last executing test programs: 11m34.654635627s ago: executing program 2 (id=10): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05", @ANYRES8=r0, @ANYRES16, @ANYRES16], 0x0) 11m31.038593809s ago: executing program 2 (id=18): syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000000904"], 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000380), 0x3, 0xbc01) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000180)=""/135) 11m26.848712306s ago: executing program 2 (id=24): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e20, 0x5, @private1, 0xe}, 0x1c) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0xe}, 0x1c) 11m26.662055044s ago: executing program 2 (id=26): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000000)={&(0x7f00000000c0)=[{0x1, 0x8000, 0x0, 0x0}, {0x1, 0xda01, 0x0, 0x0}], 0x2}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="020300021000000000000000000000000200080008000000fd0000000000000005000600000000000a000000000000000000000000000000000000000000000100000000000000000200010000000000000000fc00"], 0x80}, 0x1, 0x7}, 0x0) connect$can_bcm(r2, &(0x7f00000005c0), 0x10) recvmmsg(r2, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}], 0x1, 0x10002, 0x0) r4 = syz_usbip_server_init(0x1) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000027ae9140ac055902b2f00000000109021200010000000001"], 0x0) write$usbip_server(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000300000001"], 0x35) sendmsg$can_bcm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0xd, 0x20000000ec071, 0xffffffffffffffff, 0x0) recvfrom$packet(r2, 0x0, 0x0, 0x40000000, 0x0, 0x0) 11m14.221311326s ago: executing program 2 (id=47): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/sctp\x00') r1 = open_tree(r0, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800849, 0x0) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) r5 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_pidfd_open(r5, 0x0) setns(r6, 0x24020000) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) 11m12.597406435s ago: executing program 2 (id=49): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESHEX=0x0]) read$FUSE(r0, &(0x7f0000002480)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x21831002, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x20}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x18d042, 0x140) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r4, 0x0) 10m56.743901932s ago: executing program 32 (id=49): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESHEX=0x0]) read$FUSE(r0, &(0x7f0000002480)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x21831002, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x20}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x18d042, 0x140) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r4, 0x0) 9m46.299383554s ago: executing program 5 (id=258): ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r0, 0x5607, 0x2c) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) ioctl$TIOCL_BLANKSCREEN(r2, 0x541c, &(0x7f0000000040)) ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000280)) 9m44.887630673s ago: executing program 5 (id=262): prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e2400fa050001"], 0x1e8}, 0x1, 0x0, 0x0, 0x48091}, 0x0) 9m44.060381188s ago: executing program 5 (id=266): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$video(&(0x7f0000000000), 0x3, 0x0) r4 = epoll_create(0x8) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000011c0)={0x8000101c}) 9m41.612895121s ago: executing program 5 (id=273): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 9m39.644435443s ago: executing program 5 (id=278): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) 9m39.532090398s ago: executing program 5 (id=280): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 9m24.347751517s ago: executing program 33 (id=280): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 1m33.43048541s ago: executing program 6 (id=2209): socket(0x8000000010, 0x2, 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0xc, 0x0) pselect6(0x40, &(0x7f0000000300)={0x0, 0x4000000000000000, 0x0, 0x1, 0x0, 0x0, 0x10000, 0x7}, &(0x7f0000000240)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffffffffe, 0x957}, 0x0, 0x0, 0x0) 1m33.228219938s ago: executing program 6 (id=2211): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000050000", @ANYBLOB], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==") 1m32.181312022s ago: executing program 6 (id=2215): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb01001800000000000d000000000024000000"], 0x0, 0x3e}, 0x28) 1m32.032015329s ago: executing program 6 (id=2217): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x52, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mq_open(0x0, 0x40, 0x22, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r3 = timerfd_create(0x7, 0x0) timerfd_settime(r3, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0) readv(r3, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/52, 0x34}], 0x1) close(r1) mknodat(0xffffffffffffff9c, 0x0, 0x21c0, 0x103) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8b18, &(0x7f0000000300)={'wlan1\x00', @random="010000000700"}) ioctl$SIOCSIFHWADDR(r1, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"}) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') preadv(r5, &(0x7f0000000640)=[{0x0}], 0x1, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010000d0400"/18, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00138009000100626f6e64000000000c0002800800140001000000"], 0x3c}}, 0x0) 1m30.772283902s ago: executing program 6 (id=2221): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x28, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x50}}, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000200)='.\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x2125099, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x8, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@empty, @in6=@private0}}, {{@in=@dev}, 0x0, @in=@broadcast}}, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000040)='.\x00', 0x2) 1m30.516390033s ago: executing program 6 (id=2226): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000050000", @ANYBLOB], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==") 1m15.418033753s ago: executing program 34 (id=2226): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000050000", @ANYBLOB], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==") 21.780064607s ago: executing program 1 (id=2578): r0 = socket$packet(0x11, 0x3, 0x300) syz_open_dev$video4linux(&(0x7f0000000000), 0xf, 0x101800) socket$netlink(0x10, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r3 = memfd_create(&(0x7f00000009c0)='y\x105\xf3\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x2) ftruncate(r3, 0xffff) fcntl$addseals(r3, 0x409, 0x7) r4 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000100)={r3, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000080)=0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'hsr0\x00'}) syz_io_uring_setup(0x3b, &(0x7f00000001c0)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000100)) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r9, 0x0, r8, 0x0, 0x1000, 0x0) splice(r6, 0x0, r10, 0x0, 0x80, 0x0) write$binfmt_aout(r7, &(0x7f00000004c0)=ANY=[], 0x120) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) 21.110764445s ago: executing program 1 (id=2586): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000540)={r4, &(0x7f0000000480), &(0x7f0000000340)=@udp6=r0}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r5, r2, 0x25, 0x2, @val=@tcx}, 0x1c) syz_emit_ethernet(0x37, &(0x7f00000007c0)=ANY=[], 0x0) 20.933409753s ago: executing program 1 (id=2589): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() getpeername$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="38000000070a010100000006000000000a0040010900010073797a"], 0x38}, 0x1, 0x0, 0x0, 0x20040850}, 0x44054) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r5}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4}, 0x0, &(0x7f0000000080)=r5}, 0x20) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) request_key(&(0x7f0000002740)='asymmetric\x00', 0x0, &(0x7f00000027c0)=',*[\\/&)\x00', 0xffffffffffffffff) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdx2Dd', 0x0) r6 = syz_open_dev$vim2m(&(0x7f0000000480), 0x3, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, 0x0) 19.689980985s ago: executing program 1 (id=2593): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_4ADDR={0x5}]}, 0x24}}, 0x0) 19.546305821s ago: executing program 1 (id=2595): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_freeze_timeout', 0x101, 0x0) write$binfmt_aout(r0, 0x0, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_mount_image$hfsplus(&(0x7f0000000a40), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2800410, &(0x7f0000000000)=ANY=[], 0x1, 0x692, &(0x7f0000001140)="$eJzs3UtsHGcdAPD/rNdrbwip2zptQJVqNRIgLBI7lgvmQkCALNFDVQ6crcRprGzSYm+RWyG6vK899AhSOfiAxAmJe6Ry4QK3HnrZYyUkLr1gTotmdmbfTnfz2nXz+0Wz3zfzzff6z2u9q2gDeGJtr0b5biSxvfrKYbrePNqoNY82bhf5iFiIiEZEOSJKEZH8t9VqfRhxNSLpNJMMpBHz/f28v7f12kefNj9pr5XzJdu/1FfvvjTyJVYiYi5PH1Z71x64vaQzw6sRcTFPYerSy7TV56f/ONsuqfTtWB1Ve/HxDBJ4pJL2c3PIUsSZ/EJP3we0n4rtZ/ap1pj2AAAAAOAxeOo4juMwOTftcQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBp0ej+/n+SL6UivxJJ8fv/lXxb5PnZ8uLYe5Yf6TgAAAAAAAAA4H4tTF7lxeM4jsM4V6y3kuw7/5eyleXs9QvxVhzEbuzHpTiMnahHPfZjPSKWehqqHO7U6/vrY9S8MrLmH8acW3WoZHgLAAAAAAAAADx5fhXb3e//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgFiQRc+0kW5aj3N68FKU0txgRlXRDI+JfRf40uzvtAQAAAMCDq47auNCTf+o4juMwzhXrrSSWI+K57O//xXgr7kQ99qIetdiN69lnAu2/+kvNo41a82jjdroM9/Hd/0w0zqzFaH/2MLrnC9ke1bgRe9mWS3Et3ohaXI9SVjN1IR9P0erAuH6Zjin5Tm7MkV3P03Tm72XpiM883p1osie594cptxbzzFzPnqWY70RkLT86aTSeLo7M6CNUHJ358Qa2NNDTepQ6Q1ge6GlgEt2YL47XV+pMnqbz+V2ezoa+SGQz6p59z9075hFf/dtffnKzdufWzRsHq7MzpfHM5Wkre60OnxMbPZF4/vMciSFrWSTOd9a344fx41iNlXg19mMvfhY7UY/dWInvZ7md/HxOei75EyJ1tW/t1RMG0Ll5V/IztH2wJhvTS1ndc7HXuSm8nP27EuvxzdiMzdjqOcLn732Es6u+dMKdtvXFkbO4+LU8kz6zfn/Ss2sq0rg+XcQ1ib577lJW1rulG6VnxojShM+j8pfzazDt49d5OhsGI7HeE4lnm0fFHWRUJP6UTemgdufW/s2dN8fr7pn38kx6Hf12pp4Slfwaan930n92pOfSsyPL1rOy5U5ZaajsfKesfaU24o24HrsjrtRK/h5uuKUrWdnzI8s2srILPWWj3m8BMNPSx+GZr5+pVP9d/Wf1g+pvqjerryx+b+FbCy9UYv7v898ur819pfRC8tf4IH7RfQsJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcv4O337m1U6vt7vdlGrVWq/XuyKIHzXz88Z+zH3h6+C2Pkyl+jOgxdvqlsxGfufPZqUTjgTNJMu7O/2u1WvmW5OENoxST1pofa+dWblbiPI3MdO9LwKN3uX77zcsHb7/zjb3bO6/vvr57Z2tzc2tta/Pljcs39mq7a+3XwVoT/KYrMLO6D/3Bkj9OZ0AAAAAAAAAAAADAZ3rU/4sgmfYEAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFNvezXKdyOJ9bVLa+l682ijli5FvrtnOSJKEZH8PCL5MOJqtJdY6mkuOamf9/e2Xvvo0+Yn3bbKxf6lEfV+MNksGvkSKxExl6eFH43VRPnE9q4Nlk4s6cwwDdjFInAwbf8PAAD//+t+BNc=") r1 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = getpid() r3 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) syz_emit_ethernet(0x4e, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) close(r6) 18.012557137s ago: executing program 1 (id=2602): r0 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) unlink(&(0x7f00000002c0)='./file0\x00') sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x1}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x0) 4.766218438s ago: executing program 3 (id=2683): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = shmget$private(0x0, 0x2000, 0x100, &(0x7f0000ff9000/0x2000)=nil) shmat(r3, &(0x7f0000000000/0x2000)=nil, 0x5000) io_setup(0x6, &(0x7f00000003c0)) 3.520184411s ago: executing program 7 (id=2686): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}}) 3.324026149s ago: executing program 7 (id=2689): syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0x0, 0x7fff8000}]}) close_range(r3, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="280100000000000001000000"], 0x128}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = socket$igmp6(0xa, 0x3, 0x2) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e24, 0xfffffff8, @mcast2, 0x74db}, 0x1c) socket(0x6, 0x3, 0x8) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYBLOB="800000000802110000018802110000000802110000"], 0x36) 2.708082635s ago: executing program 0 (id=2692): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000400)={'wlan0\x00', &(0x7f0000000440)=@ethtool_cmd={0x2e, 0x5, 0x6, 0x9, 0x7f, 0x2, 0xcd, 0xff, 0x5, 0x62, 0x1, 0x2, 0x0, 0xc, 0x6, 0x8, [0x3d6b, 0x443f]}}) 2.692327186s ago: executing program 4 (id=2693): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(0xffffffffffffffff, &(0x7f0000000000)="09000000010000", 0x7) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_io_uring_submit(0x0, 0x0, 0x0) waitid(0x2, r1, 0x0, 0x4, &(0x7f0000000500)) r4 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe) r5 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, 0x0, 0x0, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}, 0x4}) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, 0x7f}}, './file0\x00'}) r6 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0xc081, 0x0) sendmsg$nl_route(r6, &(0x7f0000000680)={0x0, 0x5d, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x20000824}, 0x20004000) ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "230700dd"}, 0xffffffff, 0x2, {}, 0x1c000}) 1.841353492s ago: executing program 0 (id=2694): syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r3}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x24, 0x401, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x5, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0x4, 0x7, 0x6c7, 0x9, 0x9, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x3, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0xc, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0xd, 0x6, 0x10, 0x1, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x4, 0x2, 0x3, 0x20000008, 0x2, 0x6d03, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x0, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x6, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x228, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f00000002c0)=0x3) 1.594367762s ago: executing program 4 (id=2695): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x8000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00'}, 0x10) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.508453736s ago: executing program 7 (id=2696): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setitimer(0x0, 0x0, 0x0) setitimer(0x0, &(0x7f00000000c0)={{}, {0x0, 0xea60}}, 0x0) 1.496747596s ago: executing program 3 (id=2697): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0xf4) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x18) sendfile(r0, r0, 0x0, 0x80000000) 1.422363739s ago: executing program 7 (id=2698): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TCFLSH(r0, 0x5410, 0x0) 1.300321275s ago: executing program 7 (id=2699): r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000002f00)=[{{&(0x7f0000000000)={0x2, 0x4e23, @empty}, 0x10, 0x0, 0x0, &(0x7f0000003380)=[@ip_ttl={{0x14, 0x0, 0x2, 0x7}}], 0x18}}], 0x1, 0x80) 1.300036325s ago: executing program 3 (id=2700): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_OPER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x24, r3, 0xfd39e943ccf1163b, 0x4070bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x50) 602.011665ms ago: executing program 7 (id=2701): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r2}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 582.296585ms ago: executing program 0 (id=2702): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(&(0x7f00000001c0)='binder\x00', 0x1) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r1, 0xffffffffffffffff, 0x0) 397.672073ms ago: executing program 0 (id=2703): mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x6031, 0xffffffffffffffff, 0xfffff000) munlockall() 397.389623ms ago: executing program 4 (id=2704): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r4], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10) sendmsg$NL80211_CMD_DEL_INTERFACE(r0, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x28, r5, 0x800, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xb, 0x66}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x24004094) 347.406425ms ago: executing program 4 (id=2705): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000540)={r4, &(0x7f0000000480), &(0x7f0000000340)=@udp6=r0}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r5, r2, 0x25, 0x2, @val=@tcx}, 0x1c) syz_emit_ethernet(0x37, &(0x7f00000007c0)=ANY=[], 0x0) 272.262828ms ago: executing program 3 (id=2706): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 271.411748ms ago: executing program 4 (id=2707): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setitimer(0x0, 0x0, 0x0) setitimer(0x0, &(0x7f00000000c0)={{}, {0x0, 0xea60}}, 0x0) 142.650194ms ago: executing program 4 (id=2708): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0) shutdown(r0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 142.291084ms ago: executing program 3 (id=2709): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setresuid(0x0, 0xee00, 0x0) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)={0x54, 0x12, 0x111, 0x70bd2b, 0x25dfdbff, {0x1, 0xd, 0x6, 0x77, {0x4e22, 0x4e21, [0x1, 0xffffff00, 0x8001, 0x8], [0x1, 0x20011f2, 0x9], 0x0, [0x0, 0x8]}, 0xffffffff, 0x28f}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x1, "0b87dd9f"}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004000}, 0x40014) 142.208264ms ago: executing program 0 (id=2710): r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) write$binfmt_register(r0, &(0x7f0000000340)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x1, 0x3a, '.', 0x3a, '*', 0x3a, './file0', 