Releasing active interface [ 660.158744][ T154] bond2 (unregistering): Released all slaves [ 660.228711][ T154] bond1 (unregistering): (slave veth7): Releasing active interface [ 660.297997][ T154] bond1 (unregistering): (slave veth5): Releasing active interface [ 660.374966][ T154] bond1 (unregistering): Released all slaves [ 660.895615][ T154] team0 (unregistering): Port device team_slave_1 removed [ 660.911022][ T154] team0 (unregistering): Port device team_slave_0 removed [ 660.923082][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 660.938334][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 661.001956][ T154] bond0 (unregistering): Released all slaves [ 661.209144][T13144] device syzkaller0 entered promiscuous mode [ 664.139972][T13179] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2610'. [ 664.297627][T13001] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 664.344978][T13001] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 664.394799][T13001] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 664.473273][T13001] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 666.345649][T13001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 666.478766][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 666.600612][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 666.820962][T13001] 8021q: adding VLAN 0 to HW filter on device team0 [ 666.967849][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 666.976934][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 666.992806][T11405] bridge0: port 1(bridge_slave_0) entered blocking state [ 667.000118][T11405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 667.062124][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 667.119554][T13223] device syzkaller0 entered promiscuous mode [ 667.164060][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 667.178051][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 667.250884][T11405] bridge0: port 2(bridge_slave_1) entered blocking state [ 667.258151][T11405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 667.338211][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 667.388163][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 667.529648][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 668.208019][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 668.266209][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 668.347798][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 668.393111][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 668.440064][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 668.479903][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 668.508478][T13001] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 668.554301][T13001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 668.596678][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 668.635119][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 668.661535][T13246] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2628'. [ 670.859882][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 670.877552][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 670.902169][T13001] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 672.460006][T13293] device syzkaller0 entered promiscuous mode [ 673.382852][T13315] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2640'. [ 673.506238][T11394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 673.541054][T11394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 673.653095][T13001] device veth0_vlan entered promiscuous mode [ 673.717907][T11394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 673.753470][T11394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 673.795930][T11394] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 673.910574][T11394] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 673.989697][T13001] device veth1_vlan entered promiscuous mode [ 674.163293][T13001] device veth0_macvtap entered promiscuous mode [ 674.250079][T13001] device veth1_macvtap entered promiscuous mode [ 675.058277][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 675.124545][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 675.166095][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 675.616588][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 676.094819][T13001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.127449][T13001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.188408][T13001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.258048][T13001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.430574][T13001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.458346][T13001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.505683][T13001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.534129][T13001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.582624][T13001] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 