last executing test programs: 2m28.953938249s ago: executing program 1 (id=329): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x88b02, 0x0) r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x189000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x100}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c000000010902120001000000000904"], 0x0) r3 = syz_open_dev$I2C(&(0x7f00000000c0), 0x1, 0xd83d82) ioctl$I2C_RDWR(r3, 0x707, &(0x7f0000000a40)={0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$apparmor_exec(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="65786563203aa009f5"], 0x9d) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r6) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x49}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) execveat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0) ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000740)={0x2, 0x0, [{0xa, 0x2, 0x5, 0x7f, 0x6}, {0x80000008, 0x8001, 0x2, 0x0, 0x6}]}) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r0, 0x7, 0x49, 0xfff, 0x3}) syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340), &(0x7f0000000040)) ioctl$SOUND_MIXER_READ_STEREODEVS(r0, 0x80044dfb, &(0x7f0000000100)) 2m25.09564521s ago: executing program 1 (id=341): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r0, 0x4611, 0x3) ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0) 2m24.871369543s ago: executing program 1 (id=344): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) syz_io_uring_setup(0xf8, &(0x7f0000000b40)={0x0, 0x5c59, 0x2, 0x3, 0x2a1}, &(0x7f0000000040), &(0x7f0000000080)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}, 0x1000000}], 0x400000000000181, 0x9200000000000000) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)}}], 0x1, 0x9200000000000000) recvmmsg$unix(r2, &(0x7f00000043c0)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000640)=""/187, 0xbb}], 0x1}}], 0x1, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000603000/0x3000)=nil, 0x3000, 0x100000d, 0x5aeb, 0x1c0000) 2m20.96018696s ago: executing program 1 (id=357): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_open_procfs(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000200)='.\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x2125099, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000740)='./file0\x00', 0x8000, 0x0, 0x1, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000009c0), 0x8, &(0x7f0000000240)) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) pipe2(0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x800000, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000040)='.\x00', 0x2) 2m20.602572335s ago: executing program 1 (id=362): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080), 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) r2 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r2, 0xc02c564a, &(0x7f0000000980)={0x2, 0x54485746, 0x1, @stepwise={0x3cff, 0x9, 0x80000001, 0xfff, 0x5e50, 0x7fffffff}}) getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, 0x0) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r3, 0x4611, 0x3) ioctl$FBIO_WAITFORVSYNC(r3, 0x40044620, 0x0) r4 = inotify_init1(0x0) inotify_add_watch(r4, 0x0, 0x66000520) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f00000000c0)={0xc, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) 2m19.868709668s ago: executing program 1 (id=363): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m19.491861545s ago: executing program 32 (id=363): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15.616156058s ago: executing program 0 (id=849): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}, 0x10) 15.357793184s ago: executing program 0 (id=851): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}, [@TCA_NETEM_ECN={0x8, 0x7, 0xfffffff8}, @TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x9, 0x3, 0xffffff2e}}]}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r3, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756a85d86dd", 0x12, 0x40, &(0x7f00000001c0)={0x11, 0x88a8, 0x0, 0x1, 0xd8, 0x6, @multicast}, 0x14) 13.921201596s ago: executing program 0 (id=854): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080), 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) r2 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r2, 0xc02c564a, &(0x7f0000000980)={0x2, 0x54485746, 0x1, @stepwise={0x3cff, 0x9, 0x80000001, 0xfff, 0x5e50, 0x7fffffff}}) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r3, 0x4611, 0x3) ioctl$FBIO_WAITFORVSYNC(r3, 0x40044620, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x66000520) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) 10.405949843s ago: executing program 2 (id=862): r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) ioctl$USBDEVFS_IOCTL(r0, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect={0x2}) 