0x3a, [0x4f, 0x46]}, 0x2b) 282.32µs ago: executing program 0 (id=2711): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x6}, 0x28) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x2, 0x2, 0x4}, 0x50) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$rfkill(r2, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1}, 0x8) 0s ago: executing program 3 (id=2712): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000280)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f00000000c0)=0x3, 0x8) kernel console output (not intermixed with test programs): 307852][ T7137] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 303.380274][ T7139] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 303.611326][ T4930] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 303.871331][ T4930] usb 2-1: Using ep0 maxpacket: 32 [ 304.241584][ T4930] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 304.289770][ T4930] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 304.521484][ T4930] usb 2-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b [ 304.631475][ T4247] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 304.729306][ T7154] ALSA: mixer_oss: invalid OSS volume '' [ 304.812999][ T7154] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 305.178161][ T4930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.256794][ T4930] usb 2-1: Product: syz [ 305.263078][ T4930] usb 2-1: Manufacturer: syz [ 305.267800][ T4930] usb 2-1: SerialNumber: syz [ 305.591601][ T4247] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.828007][ T4247] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 305.860878][ T4247] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 307.342359][ T4247] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 307.876185][ T4247] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.903667][ T4247] usb 1-1: config 0 descriptor?? [ 307.987908][ T4247] usb 1-1: can't set config #0, error -71 [ 308.515446][ T4247] usb 1-1: USB disconnect, device number 9 [ 309.124231][ T4254] usb 2-1: USB disconnect, device number 9 [ 309.242053][ T7182] overlayfs: invalid origin (0000006c6f776572) [ 310.719714][ T7202] ALSA: mixer_oss: invalid OSS volume '' [ 310.864585][ T7202] IPVS: sh: FWM 3 0x00000003 - no destination available [ 312.901353][ T13] Bluetooth: hci2: command 0x0406 tx timeout [ 313.128625][ T4930] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 313.571589][ T4930] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 313.589523][ T4930] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 313.601503][ T4930] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 313.621445][ T4930] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 313.792259][ T4930] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 314.133136][ T4930] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 314.234902][ T4930] usb 5-1: Product: syz [ 314.266834][ T4930] usb 5-1: Manufacturer: syz [ 314.454833][ T4930] cdc_wdm 5-1:1.0: skipping garbage [ 314.460441][ T4930] cdc_wdm: probe of 5-1:1.0 failed with error -22 [ 314.828179][ T7227] udc-core: couldn't find an available UDC or it's busy [ 314.840123][ T7227] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 314.875992][ T4930] usb 5-1: USB disconnect, device number 6 [ 315.967032][ T7269] tmpfs: Bad value for 'mpol' [ 316.182025][ T7273] netlink: 'syz.3.639': attribute type 10 has an invalid length. [ 316.852919][ T7273] team0: Device veth1_macvtap failed to register rx_handler [ 317.560296][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.566697][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.624798][ T7299] binder: 7292:7299 ioctl c0306201 0 returned -14 [ 318.633464][ T7299] virtio-fs: tag not found [ 318.642288][ T7299] afs: Unknown parameter 'au' [ 319.564184][ T7308] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.975332][ T7308] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.322280][ T7308] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.858085][ T7308] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.990190][ T7308] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.028666][ T7308] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.078679][ T7308] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.136471][ T7308] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.439235][ T4195] Bluetooth: hci1: Received unexpected HCI Event 00000000 [ 326.890949][ T7415] program syz.3.661 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 327.996789][ T7422] ALSA: mixer_oss: invalid OSS volume '' [ 332.602654][ T1108] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 333.116414][ T1108] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF6, skipping [ 333.156372][ T1108] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 333.179382][ T1108] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.200472][ T1108] usb 4-1: config 0 descriptor?? [ 333.241650][ T7465] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 333.266036][ T1108] gspca_main: spca561-2.14.0 probing abcd:cdee [ 333.377640][ T4254] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 333.761644][ T4254] usb 5-1: Using ep0 maxpacket: 32 [ 334.031531][ T1108] spca561: probe of 4-1:0.0 failed with error -22 [ 334.039386][ T4254] usb 5-1: no configurations [ 334.044969][ T1108] usb 4-1: MIDIStreaming interface descriptor not found [ 334.052870][ T4254] usb 5-1: can't read configurations, error -22 [ 334.251486][ T4254] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 334.369006][ T1108] usb 4-1: USB disconnect, device number 6 [ 335.321385][ T7] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 335.371598][ T4254] usb 5-1: Using ep0 maxpacket: 32 [ 335.532288][ T4254] usb 5-1: no configurations [ 335.537828][ T4254] usb 5-1: can't read configurations, error -22 [ 335.544603][ T4254] usb usb5-port1: attempt power cycle [ 335.661355][ T4185] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 336.471497][ T7] usb 1-1: config index 0 descriptor too short (expected 111, got 67) [ 336.513962][ T7] usb 1-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 336.573049][ T7518] netlink: 64 bytes leftover after parsing attributes in process `syz.4.691'. [ 336.593976][ T7] usb 1-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6 [ 336.794352][ T7521] loop7: detected capacity change from 0 to 16384 [ 336.851717][ T7] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 336.868089][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.939895][ T7] usb 1-1: Product: syz [ 336.953183][ T7] usb 1-1: Manufacturer: syz [ 336.978523][ T7] usb 1-1: SerialNumber: syz [ 337.052824][ T7] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 337.062573][ T7523] loop_set_status: loop7 () has still dirty pages (nrpages=2) [ 337.146931][ T6461] usb 1-1: USB disconnect, device number 10 [ 337.181626][ T7] usb 1-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed [ 337.233212][ T6461] usb 1-1: ath9k_htc: USB layer deinitialized [ 337.342564][ T4185] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.358621][ T4185] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 337.372366][ T4185] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 337.382225][ T4185] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 337.395151][ T4185] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00 [ 337.404302][ T4185] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.425595][ T4185] usb 7-1: config 0 descriptor?? [ 337.904414][ T4185] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor [ 338.584976][ T4185] input: HID 0926:3333 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0926:3333.0003/input/input8 [ 338.843187][ T4185] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.6-1/input0 [ 338.929289][ T4185] usb 7-1: USB disconnect, device number 8 [ 339.804820][ T7535] tipc: Enabling of bearer rejected, already enabled [ 339.822967][ T7542] fido_id[7542]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 340.156123][ T7] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 340.786126][ T7] usb 7-1: Using ep0 maxpacket: 32 [ 340.843797][ T7] usb 7-1: no configurations [ 341.041509][ T7] usb 7-1: can't read configurations, error -22 [ 341.232007][ T7] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 341.531258][ T7] usb 7-1: Using ep0 maxpacket: 32 [ 341.581494][ T7] usb 7-1: no configurations [ 341.850166][ T7] usb 7-1: can't read configurations, error -22 [ 341.867357][ T7] usb usb7-port1: attempt power cycle [ 342.123962][ T7580] ptrace attach of "./syz-executor exec"[4189] was attempted by "./syz-executor exec"[7580] [ 342.311444][ T7] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 342.512261][ T7] usb 7-1: Using ep0 maxpacket: 32 [ 343.181383][ T7] usb 7-1: device descriptor read/all, error -71 [ 344.160341][ T7593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 346.274298][ T4254] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 346.781287][ T4254] usb 4-1: Using ep0 maxpacket: 16 [ 346.911480][ T4254] usb 4-1: config 1 has an invalid interface number: 214 but max is 0 [ 346.940956][ T4254] usb 4-1: config 1 has no interface number 0 [ 346.960567][ T4254] usb 4-1: config 1 interface 214 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 346.978099][ T4254] usb 4-1: config 1 interface 214 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64 [ 346.988617][ T4254] usb 4-1: config 1 interface 214 has no altsetting 0 [ 347.074855][ T7618] netlink: 'syz.0.720': attribute type 4 has an invalid length. [ 347.093649][ T7618] netlink: 17 bytes leftover after parsing attributes in process `syz.0.720'. [ 347.166139][ T4254] usb 4-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02 [ 347.180561][ T4254] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.195197][ T4254] usb 4-1: Product: syz [ 347.199556][ T4254] usb 4-1: Manufacturer: syz [ 347.205733][ T4254] usb 4-1: SerialNumber: syz [ 347.241286][ T4185] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 347.261677][ T7602] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 347.276140][ T7602] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 347.283461][ T6461] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 347.325107][ T4254] ums-alauda 4-1:1.214: USB Mass Storage device detected [ 347.386740][ T4254] scsi host1: usb-storage 4-1:1.214 [ 347.530376][ T4930] usb 4-1: USB disconnect, device number 7 [ 347.536281][ T6461] usb 2-1: Using ep0 maxpacket: 32 [ 347.581481][ T6461] usb 2-1: no configurations [ 347.587071][ T6461] usb 2-1: can't read configurations, error -22 [ 347.761301][ T6461] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 347.777000][ T4185] usb 7-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 347.801514][ T4185] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.822817][ T4185] usb 7-1: config 0 descriptor?? [ 347.873192][ T4185] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 348.012651][ T6461] usb 2-1: Using ep0 maxpacket: 32 [ 348.052711][ T6461] usb 2-1: no configurations [ 348.057352][ T6461] usb 2-1: can't read configurations, error -22 [ 348.087116][ T6461] usb usb2-port1: attempt power cycle [ 348.257128][ T4185] gp8psk: usb in 128 operation failed. [ 348.301463][ T4185] gp8psk: usb in 137 operation failed. [ 348.306980][ T4185] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 348.370708][ T4185] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver) [ 348.391273][ T4185] usb 7-1: media controller created [ 348.420246][ T4185] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 348.467133][ T4185] gp8psk_fe: Frontend attached [ 348.473060][ T4185] usb 7-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 348.512905][ T4185] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 348.513561][ T6461] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 348.781341][ T6461] usb 2-1: Using ep0 maxpacket: 32 [ 348.821381][ T6461] usb 2-1: no configurations [ 348.826028][ T6461] usb 2-1: can't read configurations, error -22 [ 348.897398][ T4185] gp8psk: usb in 137 operation failed. [ 348.904886][ T4185] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected. [ 348.961385][ T4185] gp8psk: found Genpix USB device pID = 203 (hex) [ 348.991285][ T6461] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 349.002526][ T4185] usb 7-1: USB disconnect, device number 13 [ 349.081355][ T6461] usb 2-1: Using ep0 maxpacket: 32 [ 349.121436][ T6461] usb 2-1: no configurations [ 349.126218][ T6461] usb 2-1: can't read configurations, error -22 [ 349.135071][ T4185] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected. [ 349.149188][ T6461] usb usb2-port1: unable to enumerate USB device [ 349.358788][ T7637] 9pnet_virtio: no channels available for device syz [ 349.960289][ T7642] tipc: Enabling of bearer rejected, failed to enable media [ 352.111339][ T7663] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 352.658605][ T7672] overlayfs: overlapping lowerdir path [ 353.581330][ T3521] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 353.921575][ T3521] usb 5-1: Using ep0 maxpacket: 32 [ 354.052640][ T3521] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 354.392297][ T3521] usb 5-1: config 0 has no interfaces? [ 354.611531][ T3521] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 354.631250][ T3521] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.639828][ T3521] usb 5-1: Product: syz [ 354.834706][ T3521] usb 5-1: Manufacturer: syz [ 354.839586][ T3521] usb 5-1: SerialNumber: syz [ 354.850791][ T3521] usb 5-1: config 0 descriptor?? [ 357.135764][ T1108] usb 5-1: USB disconnect, device number 10 [ 357.598740][ T7741] netlink: 'syz.4.753': attribute type 4 has an invalid length. [ 357.632411][ T7741] netlink: 17 bytes leftover after parsing attributes in process `syz.4.753'. [ 357.863129][ T1108] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 359.251406][ T1108] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 359.271279][ T1108] usb 2-1: config 0 interface 0 has no altsetting 0 [ 359.511487][ T1108] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 359.841374][ T1108] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 359.861728][ T1108] usb 2-1: Product: syz [ 359.865936][ T1108] usb 2-1: Manufacturer: syz [ 359.870548][ T1108] usb 2-1: SerialNumber: syz [ 359.907504][ T1108] usb 2-1: config 0 descriptor?? [ 359.974742][ T1108] usb 2-1: selecting invalid altsetting 0 [ 360.661972][ T1108] usb 2-1: USB disconnect, device number 14 [ 360.715734][ T7766] team0: No ports can be present during mode change [ 360.807220][ T7760] netlink: 28 bytes leftover after parsing attributes in process `syz.0.760'. [ 361.891650][ T6461] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 362.231259][ T6461] usb 7-1: Using ep0 maxpacket: 32 [ 362.351481][ T6461] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 362.390612][ T6461] usb 7-1: config 0 has no interfaces? [ 362.400005][ T7788] netlink: 40 bytes leftover after parsing attributes in process `syz.3.769'. [ 362.430862][ T7788] netlink: 40 bytes leftover after parsing attributes in process `syz.3.769'. [ 362.458814][ T7788] netlink: 40 bytes leftover after parsing attributes in process `syz.3.769'. [ 362.571553][ T6461] usb 7-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 362.606994][ T6461] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.645398][ T6461] usb 7-1: Product: syz [ 362.674354][ T6461] usb 7-1: Manufacturer: syz [ 362.680000][ T6461] usb 7-1: SerialNumber: syz [ 362.709121][ T6461] usb 7-1: config 0 descriptor?? [ 364.133147][ T7811] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 364.374701][ T23] usb 7-1: USB disconnect, device number 14 [ 365.379106][ T7830] loop3: detected capacity change from 0 to 128 [ 365.495530][ T7830] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 365.594916][ T7830] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 365.751307][ T4270] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 365.843918][ T7841] loop6: detected capacity change from 0 to 2048 [ 365.952598][ T4549] loop6: p1 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 366.076521][ T7845] loop3: detected capacity change from 0 to 1024 [ 366.385534][ T7845] attempt to access beyond end of device [ 366.385534][ T7845] loop3: rw=2057, want=65536, limit=1024 [ 366.422926][ T7845] attempt to access beyond end of device [ 366.422926][ T7845] loop3: rw=1, want=2310, limit=1024 [ 366.444791][ T7845] attempt to access beyond end of device [ 366.444791][ T7845] loop3: rw=1, want=4358, limit=1024 [ 366.516081][ T7845] attempt to access beyond end of device [ 366.516081][ T7845] loop3: rw=1, want=6406, limit=1024 [ 366.554410][ T7845] attempt to access beyond end of device [ 366.554410][ T7845] loop3: rw=1, want=8454, limit=1024 [ 366.604902][ T7845] attempt to access beyond end of device [ 366.604902][ T7845] loop3: rw=1, want=10502, limit=1024 [ 366.631430][ T7845] attempt to access beyond end of device [ 366.631430][ T7845] loop3: rw=1, want=12550, limit=1024 [ 366.656154][ T7845] attempt to access beyond end of device [ 366.656154][ T7845] loop3: rw=1, want=14598, limit=1024 [ 366.679648][ T7845] attempt to access beyond end of device [ 366.679648][ T7845] loop3: rw=1, want=16646, limit=1024 [ 366.691753][ T23] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 366.701881][ T7845] attempt to access beyond end of device [ 366.701881][ T7845] loop3: rw=1, want=18694, limit=1024 [ 366.954073][ T23] usb 5-1: Using ep0 maxpacket: 32 [ 367.091505][ T23] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 367.113616][ T23] usb 5-1: config 0 has no interfaces? [ 367.275960][ T6461] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 