676.648325][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 676.678402][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 676.944313][T13001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 676.981888][T13001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.046092][T13001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.072311][T13001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.089186][T13001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.103081][T13001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.121827][T13001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.133060][T13001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.150692][T13001] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 677.218318][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 677.266191][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 677.555673][T13001] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 677.587206][T13001] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 677.596083][T13001] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 677.605069][T13001] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 677.665224][T13361] device syzkaller0 entered promiscuous mode [ 678.296712][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 678.303033][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 678.770349][T11405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 678.810802][T11405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 679.111429][T11405] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 679.121188][T11405] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.261820][T11405] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.208419][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 681.606951][T13414] tipc: Enabling of bearer rejected, failed to enable media [ 684.254144][T13431] device syzkaller0 entered promiscuous mode [ 684.656450][T13429] binder_alloc: 13428: binder_alloc_buf, no vma [ 686.323590][T13458] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 686.965617][T13464] tipc: Enabling of bearer rejected, failed to enable media [ 689.910526][T13483] device syzkaller0 entered promiscuous mode [ 690.991765][T13499] binder: BINDER_SET_CONTEXT_MGR already set [ 691.030376][T13499] binder: 13497:13499 ioctl 4018620d 200000000040 returned -16 [ 694.230206][T13522] overlayfs: overlapping lowerdir path [ 695.723861][T13533] tipc: Enabled bearer , priority 0 [ 695.800417][T13535] device syzkaller0 entered promiscuous mode [ 695.829516][T13536] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 695.869852][T13532] tipc: Resetting bearer [ 696.197031][T13532] tipc: Disabling bearer [ 696.437984][T13536] overlayfs: failed to look up (tracing) for ino (-66) [ 696.547677][T13541] device syzkaller0 entered promiscuous mode [ 701.092183][T13601] device syzkaller0 entered promiscuous mode [ 703.989127][T13611] binder_alloc: 13610: binder_alloc_buf, no vma [ 704.769881][T13635] device syzkaller0 entered promiscuous mode [ 706.891333][T13623] device syz_tun left promiscuous mode [ 707.056945][T13646] chnl_net:caif_netlink_parms(): no params data found [ 708.119540][ T13] Bluetooth: hci5: command 0x0409 tx timeout [ 708.686756][T13646] bridge0: port 1(bridge_slave_0) entered blocking state [ 708.852699][T13646] bridge0: port 1(bridge_slave_0) entered disabled state [ 708.860972][T13646] device bridge_slave_0 entered promiscuous mode [ 709.109085][T13646] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.116714][T13646] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.203668][T13646] device bridge_slave_1 entered promiscuous mode [ 709.409600][T13646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 709.479946][T13679] binder_alloc: 13676: binder_alloc_buf, no vma [ 710.227839][ T4353] Bluetooth: hci5: command 0x041b tx timeout [ 710.252074][T13646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 710.891752][T13646] team0: Port device team_slave_0 added [ 710.950792][T13646] team0: Port device team_slave_1 added [ 711.168236][T13646] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 711.175208][T13646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 711.322748][T13646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 711.391556][T13646] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 711.421088][T13646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 711.813781][T13646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 712.123908][T13646] device hsr_slave_0 entered promiscuous mode [ 712.153307][ T4353] Bluetooth: hci5: command 0x040f tx timeout [ 712.166639][T13646] device hsr_slave_1 entered promiscuous mode [ 712.207851][T13646] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 712.225830][T13646] Cannot