10.255512708s ago: executing program 2 (id=864): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x20, 0x4, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6, 0x0, 0x0, 0x3}]}, 0x10) sendmmsg(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000400)="7602e41445", 0x5}], 0x1}}], 0x1, 0x40008c0) 9.917964131s ago: executing program 2 (id=865): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) msgctl$MSG_STAT(0x0, 0xb, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x4, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) close(r3) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) 8.889395123s ago: executing program 0 (id=867): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r2) recvmmsg(r2, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000001c00)=""/4092, 0xffc}], 0x2}, 0x12}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f00000001c0)=""/37, 0x25}, {&(0x7f0000000440)=""/84, 0x54}, {0x0}, {&(0x7f0000000640)=""/60, 0x3c}], 0x5}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x27}], 0x5, 0x10122, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) 8.372278843s ago: executing program 4 (id=870): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x28}, 0x9ded, 0x0, 0x2, 0x1, 0x3, 0x2}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffb000/0x4000)=nil) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') read$FUSE(r4, &(0x7f0000004380)={0x2020}, 0x2020) ioctl$PPPIOCATTCHAN(r4, 0x40047438, 0x0) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) faccessat(0xffffffffffffffff, 0x0, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x800) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0xf375, 0x5, 0x7, 0xc1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r6}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000002400)={r6, &(0x7f0000002240), &(0x7f0000002340)=""/166}, 0x20) 7.180674511s ago: executing program 4 (id=871): bpf$MAP_CREATE(0x0, 0x0, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) prctl$PR_SET_MM(0x23, 0x8, &(0x7f00006e9000/0x3000)=nil) ptrace(0x10, 0x1) 6.350752803s ago: executing program 0 (id=872): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000001e40)='./file1\x00', 0x1000c01, &(0x7f0000000000)=ANY=[], 0x2, 0x21a, &(0x7f00000006c0)="$eJzsmb9rFEEUx78zu7d3F0Ww0MLmmoARzN7unkoakdgHhETU8jBriE5ycjkkCQgGGxv/AP8Ri1QWdnYWVhYqCBamFBTBkfl1O5fcyt1GbHwfyOQ7k3lv3puZvIVdEATx3/Lp47cPz68vrFwEcBKzqNvxL4GbEYJ789+/CGpWvt489Xj/sD8GQMqiH5as66ZEAF4tBsAT41ZK3xqYtT5XwLVW3ATHBatvgSF2scrCOgfDHTt839O9Jn5oIXJ2tydW762LPFFNqppMNZ0iOhP/wR7DKoCGXYJ58W3t7D7oCqBvhMidqFkfxUhlUbKFRXyLHFe9LVDndfvZ0z3Vj+144u1fCo7U6g4Ylq1eQB1xHLdsN0+9/M+Fhf/AHJuX/6SZNI63EdOK0/PH9XNtugTdf8/on35JkX+Xfz3BqNIRlAt1rauaqzimt+Kto1ZRBT9TCnZ4RGU+HDl7sP/mqNXnkZF3S2VLMPzTGz6R0IVr3OG+nRFiaazVGSuaw0IzzrO7gaVXwtQPFgLnvfoUek+F9mDjYXtrZ3d+faO7lq/lm1nWuZJcSpLLWVvXZtP+of41dH2a8fzXSuZGLMJ2dzDop9vAoJ8O+5lpvYq7/LL3VdtwXf845n5K6R4vOu36+DWY/eH69wkAc0Fp8ARBEARBEARBEARBEARBEBNiXkm2wGDfVeqPcTX3YWyEMLuBR03gdwAAAP//fcxapQ==") openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158cf474fec87891f6d76745b686158"], 0x66) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x40) r1 = dup(r0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x20000004) syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000091c2f20c81403006c050102030109021b02010000000009040000018ea44300090585"], 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x9, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 5.826447625s ago: executing program 2 (id=873): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r1}, 0x20) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r1, r3, 0x25, 0x0, @val=@perf_event}, 0x18) syz_emit_ethernet(0x3e, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000001000)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x8, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 5.617933865s ago: executing program 2 (id=874): connect$unix(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) socket$inet_sctp(0x2, 0x1, 0x84) r2 = syz_usb_connect(0x0, 0x24, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x3) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) 5.128256204s ago: executing program 3 (id=876): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fstat(0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) mount$9p_virtio(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', &(0x7f0000000280), 0x200000, &(0x7f00000003c0)={'trans=virtio,', {[{@access_user}, {@noxattr}, {@uname={'uname', 0x3d, '}-'}}, {@cache_fscache}, {@mmap}, {@access_client}], [{@seclabel}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@fowner_gt}, {@subj_type={'subj_type', 0x3d, 'cgroup.procs\x00'}}, {@obj_user={'obj_user', 0x3d, './cgroup.cpu/syz1\x00'}}]}}) r3 = openat(0xffffffffffffff9c, 0x0, 0x2c41, 0x0) r4 = socket(0x10, 0x803, 0x0) write(r4, &(0x7f0000000100)="1c0000005e001f3814584707f9f4ffffff0000000d000000f3f80000", 