367.312237][ T23] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 367.325050][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.343638][ T23] usb 5-1: Product: syz [ 367.347833][ T23] usb 5-1: Manufacturer: syz [ 367.379256][ T23] usb 5-1: SerialNumber: syz [ 367.432628][ T23] usb 5-1: config 0 descriptor?? [ 367.531316][ T6461] usb 4-1: Using ep0 maxpacket: 32 [ 367.540352][ T7861] raw_sendmsg: syz.0.791 forgot to set AF_INET. Fix it! [ 367.811539][ T6461] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 367.830912][ T6461] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.839327][ T6461] usb 4-1: Product: syz [ 367.850643][ T6461] usb 4-1: Manufacturer: syz [ 367.855581][ T6461] usb 4-1: SerialNumber: syz [ 367.903413][ T6461] usb 4-1: config 0 descriptor?? [ 367.962595][ T7841] loop6: p1 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 368.193387][ T6461] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 008 [ 368.464605][ T7859] i2c i2c-1: adapter quirk: no zero length (addr 0x0001, size 0, read) [ 368.546109][ T7881] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 368.552639][ T7881] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 368.571560][ T7881] vhci_hcd vhci_hcd.0: Device attached [ 368.579554][ T7881] udc-core: couldn't find an available UDC or it's busy [ 368.587106][ T7881] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 368.597086][ T7882] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 0 [ 368.695482][ T5375] vhci_hcd: stop threads [ 368.706077][ T5375] vhci_hcd: release socket [ 368.726466][ T5375] vhci_hcd: disconnect device [ 368.814545][ T7889] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 369.957135][ T4254] usb 5-1: USB disconnect, device number 11 [ 370.361518][ T4254] usb 4-1: USB disconnect, device number 8 [ 372.635465][ T4549] udevd[4549]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 372.662782][ T4719] udevd[4719]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory [ 372.685243][ T4547] udevd[4547]: inotify_add_watch(7, /dev/loop6p5, 10) failed: No such file or directory [ 372.722009][ T4460] udevd[4460]: inotify_add_watch(7, /dev/loop6p6, 10) failed: No such file or directory [ 372.736920][ T4456] udevd[4456]: inotify_add_watch(7, /dev/loop6p7, 10) failed: No such file or directory [ 372.750662][ T4720] udevd[4720]: inotify_add_watch(7, /dev/loop6p8, 10) failed: No such file or directory [ 372.951208][ T4549] udevd[4549]: inotify_add_watch(7, /dev/loop6p15, 10) failed: No such file or directory [ 372.968707][ T4719] udevd[4719]: inotify_add_watch(7, /dev/loop6p16, 10) failed: No such file or directory [ 372.972403][ T4460] udevd[4460]: inotify_add_watch(7, /dev/loop6p18, 10) failed: No such file or directory [ 372.995110][ T4547] udevd[4547]: inotify_add_watch(7, /dev/loop6p17, 10) failed: No such file or directory [ 373.186250][ T7952] loop4: detected capacity change from 0 to 1024 [ 373.286892][ T7952] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 373.490621][ T7952] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,nolazytime,nomblk_io_submit,,errors=continue. Quota mode: none. [ 374.221535][ T6461] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 374.636661][ T6461] usb 7-1: Using ep0 maxpacket: 32 [ 374.761444][ T6461] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 374.772924][ T6461] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 374.795638][ T6461] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 374.922155][ T6461] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 375.039649][ T6461] usb 7-1: config 0 interface 0 has no altsetting 0 [ 375.271506][ T6461] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 375.300063][ T6461] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 375.328824][ T6461] usb 7-1: Product: syz [ 375.333504][ T6461] usb 7-1: Manufacturer: syz [ 375.338216][ T6461] usb 7-1: SerialNumber: syz [ 375.345449][ T6461] usb 7-1: config 0 descriptor?? [ 375.405606][ T6461] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 375.429759][ T6461] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 375.644219][ T3521] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 375.829147][ T7988] kvm: pic: non byte read [ 375.850681][ T7988] kvm: pic: single mode not supported [ 375.850817][ T7988] kvm: pic: non byte read [ 375.884451][ T7988] kvm: pic: non byte read [ 375.893920][ T7988] kvm: pic: non byte read [ 375.898680][ T7988] kvm: pic: non byte read [ 375.907772][ T7988] kvm: pic: single mode not supported [ 375.907843][ T7988] kvm: pic: non byte read [ 375.921624][ T7988] kvm: pic: level sensitive irq not supported [ 375.921711][ T7988] kvm: pic: non byte read [ 376.223228][ T7988] kvm: pic: non byte read [ 376.281500][ T3521] usb 4-1: New USB device found, idVendor=0a5c, idProduct=bd1f, bcdDevice=53.1a [ 376.296862][ T7988] kvm: pic: non byte read [ 376.420100][ T3521] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.572882][ T3521] usb 4-1: Product: syz [ 376.593896][ T3521] usb 4-1: Manufacturer: syz [ 376.842099][ T3521] usb 4-1: SerialNumber: syz [ 376.872522][ T3521] usb 4-1: config 0 descriptor?? [ 376.969874][ T5324] usb 7-1: USB disconnect, device number 15 [ 377.046014][ T5324] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 377.117637][ T3521] usb 4-1: USB disconnect, device number 9 [ 377.711769][ T7934] udevd[7934]: inotify_add_watch(7, /dev/loop6p30, 10) failed: No such file or directory [ 377.733630][ T4547] udevd[4547]: inotify_add_watch(7, /dev/loop6p29, 10) failed: No such file or directory [ 377.748678][ T4460] udevd[4460]: inotify_add_watch(7, /dev/loop6p31, 10) failed: No such file or directory [ 377.805825][ T4549] udevd[4549]: inotify_add_watch(7, /dev/loop6p37, 10) failed: No such file or directory [ 377.919676][ T4456] udevd[4456]: inotify_add_watch(7, /dev/loop6p42, 10) failed: No such file or directory [ 378.095558][ T7941] udevd[7941]: inotify_add_watch(7, /dev/loop6p38, 10) failed: No such file or directory [ 378.113969][ T7944] udevd[7944]: inotify_add_watch(7, /dev/loop6p43, 10) failed: No such file or directory [ 378.123287][ T4549] udevd[4549]: inotify_add_watch(7, /dev/loop6p44, 10) failed: No such file or directory [ 378.125612][ T7942] udevd[7942]: inotify_add_watch(7, /dev/loop6p40, 10) failed: No such file or directory [ 378.136501][ T4547] udevd[4547]: inotify_add_watch(7, /dev/loop6p45, 10) failed: No such file or directory [ 378.461726][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.468079][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.003624][ T8027] netlink: 24 bytes leftover after parsing attributes in process `syz.0.841'. [ 384.746631][ T8103] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 386.862970][ T8122] loop3: detected capacity change from 0 to 2048 [ 387.214868][ T8122] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 387.413770][ T8122] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.871: bg 0: block 234: padding at end of block bitmap is not set [ 387.436762][ T8122] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 117 [ 387.449499][ T8122] EXT4-fs (loop3): This should not happen!! Data will be lost [ 387.449499][ T8122] [ 387.580160][ T8122] syz.3.871 (8122) used greatest stack depth: 20552 bytes left [ 387.616519][ T8126] loop0: detected capacity change from 0 to 512 [ 388.007230][ T8137] ptrace attach of "./syz-executor exec"[4184] was attempted by "./syz-executor exec"[8137] [ 388.418178][ T8126] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 388.863594][ T8126] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 388.942075][ T8126] EXT4-fs (loop0): 1 truncate cleaned up [ 388.961401][ T8126] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable,max_dir_size_kb=0x00000000000001ff,bsddf,noblock_validity,,errors=continue. Quota mode: none. [ 389.023880][ T8126] syz.0.873 (pid 8126) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 389.106041][ T8144] loop6: detected capacity change from 0 to 1024 [ 389.195944][ T8144] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option [ 389.226307][ T8144] EXT4-fs (loop6): #clusters per group too big: 4278198272 [ 389.406654][ T8152] loop4: detected capacity change from 0 to 512 [ 389.533340][ T8152] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 389.904532][ T8162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 391.227656][ T8152] EXT4-fs error (device loop4): ext4_lookup:1858: inode #15: comm syz.4.882: iget: bad i_size value: 15393162788874 [ 391.264720][ T8159] netlink: 64 bytes leftover after parsing attributes in process `syz.6.883'. [ 391.469238][ T26] audit: type=1326 audit(1763794430.012:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8169 comm="syz.1.884" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d0b214749 code=0x0 [ 391.711310][ T23] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 391.727748][ T8175] loop1: detected capacity change from 0 to 2048 [ 391.904771][ T8175] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,minixdf,nolazytime,bsddf,,errors=continue. Quota mode: none. [ 391.928518][ T8179] ptrace attach of "./syz-executor exec"[5864] was attempted by "./syz-executor exec"[8179] [ 392.034860][ T8175] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 392.139490][ T8175] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.888: bg 0: block 345: padding at end of block bitmap is not set [ 392.265031][ T8175] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 1 with error 117 [ 392.468235][ T23] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 393.170042][ T23] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 393.264572][ T8175] EXT4-fs (loop1): This should not happen!! Data will be lost [ 393.264572][ T8175] [ 393.296762][ T23] usb 4-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 393.475684][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.688771][ T23] usb 4-1: config 0 descriptor?? [ 393.737488][ T8175] syz.1.888 (8175) used greatest stack depth: 19552 bytes left [ 393.804221][ T8209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 394.001913][ T23] usb 4-1: string descriptor 0 read error: -71 [ 394.428311][ T23] usb 4-1: USB disconnect, device number 10 [ 394.674467][ T7934] udevd[7934]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 395.624871][ T8227] loop4: detected capacity change from 0 to 256 [ 395.680140][ T8224] ptrace attach of "./syz-executor exec"[5864] was attempted by "./syz-executor exec"[8224] [ 395.784231][ T8226] IPv6: NLM_F_CREATE should be specified when creating new route [ 395.792166][ T8226] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 395.799851][ T8226] IPv6: NLM_F_CREATE should be set when creating new route [ 396.339160][ T8247] loop1: detected capacity change from 0 to 512 [ 396.837774][ T8250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 396.862099][ T8247] EXT4-fs (loop1): mounted filesystem without journal. Opts: lazytime,errors=remount-ro,. Quota mode: writeback. [ 397.096005][ T8247] ext4 filesystem being mounted at /189/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 397.968312][ T8247] EXT4-fs error (device loop1): ext4_get_first_dir_block:3597: inode #12: comm syz.1.911: Attempting to read directory block (0) that is past i_size (3) [ 398.131457][ T8247] EXT4-fs (loop1): Remounting filesystem read-only [ 398.254251][ T8269] ptrace attach of "./syz-executor exec"[4182] was attempted by "./syz-executor exec"[8269] [ 398.457806][ T8277] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 398.542470][ T8283] loop3: detected capacity change from 0 to 164 [ 400.565553][ T8306] No such timeout policy "syz1" [ 400.581455][ T7] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 400.600967][ T8293] loop1: detected capacity change from 0 to 4096 [ 400.690925][ T8312] netlink: 136 bytes leftover after parsing attributes in process `syz.0.934'. [ 400.701285][ T8313] ptrace attach of "./syz-executor exec"[4194] was attempted by "./syz-executor exec"[8313] [ 400.729902][ T8312] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 400.951597][ T7] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 400.981091][ T7] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 401.168647][ T8293] EXT4-fs (loop1): Test dummy encryption mode enabled [ 401.177017][ T7] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 401.193155][ T7] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 401.197151][ T8293] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 401.205676][ T7] usb 7-1: SerialNumber: syz [ 401.209481][ T8293] System zones: 0-5 [ 401.232110][ T4240] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 401.328010][ T8293] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 401.832082][ T4240] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x82 has invalid wMaxPacketSize 0 [ 401.893870][ T4240] usb 4-1: config 1 interface 0 altsetting 8 bulk endpoint 0x82 has invalid maxpacket 0 [ 402.069729][ T7] usb 7-1: bad CDC descriptors [ 402.079133][ T7] usb 7-1: USB disconnect, device number 16 [ 402.127673][ T8328] syz.4.937 (8328) used greatest stack depth: 18144 bytes left [ 402.135994][ T4240] usb 4-1: config 1 interface 0 has no altsetting 0 [ 402.341924][ T4240] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 402.370891][ T4240] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.411797][ T4240] usb 4-1: Product: syz [ 402.417302][ T4240] usb 4-1: Manufacturer: syz [ 402.431203][ T4240] usb 4-1: SerialNumber: syz [ 403.168361][ T4240] usb 4-1: bad CDC descriptors [ 403.304828][ T4240] usb 4-1: USB disconnect, device number 11 [ 404.442495][ T8353] ptrace attach of "./syz-executor exec"[4184] was attempted by "./syz-executor exec"[8353] [ 406.151857][ T4185] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 406.573090][ T4185] usb 1-1: unable to get BOS descriptor or descriptor too short [ 406.723126][ T4185] usb 1-1: config 127 has an invalid interface number: 31 but max is 0 [ 406.852587][ T4185] usb 1-1: config 127 has no interface number 0 [ 406.859015][ T4185] usb 1-1: config 127 interface 31 altsetting 5 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 406.872038][ T4185] usb 1-1: config 127 interface 31 has no altsetting 0 [ 406.911524][ T4185] usb 1-1: language id specifier not provided by device, defaulting to English [ 407.071608][ T4185] usb 1-1: New USB device found, idVendor=07cf, idProduct=2003, bcdDevice=26.af [ 407.123109][ T4185] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.132444][ T4185] usb 1-1: Product: syz [ 407.140651][ T4185] usb 1-1: Manufacturer: ꒰♁Ꚉ褌ꭎ揓侒졑⬽䩄⣇ [ 407.989933][ T4185] usb 1-1: SerialNumber: syz [ 408.052421][ T8400] loop6: detected capacity change from 0 to 8 [ 408.170860][ T8400] SQUASHFS error: zlib decompression failed, data probably corrupt [ 408.210585][ T8400] SQUASHFS error: Failed to read block 0x9b: -5 [ 408.230859][ T8400] SQUASHFS error: Unable to read metadata cache entry [99] [ 408.311298][ T8400] SQUASHFS error: Unable to read inode 0x127 [ 408.371895][ T4185] usb 1-1: bad CDC descriptors [ 408.392128][ T4185] usb 1-1: USB disconnect, device number 11 [ 408.622583][ T8410] ptrace attach of "./syz-executor exec"[5864] was attempted by "./syz-executor exec"[8410] [ 409.432755][ T8416] netlink: 24 bytes leftover after parsing attributes in process `syz.6.968'. [ 411.134912][ T4185] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 411.205551][ T4185] Bluetooth: hci2: Injecting HCI hardware error event [ 411.315027][ T4195] Bluetooth: hci2: hardware error 0x00 [ 411.426645][ T8431] loop3: detected capacity change from 0 to 1024 [ 413.223352][ T5360] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 413.271207][ T5360] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 413.579309][ T8448] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 413.658804][ T8451] ptrace attach of "./syz-executor exec"[5864] was attempted by "./syz-executor exec"[8451] [ 418.801368][ T4254] usb 2-1: new low-speed USB device number 15 using dummy_hcd [ 419.211581][ T4254] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 419.230173][ T4254] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.269954][ T4254] usb 2-1: config 0 descriptor?? [ 419.303095][ T8493] loop0: detected capacity change from 0 to 8 [ 419.858740][ T4254] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 419.911314][ T4254] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 419.925592][ T4254] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0 [ 419.938658][ T4254] asix: probe of 2-1:0.0 failed with error -32 [ 420.744176][ T8521] ptrace attach of "./syz-executor exec"[4182] was attempted by "./syz-executor exec"[8521] [ 421.265345][ T8525] loop4: detected capacity change from 0 to 512 [ 421.347580][ T8525] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 421.545507][ T4240] usb 2-1: USB disconnect, device number 15 [ 421.602544][ T8525] EXT4-fs (loop4): 1 truncate cleaned up [ 421.620369][ T8525] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable,max_dir_size_kb=0x00000000000001ff,bsddf,noblock_validity,,errors=continue. Quota mode: none. [ 421.697179][ T8533] loop6: detected capacity change from 0 to 8 [ 422.345578][ T8536] 9pnet: Insufficient options for proto=fd [ 423.761783][ T8561] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1009'. [ 425.165979][ T8578] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 425.926564][ T8582] loop3: detected capacity change from 0 to 512 [ 425.989839][ T8584] loop0: detected capacity change from 0 to 512 [ 426.031343][ T8582] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 426.063934][ T8584] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 426.088546][ T8584] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled [ 426.091460][ T8582] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 426.180238][ T8582] EXT4-fs (loop3): orphan cleanup on readonly fs [ 426.188331][ T8582] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 426.197531][ T8582] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 426.239464][ T4254] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 426.278413][ T8584] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #16: comm syz.0.1022: corrupted inode contents [ 426.280153][ T8582] EXT4-fs (loop3): 1 truncate cleaned up [ 426.390182][ T8582] EXT4-fs (loop3): mounted filesystem without journal. Opts: nomblk_io_submit,usrjquota="errors=continue,noload,data_err=ignore,grpjquota="errors=continue,errors=remount-ro,jqfmt=vfsv1,. Quota mode: writeback. [ 426.452356][ T8584] EXT4-fs error (device loop0): ext4_dirty_inode:6054: inode #16: comm syz.0.1022: mark_inode_dirty error [ 426.501354][ T8584] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #16: comm syz.0.1022: corrupted inode contents [ 426.520621][ T8584] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #16: comm syz.0.1022: mark_inode_dirty error [ 426.533833][ T8584] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #16: comm syz.0.1022: corrupted inode contents [ 426.556429][ T8584] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem [ 426.571326][ T8584] EXT4-fs error (device loop0): ext4_do_update_inode:5218: inode #16: comm syz.0.1022: corrupted inode contents [ 426.600846][ T8584] EXT4-fs error (device loop0): ext4_truncate:4279: inode #16: comm syz.0.1022: mark_inode_dirty error [ 426.630173][ T8584] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem [ 426.662468][ T8584] EXT4-fs (loop0): 1 truncate cleaned up [ 426.671280][ T8584] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x0000000000000000,nomblk_io_submit,jqfmt=vfsold,noblock_validity,bsddf,,errors=continue. Quota mode: writeback. [ 426.708206][ T8584] ext4 filesystem being mounted at /219/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 426.841506][ T4254] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 427.061631][ T4254] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 427.075844][ T4254] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.207413][ T4254] usb 5-1: Product: syz [ 427.228978][ T4254] usb 5-1: Manufacturer: syz [ 427.240158][ T4254] usb 5-1: SerialNumber: syz [ 427.253647][ T4254] usb 5-1: config 0 descriptor?? [ 427.543234][ T4254] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 427.560343][ T4254] usb 5-1: USB disconnect, device number 12 [ 428.823504][ T8620] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1035'. [ 428.839557][ T4549] udevd[4549]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 428.887005][ T8620] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1035'. [ 429.089534][ T5324] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 429.118116][ T8627] loop0: detected capacity change from 0 to 256 [ 429.224581][ T8627] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 429.329845][ T8627] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 429.562000][ T8627] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62d793a, utbl_chksum : 0xe619d30d) [ 429.888152][ T5324] usb 7-1: Using ep0 maxpacket: 8 [ 430.721537][ T5324] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 430.809094][ T5324] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 430.900513][ T5324] usb 7-1: config 0 has no interface number 0 [ 430.961529][ T5324] usb 7-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 430.970679][ T5324] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.030012][ T5324] usb 7-1: config 0 descriptor?? [ 431.325553][ T5324] usb 7-1: USB disconnect, device number 17 [ 434.491287][ T6461] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 434.521481][ T7] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 435.391038][ T8752] binder: 8748:8752 ioctl c0306201 0 returned -14 [ 435.398039][ T8752] binder: 8748:8752 ioctl c0306201 200000000780 returned -11 [ 435.406130][ T8752] virtio-fs: tag not found [ 435.412914][ T8752] afs: Unknown parameter 'au' [ 435.431260][ T6461] usb 7-1: Using ep0 maxpacket: 32 [ 435.563270][ T6461] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 435.609420][ T6461] usb 7-1: New USB device found, idVendor=056a, idProduct=00cc, bcdDevice= 0.00 [ 435.626771][ T8756] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1078'. [ 435.644952][ T6461] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.753309][ T7] usb 1-1: unable to get BOS descriptor or descriptor too short [ 435.970450][ T6461] usb 7-1: config 0 descriptor?? [ 436.081992][ T7] usb 1-1: config 247 interface 0 has no altsetting 0 [ 436.362650][ T7] usb 1-1: string descriptor 0 read error: -22 [ 436.371360][ T7] usb 1-1: New USB device found, idVendor=0411, idProduct=006e, bcdDevice=d2.4d [ 436.426633][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.561191][ T6461] wacom 0003:056A:00CC.0004: unknown main item tag 0x0 [ 436.568146][ T6461] wacom 0003:056A:00CC.0004: unknown main item tag 0x0 [ 436.575792][ T6461] wacom 0003:056A:00CC.0004: unknown main item tag 0x0 [ 436.582706][ T6461] wacom 0003:056A:00CC.0004: unknown main item tag 0x0 [ 436.589627][ T6461] wacom 0003:056A:00CC.0004: unknown main item tag 0x0 [ 436.602004][ T6461] wacom 0003:056A:00CC.0004: hidraw0: USB HID v0.07 Device [HID 056a:00cc] on usb-dummy_hcd.6-1/input0 [ 437.061929][ T7] asix 1-1:247.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 437.224589][ T7] asix: probe of 1-1:247.0 failed with error -71 [ 437.456351][ T4185] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 437.530089][ T23] usb 7-1: USB disconnect, device number 18 [ 437.544817][ T4930] Bluetooth: hci4: command 0x0405 tx timeout [ 437.583041][ T7] usb 1-1: USB disconnect, device number 12 [ 437.701476][ T4185] usb 4-1: Using ep0 maxpacket: 32 [ 437.946399][ T8787] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1089'. [ 439.251481][ T4185] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 439.274421][ T4185] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.375009][ T4185] usb 4-1: Product: syz [ 439.404959][ T4185] usb 4-1: Manufacturer: syz [ 439.446855][ T8795] loop2: detected capacity change from 0 to 7 [ 439.455539][ T4185] usb 4-1: SerialNumber: syz [ 439.548050][ T8795] loop2: [ 439.552387][ T8795] loop2: partition table partially beyond EOD, truncated [ 439.612246][ T8798] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1092'. [ 439.646117][ T4185] usb 4-1: config 0 descriptor?? [ 440.000530][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.007043][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.015623][ T4185] usb 4-1: can't set config #0, error -71 [ 440.022555][ T4185] usb 4-1: USB disconnect, device number 12 [ 440.750736][ T8819] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1104'. [ 440.764112][ T8819] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1104'. [ 440.966783][ T8826] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1102'. [ 442.171837][ T8834] Illegal XDP return value 256, expect packet loss! [ 442.464706][ T8848] loop3: detected capacity change from 0 to 1024 [ 442.588814][ T8854] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1116'. [ 442.632096][ T7] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 443.032062][ T7] usb 5-1: config 0 has an invalid interface number: 64 but max is 0 [ 443.067665][ T7] usb 5-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 443.137033][ T7] usb 5-1: config 0 has no interface number 0 [ 443.240152][ T4185] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 443.268760][ T8877] loop3: detected capacity change from 0 to 1024 [ 443.276361][ T4185] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 443.374797][ T7] usb 5-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 443.393884][ T4389] hfsplus: b-tree write err: -5, ino 4 [ 443.636985][ T8887] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1129'. [ 443.906590][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.118323][ T7] usb 5-1: Product: syz [ 444.207206][ T7] usb 5-1: Manufacturer: syz [ 444.296423][ T7] usb 5-1: SerialNumber: syz [ 444.496208][ T7] usb 5-1: config 0 descriptor?? [ 445.228130][ T5324] usb 5-1: USB disconnect, device number 13 [ 445.891884][ T8889] fido_id[8889]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 446.485831][ T8906] loop0: detected capacity change from 0 to 256 [ 448.141903][ T8935] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1144'. [ 449.969030][ T8932] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1143'. [ 450.534692][ T8957] loop0: detected capacity change from 0 to 256 [ 450.757774][ T8957] FAT-fs (loop0): Directory bread(block 64) failed [ 450.764691][ T8957] FAT-fs (loop0): Directory bread(block 65) failed [ 450.771687][ T8957] FAT-fs (loop0): Directory bread(block 66) failed [ 450.778327][ T8957] FAT-fs (loop0): Directory bread(block 67) failed [ 450.785129][ T8957] FAT-fs (loop0): Directory bread(block 68) failed [ 450.792100][ T8957] FAT-fs (loop0): Directory bread(block 69) failed [ 450.799022][ T8957] FAT-fs (loop0): Directory bread(block 70) failed [ 450.805713][ T8957] FAT-fs (loop0): Directory bread(block 71) failed [ 450.812608][ T8957] FAT-fs (loop0): Directory bread(block 72) failed [ 450.819280][ T8957] FAT-fs (loop0): Directory bread(block 73) failed [ 452.102454][ T8963] binder: 8959:8963 ioctl c0306201 0 returned -14 [ 452.109341][ T8963] binder: 8959:8963 ioctl c0306201 200000000780 returned -11 [ 452.117462][ T8963] virtio-fs: tag not found [ 452.123791][ T8963] afs: Unknown parameter 'au' [ 454.090691][ T8977] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1162'. [ 456.248081][ T9012] binder: 8996:9012 ioctl c0306201 0 returned -14 [ 456.255321][ T9012] binder: 8996:9012 ioctl c0306201 200000000780 returned -11 [ 456.263495][ T9012] virtio-fs: tag not found [ 456.269685][ T9012] afs: Unknown parameter 'au' [ 457.486531][ T9029] loop6: detected capacity change from 0 to 128 [ 457.518685][ T9027] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1178'. [ 457.642034][ T9029] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 457.701640][ T9029] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 459.259618][ T9055] binder: 9053:9055 ioctl c0306201 0 returned -14 [ 459.266449][ T9055] binder: 9053:9055 ioctl c0306201 200000000780 returned -11 [ 459.274662][ T9055] virtio-fs: tag not found [ 459.280771][ T9055] afs: Unknown parameter 'au' [ 459.903049][ T9073] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1191'. [ 461.390572][ T9084] loop0: detected capacity change from 0 to 512 [ 461.490078][ T9084] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 461.531459][ T9084] EXT4-fs (loop0): Ignoring removed orlov option [ 461.537904][ T9084] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 461.551896][ T9089] fuse: Bad value for 'fd' [ 461.609471][ T9084] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e12c, mo2=0002] [ 461.626166][ T9084] System zones: 1-12 [ 461.638320][ T9084] EXT4-fs (loop0): orphan cleanup on readonly fs [ 461.658748][ T9084] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1195: invalid indirect mapped block 12 (level 1) [ 461.680644][ T9084] EXT4-fs (loop0): Remounting filesystem read-only [ 461.693580][ T9084] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1195: invalid indirect mapped block 2 (level 2) [ 461.721205][ T9084] EXT4-fs (loop0): Remounting filesystem read-only [ 461.727986][ T9084] EXT4-fs (loop0): 1 truncate cleaned up [ 461.740413][ T9084] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,mblk_io_submit,noload,errors=remount-ro,orlov. Quota mode: none. [ 461.999561][ T9097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 463.000107][ T9114] loop0: detected capacity change from 0 to 1024 [ 463.334460][ T4389] hfsplus: b-tree write err: -5, ino 4 [ 474.061749][ T9169] netlink: 'syz.6.1222': attribute type 3 has an invalid length. [ 474.069804][ T9169] netlink: 666 bytes leftover after parsing attributes in process `syz.6.1222'. [ 476.729844][ T9198] loop0: detected capacity change from 0 to 1024 [ 476.885540][ T9198] hfsplus: uid requires an argument [ 476.973579][ T9198] hfsplus: unable to parse mount options [ 477.327412][ T9222] loop0: detected capacity change from 0 to 512 [ 477.421281][ T9222] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 478.807761][ T9222] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 478.951182][ T9222] EXT4-fs (loop0): 1 truncate cleaned up [ 478.969048][ T9222] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,auto_da_alloc,debug_want_extra_isize=0x0000000000000068,errors=continue,lazytime,quota,,errors=continue. Quota mode: writeback. [ 479.098107][ T9235] 9pnet: Insufficient options for proto=fd [ 480.444525][ T9258] loop3: detected capacity change from 0 to 1024 [ 480.750251][ T9258] hfsplus: failed to load catalog file [ 481.393743][ T13] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 482.392587][ T9280] loop3: detected capacity change from 0 to 16 [ 483.355425][ T9280] erofs: (device loop3): mounted with root inode @ nid 36. [ 486.481217][ T9318] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 487.632169][ T13] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 487.951575][ T13] usb 7-1: Using ep0 maxpacket: 32 [ 488.321401][ T13] usb 7-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 488.330507][ T13] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.391284][ T13] usb 7-1: Product: syz [ 488.395526][ T13] usb 7-1: Manufacturer: syz [ 488.456369][ T13] usb 7-1: SerialNumber: syz [ 488.470658][ T9359] fuse: Bad value for 'fd' [ 488.475067][ T13] usb 7-1: config 0 descriptor?? [ 488.610387][ T9368] loop0: detected capacity change from 0 to 256 [ 488.765419][ T13] RobotFuzz Open Source InterFace, OSIF 7-1:0.0: version d4.15 found at bus 007 address 020 [ 488.819319][ T9365] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 488.839325][ T9368] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 488.974311][ T9315] i2c i2c-1: adapter quirk: no zero length (addr 0x0001, size 0, read) [ 489.003005][ T13] usb 7-1: USB disconnect, device number 20 [ 489.495818][ T9385] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1290'. [ 490.379508][ T9397] loop0: detected capacity change from 0 to 1024 [ 490.486915][ T5389] hfsplus: b-tree write err: -5, ino 4 [ 490.512913][ T9401] loop6: detected capacity change from 0 to 16 [ 490.547774][ T9401] erofs: (device loop6): mounted with root inode @ nid 36. [ 490.652795][ T9401] erofs: (device loop6): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 490.699570][ T4195] erofs: (device loop6): z_erofs_lz4_decompress: failed to decompress -11 in[4096, 0] out[8192] [ 490.786740][ T9401] erofs: (device loop6): z_erofs_lz4_decompress: failed to decompress -11 in[4096, 0] out[4096] [ 490.890045][ T26] audit: type=1800 audit(1763794529.432:3): pid=9401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1300" name="file2" dev="loop6" ino=89 res=0 errno=0 [ 492.294287][ T9450] netlink: 5 bytes leftover after parsing attributes in process `syz.6.1319'. [ 492.309255][ T9450] device gretap0 entered promiscuous mode [ 492.366936][ T9450] netlink: 'syz.6.1319': attribute type 1 has an invalid length. [ 492.416425][ T9450] netlink: 3 bytes leftover after parsing attributes in process `syz.6.1319'. [ 492.466248][ T9459] xt_hashlimit: max too large, truncated to 1048576 [ 494.801467][ T9338] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 494.938400][ T9494] capability: warning: `syz.3.1335' uses 32-bit capabilities (legacy support in use) [ 495.161428][ T9338] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 495.162133][ T9504] loop0: detected capacity change from 0 to 256 [ 495.185724][ T9338] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 495.238755][ T9338] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 495.449478][ T9509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 495.460235][ T9338] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 495.472073][ T9338] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 495.510696][ T9504] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 495.541689][ T9504] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 495.578971][ T9504] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x44ede5da, utbl_chksum : 0xe619d30d) [ 495.611392][ T9338] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 495.650588][ T9338] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 495.672810][ T9338] usb 5-1: Product: syz [ 495.677178][ T9338] usb 5-1: Manufacturer: syz [ 495.742750][ T9338] cdc_wdm 5-1:1.0: skipping garbage [ 495.760567][ T9338] cdc_wdm 5-1:1.0: skipping garbage [ 495.805297][ T9338] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 495.834426][ T9338] cdc_wdm 5-1:1.0: Unknown control protocol [ 496.216963][ T4930] usb 5-1: USB disconnect, device number 14 [ 498.196229][ T9572] loop4: detected capacity change from 0 to 1024 [ 499.507212][ T9616] ptrace attach of "./syz-executor exec"[4194] was attempted by "./syz-executor exec"[9616] [ 501.383661][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.392813][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.641264][ T13] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 502.901345][ T13] usb 1-1: Using ep0 maxpacket: 16 [ 503.701553][ T13] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 504.011640][ T13] usb 1-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=9c.25 [ 504.072579][ T13] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.348448][ T13] usb 1-1: Product: syz [ 