create hsr debugfs directory [ 714.127002][ T4344] Bluetooth: hci5: command 0x0419 tx timeout [ 714.691827][T13646] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 716.506939][T13646] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 716.789302][T13646] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 716.855337][T13741] device syzkaller0 entered promiscuous mode [ 716.885659][T13646] bridge0: port 4(netdevsim0) entered disabled state [ 717.202337][T13646] device netdevsim0 left promiscuous mode [ 717.212195][T13646] bridge0: port 4(netdevsim0) entered disabled state [ 717.268054][T13646] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.860840][T13646] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 719.022154][T13646] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 719.142351][T13646] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 719.160106][ T4344] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 719.240480][T13646] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 719.619730][T13646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 719.650199][ T4344] usb 4-1: Using ep0 maxpacket: 32 [ 719.699575][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 719.727576][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 719.771667][T13778] binder: BINDER_SET_CONTEXT_MGR already set [ 719.785892][T13646] 8021q: adding VLAN 0 to HW filter on device team0 [ 719.794666][ T4344] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 719.802470][T13778] binder: 13777:13778 ioctl 4018620d 200000000040 returned -16 [ 719.819706][ T4344] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 719.833955][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 720.414612][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 720.423682][ T4613] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.430742][ T4613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 720.448758][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 720.458011][ T4344] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 720.458673][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 720.498252][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 720.517043][ T4344] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 720.527763][ T4613] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.537291][ T4613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 720.573979][ T4344] usb 4-1: config 0 interface 0 has no altsetting 0 [ 720.618530][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 720.672433][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 720.716008][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 720.784475][ T4344] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 720.812189][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 720.812185][ T4344] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 720.812210][ T4344] usb 4-1: Product: syz [ 720.812224][ T4344] usb 4-1: Manufacturer: syz [ 720.885055][T13646] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 720.916788][T13646] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 720.987378][ T4344] usb 4-1: SerialNumber: syz [ 721.000855][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 721.014646][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 721.037909][ T4344] usb 4-1: config 0 descriptor?? [ 721.088861][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 721.127087][ T4344] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 721.156023][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 721.172204][ T4344] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 721.175211][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 721.256754][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 721.294661][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 721.352706][ T4613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 721.366614][ T4250] usb 4-1: USB disconnect, device number 19 [ 721.395116][ T4250] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 721.773965][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 721.781498][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 721.837631][T13646] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 721.975186][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 722.007109][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 722.048868][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 722.068177][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 722.121915][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 722.178889][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 722.210437][T13646] device veth0_vlan entered promiscuous mode [ 722.247827][T13646] device veth1_vlan entered promiscuous mode [ 722.334723][ T5247] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 722.387448][ T5247] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 722.445544][ T5247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 722.485794][ T5247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 722.533040][T13646] device veth0_macvtap entered promiscuous mode [ 722.588886][T13646] device veth1_macvtap entered promiscuous mode [ 722.700586][T13646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.748136][T13646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.758085][T13646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.770459][T13646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.790455][T13646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.859684][T13646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.904260][T13646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.983828][T13646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.019661][T13646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.078729][T13646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.226701][T13646] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 723.862730][ T4538] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 724.310017][ T4538] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 724.378574][ T4538] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 724.413532][ T4538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 724.449756][T13646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.489605][T13646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.528254][T13646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.558398][T13646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.597820][T13646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.631375][T13646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.679439][T13646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.697644][T13646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.718654][T13646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.745954][T13646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.773186][T13646] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 724.823959][T13813] device syzkaller0 entered promiscuous mode [ 724.845240][ T5247] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 724.864398][ T5247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 725.066089][T13646] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 725.093028][T13646] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 725.270006][T13646] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 725.298491][T13646] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.319593][T11394] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 727.341590][T11394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 727.927237][ T4538] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 728.057976][ T4538] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 729.545978][ T4538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 729.788176][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 731.296456][T13865] device syzkaller0 entered promiscuous mode [ 736.529672][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 736.536169][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 738.128576][T13916] device syzkaller0 entered promiscuous mode [ 741.830170][T13957] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.2792'. [ 743.011475][T13971] device syzkaller0 entered promiscuous mode [ 745.699099][T13984] overlayfs: missing 'lowerdir' [ 745.765636][T13985] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 748.184876][T13378] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 748.546932][T13378] usb 5-1: config 4 has an invalid interface number: 56 but max is 0 [ 748.573900][T13378] usb 5-1: config 4 has no interface number 0 [ 749.803699][T13378] usb 5-1: New USB device found, idVendor=2c7c, idProduct=0512, bcdDevice=b4.16 [ 749.816250][T13378] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 749.844253][T13378] usb 5-1: Product: syz [ 749.848439][T13378] usb 5-1: Manufacturer: syz [ 749.883032][T13378] usb 5-1: SerialNumber: syz [ 750.118784][T14020] device syzkaller0 entered promiscuous mode [ 750.185004][T13378] qmi_wwan: probe of 5-1:4.56 failed with error -22 [ 751.267349][T13378] usb 5-1: USB disconnect, device number 2 [ 751.625652][T14032] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 751.648726][T14032] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 753.352487][T14057] autofs4:pid:14057:autofs_fill_super: called with bogus options [ 754.616874][T14066] device syzkaller0 entered promiscuous mode [ 756.125703][T13828] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 756.630057][T13828] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 756.658862][T13828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.687014][T13828] usb 2-1: Product: syz [ 756.691297][T13828] usb 2-1: Manufacturer: syz [ 756.696378][T13828] usb 2-1: SerialNumber: syz [ 756.773613][T13828] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 757.525099][T13828] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 757.927330][ T23] usb 2-1: USB disconnect, device number 13 [ 758.703081][T13828] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 758.715162][T13828] ath9k_htc: Failed to initialize the device [ 758.721811][ T23] usb 2-1: ath9k_htc: USB layer deinitialized [ 759.029239][ T4250] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 759.458056][ T4250] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 759.537928][ T4250] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 759.591012][ T4250] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 760.258314][ T4250] usb 4-1: config 0 descriptor?? [ 760.326157][ T4250] pwc: Askey VC010 type 2 USB webcam detected. [ 760.698037][T14128] device syzkaller0 entered promiscuous mode [ 760.733954][ T4250] pwc: recv_control_msg error -32 req 02 val 2b00 [ 760.894186][ T4250] pwc: recv_control_msg error -32 req 02 val 2700 [ 760.943409][ T4250] pwc: recv_control_msg error -32 req 02 val 2c00 [ 761.800083][ T4250] pwc: recv_control_msg error -32 req 04 val 1300 [ 761.957085][ T4250] pwc: recv_control_msg error -32 req 04 val 1400 [ 762.359193][T14143] netlink: 'syz.1.2843': attribute type 8 has an invalid length. [ 762.369722][T14143] bridge0: port 2(bridge_slave_1) entered disabled state [ 762.377330][T14143] bridge0: port 1(bridge_slave_0) entered disabled state [ 762.628660][ T4250] pwc: recv_control_msg error -32 req 02 val 2000 [ 762.728342][T14146] autofs4:pid:14146:autofs_fill_super: called with bogus options [ 762.755385][ T4250] pwc: recv_control_msg error -32 req 02 val 2100 [ 762.819085][ T4250] pwc: recv_control_msg error -32 req 04 val 1500 [ 763.666551][ T4250] pwc: recv_control_msg error -71 req 02 val 2400 [ 763.742799][ T4250] pwc: recv_control_msg error -71 req 02 val 2600 [ 763.761562][ T4250] pwc: recv_control_msg error -71 req 02 val 2900 [ 763.903495][ T4250] pwc: recv_control_msg error -71 req 02 val 2800 [ 763.923464][ T4250] pwc: recv_control_msg error -71 req 04 val 1100 [ 764.294962][ T4250] pwc: recv_control_msg error -71 req 04 val 1200 [ 764.311342][ T4250] pwc: Registered as video103. [ 764.317640][ T4250] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input19 [ 764.334485][ T4250] usb 4-1: USB disconnect, device number 20 [ 765.579984][ T4250] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 766.979408][ T4250] usb 4-1: device descriptor read/all, error -71 [ 767.885404][T14194] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 767.910622][T14194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 767.933820][T14194] 8021q: adding VLAN 0 to HW filter on device team0 [ 768.102757][ T23] Bluetooth: hci1: command 0x0406 tx timeout [ 768.131502][T14194] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 769.125225][T14211] device syzkaller0 entered promiscuous mode [ 769.481154][ T4250] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 769.892900][ T4250] usb 4-1: Using ep0 maxpacket: 16 [ 770.035841][ T4250] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 771.073720][ T4250] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 772.086725][ T4250] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 772.106254][ T4250] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 772.116214][ T4250] usb 4-1: config 0 descriptor?? [ 772.149681][ T4250] usb 4-1: can't set config #0, error -71 [ 772.250776][ T4250] usb 4-1: USB disconnect, device number 23 [ 773.047370][T14244] device syzkaller0 entered promiscuous mode [ 774.987140][ T4325] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 775.411427][ T4353] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 775.496535][ T4325] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 775.535666][ T4325] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 775.644884][ T4325] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 775.668656][ T4325] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 775.707184][ T4325] usb 2-1: SerialNumber: syz [ 775.768205][ T4353] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 775.784784][ T4353] usb 4-1: config 0 has no interface number 0 [ 775.800902][ T4353] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 775.852432][ T4353] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 776.008143][ T4325] usb 2-1: 0:2 : does not exist [ 776.057662][ T4353] usb 4-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 776.073849][ T4325] usb 2-1: USB disconnect, device number 14 [ 776.090543][ T4353] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 776.110383][ T4353] usb 4-1: Product: syz [ 776.130354][ T4353] usb 4-1: Manufacturer: syz [ 776.138382][ T4353] usb 4-1: SerialNumber: syz [ 776.154104][ T4353] usb 4-1: config 0 descriptor?? [ 776.187840][T14274] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 776.217228][ T4353] usb-storage 4-1:0.20: USB Mass Storage device detected [ 776.385910][ T4353] usb-storage 4-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 777.069321][ T4353] scsi host1: usb-storage 4-1:0.20 [ 777.743345][T14296] autofs4:pid:14296:autofs_fill_super: called with bogus options [ 777.821479][T13828] usb 4-1: USB disconnect, device number 24 [ 779.243523][T14318] device syzkaller0 entered promiscuous mode [ 783.293616][T14345] autofs4:pid:14345:autofs_fill_super: called with bogus options [ 784.565956][T14357] bond0: (slave bond_slave_1): Releasing backup interface [ 784.708122][T14357] device bond_slave_1 left promiscuous mode [ 784.821296][T14367] ALSA: mixer_oss: invalid OSS volume '' [ 784.980596][ T26] audit: type=1326 audit(1769304667.656:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14354 comm="syz.3.2907" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed77f40cb9 code=0x0 [ 786.072644][ T4344] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 788.331102][ T4344] usb 2-1: Using ep0 maxpacket: 16 [ 788.522165][ T4344] usb 2-1: unable to read config index 0 descriptor/all [ 788.529154][ T4344] usb 2-1: can't read configurations, error -71 [ 792.869127][T14429] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2922'. [ 793.208687][T14426] device syzkaller0 entered promiscuous mode [ 795.038376][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 795.044693][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 797.529080][ T26] audit: type=1326 audit(1769304680.833:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14474 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 797.826032][ T26] audit: type=1326 audit(1769304680.843:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14474 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 798.003156][ T26] audit: type=1326 audit(1769304680.843:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14474 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 798.182011][ T26] audit: type=1326 audit(1769304680.843:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14474 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 798.238042][T14480] overlayfs: overlapping lowerdir path [ 798.310768][ T26] audit: type=1326 audit(1769304680.843:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14474 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 798.693620][ T26] audit: type=1326 audit(1769304680.843:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14474 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 798.741764][ T26] audit: type=1326 audit(1769304680.864:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14474 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 799.749103][ T26] audit: type=1326 audit(1769304680.864:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14474 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 800.254313][ T26] audit: type=1326 audit(1769304680.875:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14474 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 800.407987][T14502] bridge0: port 3(gretap0) entered blocking state [ 800.414701][T14502] bridge0: port 3(gretap0) entered disabled state [ 800.426412][T14502] device gretap0 entered promiscuous mode [ 800.641460][ T26] audit: type=1326 audit(1769304680.875:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14474 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 804.256120][T14527] overlayfs: overlapping lowerdir path [ 806.499603][T14557] device syzkaller0 entered promiscuous mode [ 807.387182][T14571] overlayfs: overlapping lowerdir path [ 810.969811][ T26] kauditd_printk_skb: 37 callbacks suppressed [ 810.969824][ T26] audit: type=1326 audit(1769304694.124:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14594 comm="syz.3.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 811.141672][ T26] audit: type=1326 audit(1769304694.161:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14594 comm="syz.3.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 811.237392][ T26] audit: type=1326 audit(1769304694.161:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14594 comm="syz.3.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 811.263377][T14604] device syzkaller0 entered promiscuous mode [ 811.453244][ T26] audit: type=1326 audit(1769304694.161:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14594 comm="syz.3.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 811.557375][ T26] audit: type=1326 audit(1769304694.161:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14594 comm="syz.3.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 811.580100][ T26] audit: type=1326 audit(1769304694.208:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14594 comm="syz.3.