505.036912][ T13] usb 1-1: Manufacturer: syz [ 505.041712][ T13] usb 1-1: SerialNumber: syz [ 505.097662][ T13] usb 1-1: config 0 descriptor?? [ 505.142655][ T13] usb 1-1: can't set config #0, error -71 [ 505.412428][ T9713] loop6: detected capacity change from 0 to 1024 [ 505.929932][ T9713] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 505.941050][ T9713] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 505.974731][ T9713] JBD2: no valid journal superblock found [ 505.980654][ T9713] EXT4-fs (loop6): error loading journal [ 506.292951][ T13] usb 1-1: USB disconnect, device number 13 [ 508.543191][ T9745] ptrace attach of "./syz-executor exec"[4189] was attempted by "./syz-executor exec"[9745] [ 511.743105][ T9797] virtio-fs: tag not found [ 511.749676][ T9797] afs: Unknown parameter 'au' [ 511.961245][ T4543] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 512.421263][ T4543] usb 1-1: unable to get BOS descriptor or descriptor too short [ 512.471710][ T4543] usb 1-1: not running at top speed; connect to a high speed hub [ 512.561401][ T4543] usb 1-1: config 4 has an invalid interface number: 147 but max is 0 [ 512.569919][ T4543] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 512.600904][ T4543] usb 1-1: config 4 has no interface number 0 [ 512.847195][ T4543] usb 1-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 512.876919][ T4543] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.916001][ T4543] usb 1-1: Product: syz [ 512.920222][ T4543] usb 1-1: Manufacturer: syz [ 512.957682][ T4543] usb 1-1: SerialNumber: syz [ 513.711398][ T4543] usb 1-1: Found UVC 0.00 device syz (04f2:b746) [ 513.717970][ T4543] usb 1-1: No streaming interface found for terminal 6. [ 513.751557][ T4543] usb 1-1: USB disconnect, device number 14 [ 514.441734][ T9832] ptrace attach of "./syz-executor exec"[5864] was attempted by "./syz-executor exec"[9832] [ 522.103328][ T9907] loop0: detected capacity change from 0 to 1024 [ 522.197035][ T9907] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 522.880254][ T26] audit: type=1326 audit(1763794561.422:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9929 comm="syz.1.1485" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d0b214749 code=0x0 [ 523.746382][ T9937] loop4: detected capacity change from 0 to 512 [ 523.860136][ T9937] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 527.104176][ T9979] netlink: 'syz.3.1500': attribute type 9 has an invalid length. [ 529.222702][T10012] virtio-fs: tag not found [ 529.229322][T10012] afs: Unknown parameter 'au' [ 529.815886][T10026] loop6: detected capacity change from 0 to 1024 [ 531.359367][T10054] loop6: detected capacity change from 0 to 128 [ 531.429640][T10054] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256 [ 531.507417][T10054] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 535.066885][T10092] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1536'. [ 537.282927][T10116] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1545'. [ 537.313407][T10116] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1545'. [ 537.494079][T10123] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1547'. [ 537.985879][T10132] binder: 10101:10132 ioctl c0306201 0 returned -14 [ 537.993038][T10132] binder: 10101:10132 ioctl c0306201 200000000780 returned -11 [ 538.001426][T10132] virtio-fs: tag not found [ 538.007486][T10132] afs: Unknown parameter 'au' [ 539.828425][T10162] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1560'. [ 540.443361][T10167] loop0: detected capacity change from 0 to 512 [ 540.596304][T10167] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 540.642466][T10167] ext4 filesystem being mounted at /329/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 540.851363][T10179] trusted_key: encrypted_key: keylen parameter is missing [ 540.899770][T10167] Quota error (device loop0): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 540.936189][T10167] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 541.060142][T10167] EXT4-fs error (device loop0): ext4_acquire_dquot:6209: comm syz.0.1561: Failed to acquire dquot type 0 [ 543.743882][T10211] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1573'. [ 548.332013][T10268] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1591'. [ 548.529327][T10274] netlink: 'syz.1.1593': attribute type 9 has an invalid length. [ 548.543780][T10274] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1593'. [ 548.606028][T10276] ptrace attach of "./syz-executor exec"[4189] was attempted by "./syz-executor exec"[10276] [ 552.586813][T10304] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1603'. [ 554.273884][T10318] loop6: detected capacity change from 0 to 512 [ 554.375949][T10318] EXT4-fs (loop6): couldn't mount as ext3 due to feature incompatibilities [ 554.591299][ T13] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 554.891139][ T13] usb 5-1: Using ep0 maxpacket: 32 [ 555.021988][ T13] usb 5-1: config index 0 descriptor too short (expected 539, got 27) [ 555.145276][ T13] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 555.208128][T10330] loop0: detected capacity change from 0 to 128 [ 555.502056][T10330] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 555.541905][ T13] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 556.546484][ T13] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.560518][T10330] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 556.579836][ T13] usb 5-1: Product: syz [ 556.591728][ T13] usb 5-1: Manufacturer: syz [ 556.681213][ T13] usb 5-1: SerialNumber: syz [ 556.732328][ T13] usb 5-1: config 0 descriptor?? [ 557.724483][ T13] hub 5-1:0.0: bad descriptor, ignoring hub [ 557.759741][ T13] hub: probe of 5-1:0.0 failed with error -5 [ 557.842535][T10352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 557.905876][ T13] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input13 [ 558.074261][ T13] usbtouchscreen 5-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -22 [ 558.306771][ T13] usbtouchscreen: probe of 5-1:0.0 failed with error -22 [ 558.363532][ T13] usb 5-1: USB disconnect, device number 15 [ 558.438291][T10367] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1624'. [ 558.501604][T10368] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1620'. [ 558.514735][T10367] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1624'. [ 560.296348][T10387] overlayfs: missing 'lowerdir' [ 560.596900][T10390] netlink: 'syz.0.1631': attribute type 4 has an invalid length. [ 562.591672][T10453] loop4: detected capacity change from 0 to 512 [ 562.691009][T10453] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 562.735332][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.742192][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.227109][T10454] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1655'. [ 566.758816][T10476] IPv6: NLM_F_CREATE should be specified when creating new route [ 568.454835][T10507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 570.731148][ T9338] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 571.161698][ T9338] usb 1-1: unable to get BOS descriptor or descriptor too short [ 571.411298][ T9338] usb 1-1: config 1 has an invalid descriptor of length 240, skipping remainder of the config [ 571.439717][ T9338] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 571.479198][ T9338] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 571.694257][T10570] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1699'. [ 571.701367][ T9338] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 571.751225][ T9338] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.789608][ T9338] usb 1-1: Product: syz [ 571.795919][ T9338] usb 1-1: Manufacturer: syz [ 571.800547][ T9338] usb 1-1: SerialNumber: syz [ 571.937531][T10581] netlink: 'syz.3.1704': attribute type 6 has an invalid length. [ 571.950380][T10581] netlink: 'syz.3.1704': attribute type 7 has an invalid length. [ 571.981685][T10581] netlink: 'syz.3.1704': attribute type 8 has an invalid length. [ 572.115462][ T9338] cdc_ncm 1-1:1.0: skipping garbage [ 572.143084][ T9338] cdc_ncm 1-1:1.0: invalid descriptor buffer length [ 572.178966][ T9338] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 572.206296][ T9338] cdc_ncm 1-1:1.0: bind() failure [ 572.239819][ T9338] usb 1-1: USB disconnect, device number 15 [ 574.794233][T10650] loop4: detected capacity change from 0 to 512 [ 575.089866][T10663] loop0: detected capacity change from 0 to 256 [ 575.095414][T10650] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,grpquota,. Quota mode: writeback. [ 575.118955][T10661] No source specified [ 575.125995][T10650] ext4 filesystem being mounted at /305/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 575.188351][T10663] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 575.604457][T10670] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 575.694499][T10673] loop4: detected capacity change from 0 to 512 [ 575.762648][T10673] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 575.820337][T10673] System zones: 0-2, 18-18, 34-34 [ 575.827200][T10673] EXT4-fs (loop4): orphan cleanup on readonly fs [ 575.873511][T10673] Quota error (device loop4): v2_read_file_info: Free block number too big (2048 >= 6). [ 575.896166][T10673] EXT4-fs warning (device loop4): ext4_enable_quotas:6461: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 575.914800][T10673] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 575.933096][T10673] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 46 vs 41 free clusters [ 576.941795][T10673] EXT4-fs (loop4): 1 orphan inode deleted [ 576.995957][T10673] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 577.031072][T10685] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 577.038370][T10685] IPv6: NLM_F_CREATE should be set when creating new route [ 577.045661][T10685] IPv6: NLM_F_CREATE should be set when creating new route [ 578.895547][T10699] loop0: detected capacity change from 0 to 1024 [ 578.956227][T10699] EXT4-fs (loop0): inline encryption not supported [ 579.066750][T10699] EXT4-fs (loop0): Ignoring removed orlov option [ 579.244015][T10699] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e800c018, mo2=0002] [ 579.272105][T10699] System zones: 0-1, 3-12 [ 579.292288][T10699] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,min_batch_time=0x00000000000004ab,data_err=ignore,nobarrier,inlinecrypt,orlov,nogrpid,discard,stripe=0x0000000000000002,,errors=continue. Quota mode: none. [ 579.917383][T10719] binder_alloc: 10711: binder_alloc_buf, no vma [ 580.008558][T10718] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1755'. [ 581.032627][T10731] overlayfs: failed to clone upperpath [ 581.121322][T10733] loop0: detected capacity change from 0 to 512 [ 581.257711][T10733] EXT4-fs (loop0): external journal device major/minor numbers have changed [ 581.350896][T10733] block device autoloading is deprecated and will be removed. [ 581.360399][T10733] EXT4-fs (loop0): external journal has bad superblock [ 584.018198][T10764] loop0: detected capacity change from 0 to 128 [ 585.957510][T10802] loop0: detected capacity change from 0 to 128 [ 586.320705][T10802] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 586.392577][T10802] ext4 filesystem being mounted at /366/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 586.896147][T10802] fscrypt (loop0, inode 12): Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)") [ 586.918081][T10816] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1783'. [ 586.977628][T10810] fscrypt (loop0, inode 12): Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)") [ 587.063062][T10810] fscrypt (loop0, inode 12): Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)") [ 588.866686][T10878] netlink: 'syz.4.1800': attribute type 4 has an invalid length. [ 588.916378][T10878] netlink: 'syz.4.1800': attribute type 4 has an invalid length. [ 591.385337][T10933] loop6: detected capacity change from 0 to 512 [ 591.521545][T10933] EXT4-fs (loop6): couldn't mount as ext3 due to feature incompatibilities [ 592.186732][T10955] device bridge1 entered promiscuous mode [ 594.089386][T10992] loop0: detected capacity change from 0 to 512 [ 594.440074][T10992] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 595.112095][T10993] kthread_run failed with err -4 [ 595.460930][T11009] binder: 10978:11009 ioctl c0306201 0 returned -14 [ 597.763213][T11032] ptrace attach of "./syz-executor exec"[4182] was attempted by "./syz-executor exec"[11032] [ 598.266467][T11038] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1849'. [ 601.378295][T11100] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1870'. [ 601.428394][T11100] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 606.995120][T11187] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1897'. [ 607.045347][T11187] tc_dump_action: action bad kind [ 607.196010][T11192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 609.447209][ T13] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 609.612079][T11213] ptrace attach of "./syz-executor exec"[4194] was attempted by "./syz-executor exec"[11213] [ 610.161096][ T13] usb 7-1: Using ep0 maxpacket: 32 [ 610.281277][ T13] usb 7-1: unable to get BOS descriptor set [ 610.361415][ T13] usb 7-1: too many endpoints for config 1 interface 0 altsetting 0: 48, using maximum allowed: 30 [ 610.381102][ T13] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 610.411263][ T13] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 610.434606][ T13] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 48 [ 610.731577][ T13] usb 7-1: string descriptor 0 read error: -22 [ 610.740540][ T13] usb 7-1: New USB device found, idVendor=04f2, idProduct=1400, bcdDevice= 0.40 [ 610.801420][ T13] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.160907][ T13] usb 7-1: USB disconnect, device number 21 [ 613.134508][T11279] loop6: detected capacity change from 0 to 512 [ 613.176098][T11279] EXT4-fs (loop6): couldn't mount as ext3 due to feature incompatibilities [ 615.104876][T11307] virtio-fs: tag not found [ 615.112126][T11307] afs: Unknown parameter 'au' [ 616.036868][T11328] loop0: detected capacity change from 0 to 512 [ 616.159846][T11328] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 618.375353][T11355] netlink: 'syz.0.1948': attribute type 4 has an invalid length. [ 618.806063][T11370] ptrace attach of "./syz-executor exec"[4182] was attempted by "./syz-executor exec"[11370] [ 619.887655][T11391] binder_alloc: 11379: binder_alloc_buf, no vma [ 619.948665][T11393] netlink: 'syz.1.1960': attribute type 4 has an invalid length. [ 623.217277][T11421] virtio-fs: tag not found [ 623.224067][T11421] afs: Unknown parameter 'au' [ 623.585319][T11426] netlink: 'syz.0.1971': attribute type 4 has an invalid length. [ 623.894706][T11434] binder_alloc: 11427: binder_alloc_buf, no vma [ 624.082432][T11440] loop0: detected capacity change from 0 to 1024 [ 624.121611][T11442] ptrace attach of "./syz-executor exec"[4194] was attempted by "./syz-executor exec"[11442] [ 624.168362][T11440] hfsplus: invalid extent max_key_len 6 [ 624.179574][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.185932][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.245431][T11440] hfsplus: failed to load extents file [ 625.200869][T11465] netlink: 'syz.0.1985': attribute type 4 has an invalid length. [ 627.046177][T11492] loop0: detected capacity change from 0 to 512 [ 627.073634][T11491] binder_alloc: 11488: binder_alloc_buf, no vma [ 627.142888][T11492] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 627.234918][T11492] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 627.395655][T11500] netlink: 'syz.0.1996': attribute type 4 has an invalid length. [ 627.754208][T11514] loop0: detected capacity change from 0 to 8 [ 627.830857][T11514] squashfs image failed sanity check [ 628.404689][T11526] ptrace attach of "./syz-executor exec"[4189] was attempted by "./syz-executor exec"[11526] [ 629.201137][T11546] loop4: detected capacity change from 0 to 2048 [ 629.365224][T11546] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 629.758302][T11546] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 630.558699][T11560] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2019'. [ 630.744584][T11566] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2018'. [ 631.366256][T11575] loop6: detected capacity change from 0 to 2048 [ 631.373351][ T23] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 631.456262][T11575] loop6: p1 < > p4 [ 631.541542][T11575] loop6: p4 size 8388608 extends beyond EOD, truncated [ 631.775619][ T9205] udevd[9205]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory [ 631.791293][ T23] usb 1-1: unable to get BOS descriptor or descriptor too short [ 631.810374][ T9203] udevd[9203]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 631.841308][ T23] usb 1-1: not running at top speed; connect to a high speed hub [ 631.896333][T11582] 9p: Unknown uid 18446744073709551615 [ 631.931269][ T23] usb 1-1: config 136 has an invalid interface number: 30 but max is 0 [ 631.955017][ T23] usb 1-1: config 136 has no interface number 0 [ 631.995581][ T23] usb 1-1: config 136 interface 30 altsetting 0 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 632.320236][T11596] loop6: detected capacity change from 0 to 512 [ 632.341252][ T23] usb 1-1: New USB device found, idVendor=0499, idProduct=100e, bcdDevice=f0.f4 [ 632.415168][T11601] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2031'. [ 632.427114][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.435277][ T23] usb 1-1: Product: syz [ 632.439575][ T23] usb 1-1: Manufacturer: syz [ 632.444300][ T23] usb 1-1: SerialNumber: syz [ 632.481482][T11570] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 632.555725][T11596] EXT4-fs (loop6): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 632.603953][T11596] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 632.669497][T11596] EXT4-fs (loop6): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 632.773182][T11596] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 632.804266][ T23] usb 1-1: invalid MIDI in EP 0 [ 632.841101][T11596] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e01c, mo2=0000] [ 632.851504][ T23] snd-usb-audio: probe of 1-1:136.30 failed with error -22 [ 632.870830][ T23] usb 1-1: USB disconnect, device number 16 [ 632.921394][T11596] EXT4-fs (loop6): orphan cleanup on readonly fs [ 633.005530][T11596] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.2032: bg 0: block 34: padding at end of block bitmap is not set [ 633.046952][T11607] loop4: detected capacity change from 0 to 2048 [ 633.090881][T11596] Quota error (device loop6): write_blk: dquota write failed [ 633.100088][T11596] Quota error (device loop6): qtree_write_dquot: Error -28 occurred while creating quota [ 633.110104][T11596] EXT4-fs error (device loop6): ext4_acquire_dquot:6209: comm syz.6.2032: Failed to acquire dquot type 1 [ 633.133610][T11596] EXT4-fs (loop6): 1 truncate cleaned up [ 633.168039][T11596] EXT4-fs (loop6): mounted filesystem without journal. Opts: resgid=0x0000000000000000,mb_optimize_scan=0x0000000000000001,acl,noblock_validity,,errors=continue. Quota mode: writeback. [ 633.189114][T11605] udevd[11605]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:136.30/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 633.276994][T11607] EXT4-fs (loop4): mounted filesystem without journal. Opts: nouid32,acl,,errors=continue. Quota mode: none. [ 633.668411][T11617] netlink: 'syz.6.2038': attribute type 3 has an invalid length. [ 634.549345][T11642] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2045'. [ 634.959911][T11648] loop4: detected capacity change from 0 to 2048 [ 635.449492][T11648] EXT4-fs (loop4): mounted filesystem without journal. Opts: nouid32,acl,,errors=continue. Quota mode: none. [ 636.898607][T11672] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2053'. [ 639.307018][T11691] loop0: detected capacity change from 0 to 1024 [ 639.631624][T11701] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2060'. [ 640.753795][T11714] loop6: detected capacity change from 0 to 2048 [ 640.909187][T11714] EXT4-fs (loop6): mounted filesystem without journal. Opts: nouid32,acl,,errors=continue. Quota mode: none. [ 641.073466][T11729] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2070'. [ 641.641588][T11732] netlink: 'syz.1.2071': attribute type 4 has an invalid length. [ 641.683204][T11732] netlink: 'syz.1.2071': attribute type 4 has an invalid length. [ 641.762627][T11738] x_tables: ip_tables: TPROXY target: only valid in mangle table, not  [ 642.258478][T11751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 642.879211][T11750] loop4: detected capacity change from 0 to 512 [ 643.028760][T11750] EXT4-fs (loop4): Invalid want_extra_isize 174 [ 644.738551][T11770] overlayfs: missing 'lowerdir' [ 644.745764][T11772] netlink: 'syz.6.2085': attribute type 4 has an invalid length. [ 644.788143][T11772] netlink: 'syz.6.2085': attribute type 4 has an invalid length. [ 644.904955][T11769] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2083'. [ 645.440804][T11785] virtio-fs: tag not found [ 645.447271][T11785] afs: Unknown parameter 'au' [ 645.890329][T11794] loop4: detected capacity change from 0 to 2048 [ 645.906364][T11797] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2089'. [ 645.972129][T11803] netlink: 'syz.0.2097': attribute type 4 has an invalid length. [ 646.007608][T11794] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 646.010484][T11803] netlink: 'syz.0.2097': attribute type 4 has an invalid length. [ 646.059479][T11794] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 647.222033][T11822] binder: 11817:11822 ioctl c0306201 0 returned -14 [ 647.229287][T11822] binder: 11817:11822 ioctl c0306201 200000000780 returned -11 [ 647.237908][T11822] virtio-fs: tag not found [ 647.244238][T11822] afs: Unknown parameter 'au' [ 647.863108][T11835] overlayfs: missing 'lowerdir' [ 649.856016][T11857] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2116'. [ 650.716767][T11893] overlayfs: missing 'lowerdir' [ 650.998614][T11895] binder_alloc: 11894: binder_alloc_buf, no vma [ 652.705775][T11904] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2130'. [ 652.877466][T11919] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2134'. [ 653.085825][T11927] loop0: detected capacity change from 0 to 2048 [ 653.249244][T11927] EXT4-fs (loop0): mounted filesystem without journal. Opts: nouid32,acl,,errors=continue. Quota mode: none. [ 654.273482][T11945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 655.081346][T11952] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 655.090448][T11952] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 655.465746][T11962] netlink: 'syz.0.2148': attribute type 4 has an invalid length. [ 655.634325][T11962] netlink: 'syz.0.2148': attribute type 4 has an invalid length. [ 655.754752][T11967] binder: 11963:11967 ioctl c0306201 0 returned -14 [ 655.761951][T11967] binder: 11963:11967 ioctl c0306201 200000000780 returned -11 [ 655.770224][T11967] virtio-fs: tag not found [ 655.776467][T11967] afs: Unknown parameter 'au' [ 656.401545][T11973] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2151'. [ 656.921280][T11975] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2153'. [ 658.508141][T12000] syz.4.2164 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 658.554243][T12002] netlink: 'syz.1.2162': attribute type 4 has an invalid length. [ 658.604503][T12002] netlink: 'syz.1.2162': attribute type 4 has an invalid length. [ 658.810470][T12015] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2165'. [ 659.133025][T12016] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2167'. [ 660.705773][T12051] netlink: 'syz.3.2179': attribute type 4 has an invalid length. [ 660.815855][T12052] netlink: 'syz.3.2179': attribute type 4 has an invalid length. [ 660.876215][T12054] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2180'. [ 661.979807][T12065] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 662.136321][T12065] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 663.152606][T12085] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2191'. [ 663.274616][T12088] netlink: 'syz.3.2192': attribute type 4 has an invalid length. [ 663.328182][T12090] loop6: detected capacity change from 0 to 1024 [ 663.335007][T12092] netlink: 'syz.3.2192': attribute type 4 has an invalid length. [ 663.409510][T12090] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 663.567251][T12090] EXT4-fs (loop6): mounted filesystem without journal. Opts: dioread_nolock,stripe=0x0000000000000003,min_batch_time=0x0000000000000001,nogrpid,debug_want_extra_isize=0x0000000000000080,auto_da_alloc,errors=remount-ro,acl,nolazytime,jqfmt=vfsold,barrier=0x0000000000000007,nombcache,. Quota mode: none. [ 665.480428][T12122] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2202'. [ 665.800638][T12138] netlink: 'syz.3.2207': attribute type 4 has an invalid length. [ 665.879371][T12142] netlink: 'syz.3.2207': attribute type 4 has an invalid length. [ 666.161789][T12151] loop6: detected capacity change from 0 to 1024 [ 666.210490][T12151] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 666.221585][T12151] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 666.318105][T12151] JBD2: no valid journal superblock found [ 666.323959][T12151] EXT4-fs (loop6): error loading journal [ 667.230825][T12160] overlayfs: missing 'lowerdir' [ 668.341514][T12165] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2217'. [ 668.658710][T12179] netlink: 'syz.3.2222': attribute type 4 has an invalid length. [ 668.721456][T12182] netlink: 'syz.3.2222': attribute type 4 has an invalid length. [ 670.346072][T12228] netlink: 'syz.3.2241': attribute type 4 has an invalid length. [ 670.415292][T12229] netlink: 'syz.3.2241': attribute type 4 has an invalid length. [ 672.977260][T12262] netlink: 'syz.3.2252': attribute type 4 has an invalid length. [ 673.021187][T12262] netlink: 'syz.3.2252': attribute type 4 has an invalid length. [ 673.070550][T12265] loop0: detected capacity change from 0 to 512 [ 673.191370][T12271] loop4: detected capacity change from 0 to 512 [ 673.228702][T12265] EXT4-fs (loop0): 1 truncate cleaned up [ 673.241203][T12265] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,bsdgroups,nouid32,mb_optimize_scan=0x0000000000000000,jqfmt=vfsv1,min_batch_time=0x000000005b2e322a,stripe=0x0000000000000005,,errors=continue. Quota mode: writeback. [ 673.341995][T12271] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 673.350728][ T26] audit: type=1800 audit(1763794753.889:5): pid=12265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2253" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 675.891366][T12301] netlink: 'syz.4.2264': attribute type 4 has an invalid length. [ 675.929717][T12301] netlink: 'syz.4.2264': attribute type 4 has an invalid length. [ 676.361781][ T26] audit: type=1326 audit(1763794756.759:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12309 comm="syz.0.2268" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f3edef749 code=0x0 [ 677.174737][T12327] 9pnet: p9_errstr2errno: server reported unknown error [ 677.657911][T12336] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2278'. [ 681.070189][T12383] binder_alloc: 12368: binder_alloc_buf, no vma [ 685.279323][T12411] chnl_net:caif_netlink_parms(): no params data found [ 686.078854][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.284851][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.289586][ T23] Bluetooth: hci5: command 0x0409 tx timeout [ 686.434221][T12443] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2308'. [ 686.626428][T12443] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2308'. [ 687.643866][T12411] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.717972][T12411] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.762874][T12411] device bridge_slave_0 entered promiscuous mode [ 687.784827][T12472] loop4: detected capacity change from 0 to 16 [ 687.791965][T12411] bridge0: port 2(bridge_slave_1) entered blocking state [ 687.811007][T12411] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.819194][T12411] device bridge_slave_1 entered promiscuous mode [ 687.838628][T12472] erofs: (device loop4): EXPERIMENTAL big pcluster feature in use. Use at your own risk! [ 687.922287][T12472] erofs: (device loop4): mounted with root inode @ nid 36. [ 687.990406][T12472] handle_bad_sector: 23 callbacks suppressed [ 687.990430][T12472] attempt to access beyond end of device [ 687.990430][T12472] loop4: rw=0, want=34359738368, limit=16 [ 688.070605][T12472] attempt to access beyond end of device [ 688.070605][T12472] loop4: rw=0, want=34359738368, limit=16 [ 688.136303][T12472] erofs: (device loop4): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 689.119097][ T23] Bluetooth: hci5: command 0x041b tx timeout [ 689.445851][T12411] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 689.549683][T12411] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 689.586079][T12497] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2322'. [ 689.686650][T12412] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 689.698007][T12412] CPU: 1 PID: 12412 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 689.705685][T12412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 689.715768][T12412] Workqueue: hci3 hci_rx_work [ 689.720482][T12412] Call Trace: [ 689.723764][T12412] [ 689.726698][T12412] dump_stack_lvl+0x168/0x230 [ 689.731388][T12412] ? show_regs_print_info+0x20/0x20 [ 689.736595][T12412] ? load_image+0x3b0/0x3b0 [ 689.741113][T12412] sysfs_create_dir_ns+0x252/0x280 [ 689.746227][T12412] ? __lock_acquire+0x7c60/0x7c60 [ 689.751253][T12412] ? sysfs_warn_dup+0xa0/0xa0 [ 689.755933][T12412] ? le_conn_complete_evt+0xcbc/0x1590 [ 689.761392][T12412] ? hci_event_packet+0xe05/0x12f0 [ 689.766503][T12412] ? process_one_work+0x863/0x1000 [ 689.771614][T12412] ? do_raw_spin_unlock+0x11d/0x230 [ 689.776816][T12412] kobject_add_internal+0x662/0xd00 [ 689.782029][T12412] kobject_add+0x152/0x210 [ 689.786446][T12412] ? kobject_init+0x1d0/0x1d0 [ 689.791122][T12412] ? klist_children_get+0x50/0x50 [ 689.796148][T12412] ? get_device_parent+0x121/0x3f0 [ 689.801266][T12412] device_add+0x483/0xfb0 [ 689.805607][T12412] hci_conn_add_sysfs+0xd1/0x1e0 [ 689.810573][T12412] le_conn_complete_evt+0xcbc/0x1590 [ 689.815890][T12412] ? cs_le_create_conn+0x5e0/0x5e0 [ 689.821007][T12412] ? __mutex_trylock_common+0x14f/0x250 [ 689.826559][T12412] hci_le_meta_evt+0x289/0x3b80 [ 689.831410][T12412] ? hci_event_packet+0x36d/0x12f0 [ 689.836522][T12412] ? hci_event_packet+0x2e2/0x12f0 [ 689.841631][T12412] ? __lock_acquire+0x7c60/0x7c60 [ 689.846664][T12412] ? hci_remote_host_features_evt+0x280/0x280 [ 689.852731][T12412] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 689.858367][T12412] ? mark_lock+0x94/0x320 [ 689.862700][T12412] ? mutex_unlock+0x10/0x10 [ 689.867204][T12412] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 689.873202][T12412] ? lock_chain_count+0x20/0x20 [ 689.878055][T12412] ? __rwlock_init+0x140/0x140 [ 689.882827][T12412] hci_event_packet+0xe05/0x12f0 [ 689.887768][T12412] ? lockdep_hardirqs_on+0x94/0x140 [ 689.892981][T12412] ? rcu_lock_release+0x20/0x20 [ 689.897841][T12412] ? hci_send_to_monitor+0x9c/0x4a0 [ 689.903056][T12412] hci_rx_work+0x255/0xa10 [ 689.907492][T12412] process_one_work+0x863/0x1000 [ 689.912440][T12412] ? worker_detach_from_pool+0x240/0x240 [ 689.918166][T12412] ? lockdep_hardirqs_off+0x70/0x100 [ 689.923455][T12412] ? _raw_spin_lock_irq+0xab/0xe0 [ 689.928480][T12412] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 689.933876][T12412] ? wq_worker_running+0x97/0x170 [ 689.938905][T12412] worker_thread+0xaa8/0x12a0 [ 689.943580][T12412] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 689.949469][T12412] ? lockdep_hardirqs_on+0x94/0x140 [ 689.954671][T12412] ? lockdep_hardirqs_on+0x94/0x140 [ 689.959872][T12412] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 689.965786][T12412] kthread+0x436/0x520 [ 689.969875][T12412] ? rcu_lock_release+0x20/0x20 [ 689.974874][T12412] ? kthread_blkcg+0xd0/0xd0 [ 689.979480][T12412] ret_from_fork+0x1f/0x30 [ 689.983915][T12412] [ 689.995961][T12412] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 690.009736][T12412] Bluetooth: hci3: failed to register connection device [ 690.179681][T12497] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2322'. [ 690.214977][ T7383] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 690.268761][T12411] team0: Port device team_slave_0 added [ 690.334484][T12411] team0: Port device team_slave_1 added [ 690.434842][ T7383] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 690.522763][T12411] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 690.794508][T12411] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 690.896031][T12411] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 691.016514][ T7383] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.131523][T12411] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 691.163073][T12411] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 691.473206][T12411] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 691.730455][ T9337] Bluetooth: hci5: command 0x040f tx timeout [ 692.782718][ T7383] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.952709][T12411] device hsr_slave_0 entered promiscuous mode [ 693.014014][T12411] device hsr_slave_1 entered promiscuous mode [ 693.024558][T12411] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 693.040996][T12411] Cannot create hsr debugfs directory [ 693.950111][ T9336] Bluetooth: hci5: command 0x0419 tx timeout [ 694.290063][T12560] loop4: detected capacity change from 0 to 512 [ 694.369392][T12560] EXT4-fs (loop4): Ignoring removed bh option [ 694.532098][T12411] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 695.470954][T12411] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 695.663823][T12411] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 695.736942][T12560] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2345'. [ 695.749096][T12411] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 695.922839][T12596] loop4: detected capacity change from 0 to 1024 [ 696.065252][T12596] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 696.111688][T12411] 8021q: adding VLAN 0 to HW filter on device bond0 [ 696.177523][ T5389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 696.192105][ T5389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 696.256238][T12411] 8021q: adding VLAN 0 to HW filter on device team0 [ 696.295427][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 696.342843][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 696.392070][ T145] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.399243][ T145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 696.489213][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 696.528038][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 696.567789][ T145] bridge0: port 2(bridge_slave_1) entered blocking state [ 696.574967][ T145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 696.617526][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 