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 811.627284][ T26] audit: type=1326 audit(1769304694.208:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14594 comm="syz.3.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 812.301506][ T26] audit: type=1326 audit(1769304694.208:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14594 comm="syz.3.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 812.383496][ T146] Bluetooth: hci1: Unknown advertising packet type: 0xbb95 [ 812.383804][ T146] ================================================================== [ 812.393821][ T26] audit: type=1326 audit(1769304694.208:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14594 comm="syz.3.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fed77f40cb9 code=0x7ffc0000 [ 812.399559][ T146] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x1324/0x3c90 [ 812.429707][ T146] Read of size 1 at addr ffff888077ce340a by task kworker/u5:0/146 [ 812.437609][ T146] [ 812.439940][ T146] CPU: 0 PID: 146 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 812.447664][ T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 812.457724][ T146] Workqueue: hci1 hci_rx_work [ 812.462398][ T146] Call Trace: [ 812.465663][ T146] [ 812.468581][ T146] dump_stack_lvl+0x188/0x250 [ 812.473246][ T146] ? show_regs_print_info+0x20/0x20 [ 812.478428][ T146] ? load_image+0x400/0x400 [ 812.482922][ T146] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 812.488501][ T146] print_address_description+0x60/0x2d0 [ 812.494160][ T146] ? hci_le_meta_evt+0x1324/0x3c90 [ 812.499262][ T146] kasan_report+0xdf/0x130 [ 812.503667][ T146] ? hci_le_meta_evt+0x1324/0x3c90 [ 812.508765][ T146] hci_le_meta_evt+0x1324/0x3c90 [ 812.513729][ T146] ? hci_remote_host_features_evt+0x280/0x280 [ 812.519777][ T146] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 812.525396][ T146] ? mark_lock+0x94/0x320 [ 812.529708][ T146] ? mutex_unlock+0x10/0x10 [ 812.534201][ T146] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 812.540362][ T146] ? lock_chain_count+0x20/0x20 [ 812.545201][ T146] ? __rwlock_init+0x140/0x140 [ 812.549953][ T146] hci_event_packet+0xe48/0x1370 [ 812.554875][ T146] ? lockdep_hardirqs_on+0x94/0x140 [ 812.560060][ T146] ? rcu_lock_release+0x20/0x20 [ 812.564895][ T146] ? hci_send_to_monitor+0x9c/0x4a0 [ 812.570171][ T146] hci_rx_work+0x255/0xa10 [ 812.574595][ T146] process_one_work+0x85f/0x1010 [ 812.579539][ T146] ? worker_detach_from_pool+0x240/0x240 [ 812.585156][ T146] ? lockdep_hardirqs_off+0x70/0x100 [ 812.590425][ T146] ? _raw_spin_lock_irq+0xb7/0xf0 [ 812.595438][ T146] ? _raw_spin_lock_irqsave+0x100/0x100 [ 812.600969][ T146] ? wq_worker_running+0x97/0x170 [ 812.605974][ T146] worker_thread+0xaa6/0x1290 [ 812.610661][ T146] kthread+0x436/0x520 [ 812.614738][ T146] ? rcu_lock_release+0x20/0x20 [ 812.619711][ T146] ? kthread_blkcg+0xd0/0xd0 [ 812.624294][ T146] ret_from_fork+0x1f/0x30 [ 812.628699][ T146] [ 812.631702][ T146] [ 812.634015][ T146] Allocated by task 14612: [ 812.638415][ T146] __kasan_kmalloc+0xb5/0xf0 [ 812.642997][ T146] __alloc_skb+0x22c/0x750 [ 812.647393][ T146] vhci_write+0xbc/0x450 [ 812.651617][ T146] vfs_write+0x745/0xd60 [ 812.655841][ T146] ksys_write+0x152/0x260 [ 812.660149][ T146] do_syscall_64+0x4c/0xa0 [ 812.664550][ T146] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 812.670438][ T146] [ 812.672747][ T146] Last potentially related work creation: [ 812.678437][ T146] kasan_save_stack+0x35/0x60 [ 812.683099][ T146] kasan_record_aux_stack+0xb8/0x100 [ 812.688363][ T146] kvfree_call_rcu+0x105/0x7d0 [ 812.693102][ T146] neigh_periodic_work+0x407/0xc70 [ 812.698241][ T146] process_one_work+0x85f/0x1010 [ 812.703256][ T146] worker_thread+0xaa6/0x1290 [ 812.707919][ T146] kthread+0x436/0x520 [ 812.711970][ T146] ret_from_fork+0x1f/0x30 [ 812.716368][ T146] [ 812.718674][ T146] Second to last potentially related work creation: [ 812.725233][ T146] kasan_save_stack+0x35/0x60 [ 812.729889][ T146] kasan_record_aux_stack+0xb8/0x100 [ 812.735152][ T146] kvfree_call_rcu+0x105/0x7d0 [ 812.739897][ T146] neigh_periodic_work+0x407/0xc70 [ 812.744990][ T146] process_one_work+0x85f/0x1010 [ 812.749905][ T146] worker_thread+0xaa6/0x1290 [ 812.754651][ T146] kthread+0x436/0x520 [ 812.758708][ T146] ret_from_fork+0x1f/0x30 [ 812.763199][ T146] [ 812.765506][ T146] The buggy address belongs to the object at ffff888077ce3000 [ 812.765506][ T146] which belongs to the cache kmalloc-1k of size 1024 [ 812.779539][ T146] The buggy address is located 10 bytes to the right of [ 812.779539][ T146] 1024-byte region [ffff888077ce3000, ffff888077ce3400) [ 812.793318][ T146] The buggy address belongs to the page: [ 812.798931][ T146] page:ffffea0001df3800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77ce0 [ 812.809064][ T146] head:ffffea0001df3800 order:3 compound_mapcount:0 compound_pincount:0 [ 