696.664358][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 696.704492][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 696.783686][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 696.799419][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 696.819381][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 696.863082][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 696.879513][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 696.889197][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 696.916936][T12411] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 696.936203][T12411] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 696.964281][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 696.981905][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 696.990447][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 697.271317][ T7383] device hsr_slave_0 left promiscuous mode [ 697.292301][ T7383] device hsr_slave_1 left promiscuous mode [ 697.300760][ T7383] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 697.322366][ T7383] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 697.362408][ T7383] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 697.370060][ T7383] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 697.398925][ T7383] device bridge_slave_1 left promiscuous mode [ 697.409322][ T7383] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.426073][ T7383] device bridge_slave_0 left promiscuous mode [ 697.436432][ T7383] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.478152][ T7383] device veth1_macvtap left promiscuous mode [ 697.491503][ T7383] device veth0_macvtap left promiscuous mode [ 697.497823][ T7383] device veth1_vlan left promiscuous mode [ 697.504567][ T7383] device veth0_vlan left promiscuous mode [ 698.008768][ T7383] team0 (unregistering): Port device team_slave_1 removed [ 698.024052][ T7383] team0 (unregistering): Port device team_slave_0 removed [ 698.036537][ T7383] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 698.056423][ T7383] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 698.832634][ T7383] bond0 (unregistering): Released all slaves [ 699.872772][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 699.882343][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 699.910817][T12411] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 700.052203][T12652] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 700.088392][T12652] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 700.310259][T12673] loop0: detected capacity change from 0 to 512 [ 700.551087][T12673] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 701.384816][T12690] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 701.395232][T12690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 701.402758][T12690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 701.413197][T12690] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 701.967445][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 702.020080][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 702.628513][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 702.761765][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 702.846138][T12411] device veth0_vlan entered promiscuous mode [ 702.855779][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 702.908204][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 702.965705][T12411] device veth1_vlan entered promiscuous mode [ 703.011785][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 703.093965][T12411] device veth0_macvtap entered promiscuous mode [ 703.158057][ T5375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 703.178674][ T5375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 703.209745][ T5375] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 703.237465][T12411] device veth1_macvtap entered promiscuous mode [ 703.332223][T12411] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 703.383984][T12411] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.415986][T12411] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 703.442005][T12411] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.469776][T12411] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 703.503469][T12411] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.537371][T12411] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 703.571880][T12411] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.612693][T12411] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 703.648858][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 703.677096][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 703.713196][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 703.748821][T12411] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 703.798938][T12411] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.830889][T12411] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 703.892528][T12411] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.944699][T12411] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 703.998209][T12411] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.011217][T12411] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 704.042966][T12411] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.054328][T12411] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 704.065075][T12411] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 704.074014][T12411] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 704.090081][T12411] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 704.120456][T12411] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 704.194519][T12731] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2377'. [ 704.272003][T12730] 9pnet: Insufficient options for proto=fd [ 704.572228][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 704.614401][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 704.793109][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 704.828318][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 704.876699][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 704.905715][ T5360] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 704.977560][ T5360] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 705.019117][ T5389] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 705.417542][T12765] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2388'. [ 705.489166][T12765] device veth3 entered promiscuous mode [ 706.216311][T12784] binder_alloc: 12745: binder_alloc_buf, no vma [ 706.373889][ T26] audit: type=1326 audit(1763794786.919:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12785 comm="syz.3.2392" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1c72810749 code=0x0 [ 706.684725][T12792] netlink: 'syz.3.2394': attribute type 4 has an invalid length. [ 706.762769][T12794] netlink: 'syz.3.2394': attribute type 4 has an invalid length. [ 708.522716][T12827] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2403'. [ 709.391242][T12831] netlink: 'syz.3.2405': attribute type 4 has an invalid length. [ 709.421699][T12835] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 709.471244][T12836] netlink: 'syz.3.2405': attribute type 4 has an invalid length. [ 711.337565][T12874] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2416'. [ 712.138356][T12878] netlink: 'syz.0.2418': attribute type 4 has an invalid length. [ 712.237873][T12883] netlink: 'syz.0.2418': attribute type 4 has an invalid length. [ 714.088299][T12920] netlink: 'syz.4.2431': attribute type 4 has an invalid length. [ 714.189735][T12923] netlink: 'syz.4.2431': attribute type 4 has an invalid length. [ 714.353764][T12933] 9pnet: p9_errstr2errno: server reported unknown error aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 715.887812][T12970] loop4: detected capacity change from 0 to 512 [ 715.949616][T12970] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 718.524302][T13010] loop4: detected capacity change from 0 to 256 [ 718.938223][T13011] virtio-fs: tag not found [ 718.944760][T13011] afs: Unknown parameter 'au' [ 718.960520][T12997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 719.019964][T13010] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 719.058598][T13010] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 719.101761][T13016] 9pnet: p9_fd_create_tcp (13016): problem connecting socket to 127.0.0.1 [ 719.108744][T13010] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 719.351626][ T9338] usb 8-1: new low-speed USB device number 2 using dummy_hcd [ 719.811096][ T9338] usb 8-1: config 0 has an invalid interface number: 190 but max is 0 [ 719.844135][ T9338] usb 8-1: config 0 has no interface number 0 [ 719.850343][ T9338] usb 8-1: New USB device found, idVendor=0686, idProduct=4017, bcdDevice= 0.01 [ 719.869399][ T9338] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 719.905367][ T9338] usb 8-1: config 0 descriptor?? [ 719.954237][ T9338] usb-storage 8-1:0.190: USB Mass Storage device detected [ 719.983962][T13054] loop4: detected capacity change from 0 to 512 [ 720.050133][T13054] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 720.781587][ T6461] usb 8-1: USB disconnect, device number 2 [ 721.756576][T13076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 723.231603][ T26] audit: type=1326 audit(1763794803.779:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13104 comm="syz.3.2488" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1c72810749 code=0x0 [ 724.382001][T13137] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 729.764634][T13254] hub 2-0:1.0: USB hub found [ 729.770937][T13254] hub 2-0:1.0: 1 port detected [ 730.539759][T13264] loop0: detected capacity change from 0 to 512 [ 730.744011][T13264] EXT4-fs (loop0): #blocks per group too big: 65535 [ 731.170810][T13264] netlink: 'syz.0.2536': attribute type 12 has an invalid length. [ 732.057333][T13294] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2547'. [ 732.107805][T13298] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 732.119319][T13291] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2545'. [ 734.778535][T13345] overlayfs: failed to clone upperpath [ 735.023739][T13349] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2561'. [ 735.145954][T13349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2561'. [ 736.896226][T13367] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2565'. [ 737.288106][T13397] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2574'. [ 737.393121][T13397] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2574'. [ 737.634044][T13407] loop0: detected capacity change from 0 to 1024 [ 737.714453][T13416] netlink: 564 bytes leftover after parsing attributes in process `syz.7.2582'. [ 737.743201][T13407] hfsplus: failed to load attributes file [ 737.750768][T13416] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.780268][T13418] overlayfs: failed to clone upperpath [ 737.793871][T13416] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.139357][ T26] audit: type=1326 audit(1763794818.679:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.7.2585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38996fb749 code=0x7ffc0000 [ 738.260659][ T26] audit: type=1326 audit(1763794818.679:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.7.2585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38996fb749 code=0x7ffc0000 [ 738.345014][T13432] loop7: detected capacity change from 0 to 256 [ 738.361096][ T26] audit: type=1326 audit(1763794818.709:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.7.2585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f38996fb749 code=0x7ffc0000 [ 738.547087][ T26] audit: type=1326 audit(1763794818.709:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.7.2585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38996fb749 code=0x7ffc0000 [ 738.688292][T13440] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2589'. [ 739.145718][T13432] exFAT-fs (loop7): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18d7c, utbl_chksum : 0xe619d30d) [ 739.585949][ T26] audit: type=1326 audit(1763794818.709:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.7.2585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38996fb749 code=0x7ffc0000 [ 739.672546][T13450] virtio-fs: tag not found [ 739.680765][T13450] afs: Unknown parameter 'au' [ 740.280878][ T26] audit: type=1326 audit(1763794818.709:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.7.2585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f38996fb749 code=0x7ffc0000 [ 740.583020][ T26] audit: type=1326 audit(1763794818.709:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.7.2585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38996fb749 code=0x7ffc0000 [ 741.086372][ T26] audit: type=1326 audit(1763794818.709:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.7.2585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38996fb749 code=0x7ffc0000 [ 741.236599][ T26] audit: type=1326 audit(1763794818.709:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.7.2585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f38996fb749 code=0x7ffc0000 [ 741.305614][ T26] audit: type=1326 audit(1763794818.709:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.7.2585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38996fb749 code=0x7ffc0000 [ 741.353092][T13478] overlayfs: failed to clone upperpath [ 741.392279][T13485] loop7: detected capacity change from 0 to 256 [ 741.587912][T13485] exFAT-fs (loop7): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18d7c, utbl_chksum : 0xe619d30d) [ 741.620752][T13496] loop0: detected capacity change from 0 to 128 [ 741.861344][T13496] Option 'DTl|' to dns_resolver key: bad/missing value [ 742.482572][T13524] loop0: detected capacity change from 0 to 1024 [ 742.544588][T13524] hfsplus: unable to find HFS+ superblock [ 743.900205][T13535] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2624'. [ 743.919621][T13535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2624'. [ 744.973578][ T23] Bluetooth: hci0: command 0x0409 tx timeout [ 745.037605][T13576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 745.133669][T13538] chnl_net:caif_netlink_parms(): no params data found [ 745.382772][T13538] bridge0: port 1(bridge_slave_0) entered blocking state [ 745.421049][T13538] bridge0: port 1(bridge_slave_0) entered disabled state [ 745.429930][T13538] device bridge_slave_0 entered promiscuous mode [ 745.498635][T13538] bridge0: port 2(bridge_slave_1) entered blocking state [ 745.531463][T13538] bridge0: port 2(bridge_slave_1) entered disabled state [ 745.539685][T13538] device bridge_slave_1 entered promiscuous mode [ 745.803798][T13538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 746.173884][T13538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 746.245767][T13600] loop0: detected capacity change from 0 to 256 [ 746.369513][T13600] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18d7c, utbl_chksum : 0xe619d30d) [ 746.484700][T13538] team0: Port device team_slave_0 added [ 746.526599][T13538] team0: Port device team_slave_1 added [ 746.544296][T13608] overlayfs: failed to clone upperpath [ 746.854153][T13538] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 746.866786][T13538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 746.905167][T13620] loop0: detected capacity change from 0 to 164 [ 746.950063][T13538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 747.026440][T13538] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 747.050377][T13538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 747.051546][ T9337] Bluetooth: hci0: command 0x041b tx timeout [ 747.080135][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.089283][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.133913][T13538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 747.275877][T13538] device hsr_slave_0 entered promiscuous mode [ 747.316050][T13538] device hsr_slave_1 entered promiscuous mode [ 747.340762][T13538] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 747.391341][T13538] Cannot create hsr debugfs directory [ 748.830188][T13538] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.047669][T13538] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.131027][ T9338] Bluetooth: hci0: command 0x040f tx timeout [ 749.176176][T13642] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 749.181818][T13538] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.241075][T13538] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.757140][T13686] loop0: detected capacity change from 0 to 1024 [ 749.781505][T13538] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 749.809958][T13538] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 749.855781][T13538] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 749.927856][T13538] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 749.952783][T13686] hfsplus: failed to load root directory [ 749.979980][T13694] loop4: detected capacity change from 0 to 256 [ 750.227985][T13694] exFAT-fs (loop4): invalid boot record signature [ 750.251963][T13694] exFAT-fs (loop4): failed to read boot sector [ 750.364396][T13694] exFAT-fs (loop4): failed to recognize exfat type [ 750.665414][T13538] 8021q: adding VLAN 0 to HW filter on device bond0 [ 750.950168][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 750.992769][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 751.049493][T13538] 8021q: adding VLAN 0 to HW filter on device team0 [ 751.123337][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 751.153667][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 751.211043][ T23] Bluetooth: hci0: command 0x0419 tx timeout [ 751.233713][ T5360] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.241017][ T5360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 751.311304][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 751.349511][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 751.398292][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 751.428694][ T5360] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.435926][ T5360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 751.512051][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 751.548978][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 751.603846][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 751.660040][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 751.684895][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 751.724628][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 751.740552][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 752.180435][T13730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 752.203692][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 752.478569][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 752.548385][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 752.619884][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 753.241272][ T6461] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 753.561151][ T6461] usb 5-1: Using ep0 maxpacket: 8 [ 754.532240][ T6461] usb 5-1: unable to get BOS descriptor or descriptor too short [ 754.631175][ T6461] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 755.620686][T13538] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 755.676533][ T6461] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 755.687462][ T6461] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 755.696024][ T6461] usb 5-1: Product: syz [ 755.700234][ T6461] usb 5-1: Manufacturer: syz [ 755.705119][ T6461] usb 5-1: SerialNumber: syz [ 755.715863][ T5391] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 755.751134][ T5391] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 755.791617][ T5391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 755.804417][ T5391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 755.904903][ T5391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 755.947290][ T5391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 756.177218][ T6461] cdc_ncm 5-1:1.0: NCM or ECM functional descriptors missing [ 756.194331][ T6461] cdc_ncm 5-1:1.0: bind() failure [ 756.430464][T13538] device veth0_vlan entered promiscuous mode [ 756.529411][T13538] device veth1_vlan entered promiscuous mode [ 756.661392][ T6461] usb 5-1: USB disconnect, device number 16 [ 756.810173][ T5391] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 756.832888][ T5391] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 756.841012][ T5391] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 756.849179][ T5391] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 757.676895][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 757.705663][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 757.869142][T13538] device veth0_macvtap entered promiscuous mode [ 758.903939][T13538] device veth1_macvtap entered promiscuous mode [ 758.982443][T13538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 758.993846][T13538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.007531][T13538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 759.050989][T13538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.082916][T13538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 759.110372][T13538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.156335][T13855] binfmt_misc: register: failed to install interpreter file ./file0 [ 759.187357][T13538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 759.228979][T13538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.267961][T13538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 759.289203][T13860] [ 759.291576][T13860] ====================================================== [ 759.298617][T13860] WARNING: possible circular locking dependency detected [ 759.305666][T13860] syzkaller #0 Not tainted [ 759.310092][T13860] ------------------------------------------------------ [ 759.317123][T13860] syz.0.2711/13860 is trying to acquire lock: [ 759.323197][T13860] ffff888079bbcc28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 759.334278][T13860] [ 759.334278][T13860] but task is already holding lock: [ 759.341796][T13860] ffffffff8d4c0f28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 759.344384][T13538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.351611][T13860] [ 759.351611][T13860] which lock already depends on the new lock. [ 759.351611][T13860] [ 759.351620][T13860] [ 759.351620][T13860] the existing dependency chain (in reverse order) is: [ 759.351628][T13860] [ 759.351628][T13860] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 759.351663][T13860] __mutex_lock_common+0x1eb/0x2390 [ 759.351690][T13860] mutex_lock_nested+0x17/0x20 [ 759.383467][T13538] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 759.388885][T13860] rfkill_register+0x33/0x8a0 [ 759.388914][T13860] hci_register_dev+0x452/0x970 [ 759.417769][T13860] vhci_create_device+0x32c/0x5c0 [ 759.423339][T13860] vhci_write+0x391/0x450 [ 759.428203][T13860] vfs_write+0x712/0xd00 [ 759.432990][T13860] ksys_write+0x14d/0x250 [ 759.437861][T13860] do_syscall_64+0x4c/0xa0 [ 759.442815][T13860] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 759.449248][T13860] [ 759.449248][T13860] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 759.457083][T13860] __mutex_lock_common+0x1eb/0x2390 [ 759.462822][T13860] mutex_lock_nested+0x17/0x20 [ 759.468124][T13860] vhci_send_frame+0x88/0x100 [ 759.473347][T13860] hci_send_frame+0x1a9/0x2e0 [ 759.478559][T13860] hci_tx_work+0x9f9/0x1710 [ 759.483597][T13860] process_one_work+0x863/0x1000 [ 759.489072][T13860] worker_thread+0xaa8/0x12a0 [ 759.494280][T13860] kthread+0x436/0x520 [ 759.498888][T13860] ret_from_fork+0x1f/0x30 [ 759.503839][T13860] [ 759.503839][T13860] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 759.513062][T13860] __flush_work+0xdd/0x1b0 [ 759.518016][T13860] hci_dev_do_close+0x1e7/0x1030 [ 759.523587][T13860] hci_unregister_dev+0x2d7/0x580 [ 759.529201][T13860] vhci_release+0x73/0xc0 [ 759.534065][T13860] __fput+0x234/0x930 [ 759.538579][T13860] task_work_run+0x125/0x1a0 [ 759.543703][T13860] do_exit+0x61e/0x20a0 [ 759.548399][T13860] do_group_exit+0x12e/0x300 [ 759.553530][T13860] get_signal+0x6ca/0x12c0 [ 759.558481][T13860] arch_do_signal_or_restart+0xc1/0x1300 [ 759.564649][T13860] exit_to_user_mode_loop+0x9e/0x130 [ 759.570473][T13860] exit_to_user_mode_prepare+0xee/0x180 [ 759.576553][T13860] syscall_exit_to_user_mode+0x16/0x40 [ 759.582550][T13860] do_syscall_64+0x58/0xa0 [ 759.587507][T13860] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 759.593945][T13860] [ 759.593945][T13860] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 759.601610][T13860] __mutex_lock_common+0x1eb/0x2390 [ 759.607346][T13860] mutex_lock_nested+0x17/0x20 [ 759.612649][T13860] bg_scan_update+0x44/0x3b0 [ 759.617775][T13860] process_one_work+0x863/0x1000 [ 759.623251][T13860] worker_thread+0xaa8/0x12a0 [ 759.628462][T13860] kthread+0x436/0x520 [ 759.633063][T13860] ret_from_fork+0x1f/0x30 [ 759.638011][T13860] [ 759.638011][T13860] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 759.647847][T13860] __lock_acquire+0x2c33/0x7c60 [ 759.653240][T13860] lock_acquire+0x197/0x3f0 [ 759.658286][T13860] __flush_work+0xdd/0x1b0 [ 759.663241][T13860] __cancel_work_timer+0x3ac/0x520 [ 759.668924][T13860] hci_request_cancel_all+0xcc/0x300 [ 759.674756][T13860] hci_dev_do_close+0x4e/0x1030 [ 759.680118][T13860] hci_rfkill_set_block+0x10a/0x190 [ 759.685832][T13860] rfkill_set_block+0x1c6/0x420 [ 759.691198][T13860] rfkill_fop_write+0x458/0x560 [ 759.696576][T13860] vfs_write+0x300/0xd00 [ 759.701327][T13860] ksys_write+0x14d/0x250 [ 759.706165][T13860] do_syscall_64+0x4c/0xa0 [ 759.711088][T13860] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 759.717498][T13860] [ 759.717498][T13860] other info that might help us debug this: [ 759.717498][T13860] [ 759.727710][T13860] Chain exists of: [ 759.727710][T13860] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 759.727710][T13860] [ 759.743415][T13860] Possible unsafe locking scenario: [ 759.743415][T13860] [ 759.750857][T13860] CPU0 CPU1 [ 759.756212][T13860] ---- ---- [ 759.761569][T13860] lock(rfkill_global_mutex); [ 759.766327][T13860] lock(&data->open_mutex); [ 759.773423][T13860] lock(rfkill_global_mutex); [ 759.780689][T13860] lock((work_completion)(&hdev->bg_scan_update)); [ 759.787261][T13860] [ 759.787261][T13860] *** DEADLOCK *** [ 759.787261][T13860] [ 759.795392][T13860] 1 lock held by syz.0.2711/13860: [ 759.800588][T13860] #0: ffffffff8d4c0f28 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 759.810667][T13860] [ 759.810667][T13860] stack backtrace: [ 759.816538][T13860] CPU: 1 PID: 13860 Comm: syz.0.2711 Not tainted syzkaller #0 [ 759.823982][T13860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 759.834025][T13860] Call Trace: [ 759.837299][T13860] [ 759.840226][T13860] dump_stack_lvl+0x168/0x230 [ 759.844919][T13860] ? load_image+0x3b0/0x3b0 [ 759.849413][T13860] ? show_regs_print_info+0x20/0x20 [ 759.854602][T13860] ? print_circular_bug+0x12b/0x1a0 [ 759.859792][T13860] check_noncircular+0x274/0x310 [ 759.864717][T13860] ? add_chain_block+0x940/0x940 [ 759.869653][T13860] ? lockdep_lock+0xdc/0x1e0 [ 759.874235][T13860] ? __lock_acquire+0x12d9/0x7c60 [ 759.879248][T13860] ? lockdep_lock+0x1e0/0x1e0 [ 759.883913][T13860] ? mark_lock+0x94/0x320 [ 759.888234][T13860] __lock_acquire+0x2c33/0x7c60 [ 759.893087][T13860] ? verify_lock_unused+0x140/0x140 [ 759.898310][T13860] ? verify_lock_unused+0x140/0x140 [ 759.903506][T13860] lock_acquire+0x197/0x3f0 [ 759.908007][T13860] ? __flush_work+0xc1/0x1b0 [ 759.912625][T13860] ? __lock_acquire+0x7c60/0x7c60 [ 759.917685][T13860] ? read_lock_is_recursive+0x10/0x10 [ 759.923088][T13860] ? start_flush_work+0x776/0x820 [ 759.928147][T13860] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 759.934062][T13860] ? _raw_spin_unlock+0x40/0x40 [ 759.938937][T13860] __flush_work+0xdd/0x1b0 [ 759.943391][T13860] ? __flush_work+0xc1/0x1b0 [ 759.948000][T13860] ? flush_work+0x20/0x20 [ 759.952352][T13860] ? try_to_grab_pending+0xf3/0x7e0 [ 759.957566][T13860] ? lockdep_hardirqs_off+0x70/0x100 [ 759.962872][T13860] ? mark_lock+0x94/0x320 [ 759.967228][T13860] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 759.973246][T13860] ? lock_chain_count+0x20/0x20 [ 759.978182][T13860] ? mark_lock+0x94/0x320 [ 759.982527][T13860] ? __cancel_work_timer+0x331/0x520 [ 759.987815][T13860] __cancel_work_timer+0x3ac/0x520 [ 759.992078][ T1108] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 759.992931][T13860] ? cancel_work_sync+0x20/0x20 [ 760.005229][T13860] ? __cancel_work+0x1f4/0x2d0 [ 760.010010][T13860] ? lockdep_hardirqs_on+0x94/0x140 [ 760.015205][T13860] ? __cancel_work+0x26f/0x2d0 [ 760.019961][T13860] ? cancel_work+0x20/0x20 [ 760.024380][T13860] ? lock_chain_count+0x20/0x20 [ 760.029227][T13860] hci_request_cancel_all+0xcc/0x300 [ 760.034522][T13860] hci_dev_do_close+0x4e/0x1030 [ 760.039385][T13860] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 760.045280][T13860] ? _raw_spin_unlock+0x40/0x40 [ 760.050138][T13860] hci_rfkill_set_block+0x10a/0x190 [ 760.055344][T13860] ? rcu_lock_release+0x20/0x20 [ 760.060200][T13860] rfkill_set_block+0x1c6/0x420 [ 760.065052][T13860] rfkill_fop_write+0x458/0x560 [ 760.070080][T13860] ? rfkill_fop_read+0x4b0/0x4b0 [ 760.075027][T13860] ? common_file_perm+0x130/0x1c0 [ 760.080051][T13860] ? fsnotify_perm+0x5d/0x560 [ 760.084727][T13860] ? security_file_permission+0x75/0xa0 [ 760.090273][T13860] ? rfkill_fop_read+0x4b0/0x4b0 [ 760.095210][T13860] vfs_write+0x300/0xd00 [ 760.099455][T13860] ? file_end_write+0x250/0x250 [ 760.104305][T13860] ? __fget_files+0x40f/0x480 [ 760.108980][T13860] ? __fdget_pos+0x1e2/0x370 [ 760.113562][T13860] ? ksys_write+0x71/0x250 [ 760.117972][T13860] ksys_write+0x14d/0x250 [ 760.122298][T13860] ? __ia32_sys_read+0x80/0x80 [ 760.127058][T13860] ? lockdep_hardirqs_on+0x94/0x140 [ 760.132261][T13860] do_syscall_64+0x4c/0xa0 [ 760.136674][T13860] ? clear_bhb_loop+0x30/0x80 [ 760.141348][T13860] ? clear_bhb_loop+0x30/0x80 [ 760.146117][T13860] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 760.152005][T13860] RIP: 0033:0x7f7f3edef749 [ 760.156423][T13860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 760.176032][T13860] RSP: 002b:00007f7f3d056038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 760.184457][T13860] RAX: ffffffffffffffda RBX: 00007f7f3f045fa0 RCX: 00007f7f3edef749 [ 760.192431][T13860] RDX: 0000000000000008 RSI: 0000200000000300 RDI: 0000000000000007 [ 760.200404][T13860] RBP: 00007f7f3ee73f91 R08: 0000000000000000 R09: 0000000000000000 [ 760.208379][T13860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 760.216347][T13860] R13: 00007f7f3f046038 R14: 00007f7f3f045fa0 R15: 00007ffd8ea6b098 [ 760.224325][T13860] [ 760.243083][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 760.264185][ T5360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 760.276523][T13538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 760.303582][T13538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.379256][T13538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 760.389880][T13538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.399765][T13538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 760.410256][T13538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.420105][T13538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 760.430893][T13538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.441117][T13538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 760.451689][T13538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.474886][T13538] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 760.498131][ T7383] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 760.508786][ T7383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 760.527691][T13538] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.536634][T13538] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.546934][T13538] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.556189][T13538] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.615114][T13538] ieee80211 phy19: Selected rate control algorithm 'minstrel_ht' [ 760.638591][ T5360] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 760.640414][T13538] ieee80211 phy20: Selected rate control algorithm 'minstrel_ht' [ 760.649890][ T5360] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 760.654533][ T1108] usb 8-1: config 220 has an invalid interface number: 76 but max is 2 [ 760.654557][ T1108] usb 8-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 760.654575][ T1108] usb 8-1: config 220 has no interface number 2 [ 760.654610][ T1108] usb 8-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 760.678642][ T7383] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 760.682836][ T1108] usb 8-1: config 220 interface 0 has no altsetting 0 [ 760.706900][ T7383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 760.707957][ T1108] usb 8-1: config 220 interface 76 has no altsetting 0 [ 760.715470][ T7383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 760.722405][ T1108] usb 8-1: config 220 interface 1 has no altsetting 0 [ 760.732616][ T5260] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 760.890267][ T5375] device hsr_slave_0 left promiscuous mode [ 760.896539][ T5375] device hsr_slave_1 left promiscuous mode [ 760.903013][ T5375] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 760.910452][ T5375] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 760.911107][ T1108] usb 8-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 760.926742][ T1108] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 760.927249][ T5375] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 760.934964][ T1108] usb 8-1: Product: syz [ 760.934981][ T1108] usb 8-1: Manufacturer: syz [ 760.934995][ T1108] usb 8-1: SerialNumber: syz [ 760.957011][ T5375] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 760.964770][ T5375] device bridge_slave_1 left promiscuous mode [ 760.970986][ T5375] bridge0: port 2(bridge_slave_1) entered disabled state [ 760.979033][ T5375] device bridge_slave_0 left promiscuous mode [ 760.985717][ T5375] bridge0: port 1(bridge_slave_0) entered disabled state [ 760.995090][ T5375] device veth1_macvtap left promiscuous mode [ 761.001229][ T5375] device veth0_macvtap left promiscuous mode [ 761.007239][ T5375] device veth1_vlan left promiscuous mode [ 761.013086][ T5375] device veth0_vlan left promiscuous mode [ 761.146445][ T5375] team0 (unregistering): Port device team_slave_1 removed [ 761.158650][ T5375] team0 (unregistering): Port device team_slave_0 removed [ 761.170299][ T5375] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 761.187873][ T5375] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 761.250462][ T5375] bond0 (unregistering): Released all slaves [ 761.321157][ T1108] usb 8-1: selecting invalid altsetting 0 [ 761.327038][ T1108] usb 8-1: Found UVC 7.01 device syz (8086:0b07) [ 761.333452][ T1108] usb 8-1: No valid video chain found. [ 761.383913][ T1108] usb 8-1: selecting invalid altsetting 0 [ 761.389785][ T1108] usbtest: probe of 8-1:220.1 failed with error -22 [ 761.399472][ T1108] usb 8-1: USB disconnect, device number 3