812.817383][ T146] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 812.825353][ T146] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888016c41dc0 [ 812.833930][ T146] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 812.842591][ T146] page dumped because: kasan: bad access detected [ 812.849093][ T146] page_owner tracks the page as allocated [ 812.854793][ T146] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3985, ts 28146216151, free_ts 28119111795 [ 812.873975][ T146] get_page_from_freelist+0x1bbd/0x1ca0 [ 812.879527][ T146] __alloc_pages+0x1ee/0x480 [ 812.884108][ T146] new_slab+0xc0/0x4b0 [ 812.888155][ T146] ___slab_alloc+0x80a/0xdd0 [ 812.892736][ T146] __kmalloc+0x1cd/0x330 [ 812.896983][ T146] load_elf_phdrs+0x132/0x230 [ 812.901658][ T146] load_elf_binary+0x962/0x28e0 [ 812.906586][ T146] bprm_execve+0xaee/0x1840 [ 812.911082][ T146] do_execveat_common+0x51e/0x6d0 [ 812.916198][ T146] __x64_sys_execve+0x8e/0xa0 [ 812.920857][ T146] do_syscall_64+0x4c/0xa0 [ 812.925260][ T146] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 812.931134][ T146] page last free stack trace: [ 812.935818][ T146] free_unref_page_prepare+0x637/0x6c0 [ 812.941392][ T146] free_unref_page+0x8f/0x2a0 [ 812.946075][ T146] __unfreeze_partials+0x1a5/0x200 [ 812.951365][ T146] put_cpu_partial+0x12d/0x190 [ 812.956144][ T146] qlist_free_all+0x35/0x90 [ 812.960637][ T146] kasan_quarantine_reduce+0x150/0x160 [ 812.966218][ T146] __kasan_slab_alloc+0x2f/0xd0 [ 812.971064][ T146] slab_post_alloc_hook+0x4c/0x380 [ 812.976163][ T146] kmem_cache_alloc+0x100/0x290 [ 812.981010][ T146] getname_flags+0xb5/0x500 [ 812.985585][ T146] do_sys_openat2+0xdd/0x4b0 [ 812.990155][ T146] __x64_sys_openat+0x135/0x160 [ 812.994985][ T146] do_syscall_64+0x4c/0xa0 [ 812.999380][ T146] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 813.005253][ T146] [ 813.007582][ T146] Memory state around the buggy address: [ 813.013186][ T146] ffff888077ce3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 813.021226][ T146] ffff888077ce3380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 813.029267][ T146] >ffff888077ce3400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 813.037307][ T146] ^ [ 813.041611][ T146] ffff888077ce3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 813.049658][ T146] ffff888077ce3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 813.058053][ T146] ================================================================== [ 813.066551][ T146] Disabling lock debugging due to kernel taint [ 813.079046][ T146] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 813.086259][ T146] CPU: 0 PID: 146 Comm: kworker/u5:0 Tainted: G B syzkaller #0 [ 813.095107][ T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 813.105160][ T146] Workqueue: hci1 hci_rx_work [ 813.109832][ T146] Call Trace: [ 813.113101][ T146] [ 813.116016][ T146] dump_stack_lvl+0x188/0x250 [ 813.120682][ T146] ? show_regs_print_info+0x20/0x20 [ 813.125874][ T146] ? load_image+0x400/0x400 [ 813.133400][ T146] panic+0x2e5/0x810 [ 813.137620][ T146] ? bpf_jit_dump+0xd0/0xd0 [ 813.142123][ T146] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 813.148145][ T146] ? _raw_spin_unlock+0x40/0x40 [ 813.153007][ T146] ? hci_le_meta_evt+0x1324/0x3c90 [ 813.158455][ T146] check_panic_on_warn+0x80/0xa0 [ 813.163390][ T146] ? hci_le_meta_evt+0x1324/0x3c90 [ 813.168505][ T146] end_report+0x6d/0xf0 [ 813.172649][ T146] kasan_report+0x102/0x130 [ 813.177135][ T146] ? hci_le_meta_evt+0x1324/0x3c90 [ 813.182229][ T146] hci_le_meta_evt+0x1324/0x3c90 [ 813.187149][ T146] ? hci_remote_host_features_evt+0x280/0x280 [ 813.193712][ T146] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 813.199337][ T146] ? mark_lock+0x94/0x320 [ 813.203646][ T146] ? mutex_unlock+0x10/0x10 [ 813.208129][ T146] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 813.214090][ T146] ? lock_chain_count+0x20/0x20 [ 813.218919][ T146] ? __rwlock_init+0x140/0x140 [ 813.223665][ T146] hci_event_packet+0xe48/0x1370 [ 813.228585][ T146] ? lockdep_hardirqs_on+0x94/0x140 [ 813.233765][ T146] ? rcu_lock_release+0x20/0x20 [ 813.238602][ T146] ? hci_send_to_monitor+0x9c/0x4a0 [ 813.243789][ T146] hci_rx_work+0x255/0xa10 [ 813.248194][ T146] process_one_work+0x85f/0x1010 [ 813.253113][ T146] ? worker_detach_from_pool+0x240/0x240 [ 813.258724][ T146] ? lockdep_hardirqs_off+0x70/0x100 [ 813.264010][ T146] ? _raw_spin_lock_irq+0xb7/0xf0 [ 813.269016][ T146] ? _raw_spin_lock_irqsave+0x100/0x100 [ 813.274590][ T146] ? wq_worker_running+0x97/0x170 [ 813.279625][ T146] worker_thread+0xaa6/0x1290 [ 813.284302][ T146] kthread+0x436/0x520 [ 813.288357][ T146] ? rcu_lock_release+0x20/0x20 [ 813.293708][ T146] ? kthread_blkcg+0xd0/0xd0 [ 813.298372][ T146] ret_from_fork+0x1f/0x30 [ 813.302775][ T146] [ 813.306095][ T146] Kernel Offset: disabled [ 813.310409][ T146] Rebooting in 86400 seconds..