0x1c) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r3, 0x28, 0x2, 0x0, 0x0) setregid(0xee00, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'sit0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xd}, {0xfff1, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xfffffffb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xfffffffa}, @TCA_RATE={0x6, 0x5, {0x6, 0x7}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4024}, 0x0) 4.804851816s ago: executing program 4 (id=877): openat$full(0xffffffffffffff9c, 0x0, 0x101a40, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) fanotify_init(0xf00, 0x40000) 4.005579505s ago: executing program 3 (id=878): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a20000000000a0500000000000000000001000000f5ff7caf73797a30000000004c000000090a010400000000000000000100000008000a400000000308000440000000020900010073"], 0x94}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xe}, {0x5, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4, 0xc0000000, 0xfffffffe, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xe}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd3ee}, @TCA_FQ_PIE_TARGET={0x8, 0x3, 0x4}]}}]}, 0x44}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c61"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.967337259s ago: executing program 4 (id=879): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x28}, 0x9ded, 0x0, 0x2, 0x1, 0x3, 0x2}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffb000/0x4000)=nil) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') read$FUSE(r4, &(0x7f0000004380)={0x2020}, 0x2020) ioctl$PPPIOCATTCHAN(r4, 0x40047438, 0x0) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) r5 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x800) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0xf375, 0x5, 0x7, 0xc1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r6}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000002400)={r6, &(0x7f0000002240), &(0x7f0000002340)=""/166}, 0x20) 3.934851592s ago: executing program 0 (id=880): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x1, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x0, 0xb69, 0xc1, 0x0, 0x1, 0x8, 0x4, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x401, 0x6, 0x9, 0x81, 0x7, 0x8, 0x100000, 0x762, 0x3, 0x429f, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x40, 0xbed4, 0x8, 0x8000100, 0x1, 0x7, 0x11000, 0x8, 0x5, 0x0, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x102, 0xd9, 0x7, 0x7, 0xaa, 0x81, 0x2, 0xd6f, 0x4007, 0x8c, 0x5, 0x5, 0xf7, 0x5, 0x1, 0x6, 0x7, 0x4, 0x7, 0x4009, 0x800010, 0x204, 0x0, 0x8, 0x8000, 0x400000, 0x3, 0x0, 0x10001, 0x4e7b3717, 0xffffffff, 0x6, 0x1, 0x9, 0x80000000, 0xfdffffff, 0x2, 0xfffffffe, 0x84, 0x100, 0x5, 0x5b, 0x81, 0x33b, 0x8, 0x20006, 0x5, 0x2, 0x6, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x8, 0x2, 0x5, 0x8, 0x0, 0x7, 0x2, 0x40, 0x8, 0x4, 0x3, 0x401, 0x266cd, 0x8, 0x8, 0x1, 0xfffffffe, 0xc5c, 0xffffffff]}}) r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f00090581"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f"], 0x0, 0x0, 0x0, 0x0}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 2.775856257s ago: executing program 4 (id=881): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) msgctl$MSG_STAT(0x0, 0xb, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x4, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) close(r3) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) 2.757710468s ago: executing program 3 (id=882): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) r1 = dup(r0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0) ftruncate(r2, 0x200004) sendfile(r1, r2, 0x0, 0x80001d00c0d1) 2.601811294s ago: executing program 3 (id=883): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000004c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@nodioread_nolock}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}, 0x0, 0x599, &(0x7f0000001280)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=") syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)={0x14, 0x1, 0x2, 0x301, 0x0, 0x0, {0x2, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x40) 1.302740182s ago: executing program 3 (id=884): r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000001100)={0x11, 0x3, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) r3 = dup2(r0, r0) sendmmsg$unix(r3, 0x0, 0x0, 0x4008890) 964.805785ms ago: executing program 3 (id=885): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r3) recvmmsg(r3, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000001c00)=""/4092, 0xffc}, {&(0x7f0000002c40)=""/196, 0xc4}], 0x3}, 0x12}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f00000001c0)=""/37, 0x25}, {&(0x7f0000000440)=""/84, 0x54}, {0x0}, {&(0x7f0000000640)=""/60, 0x3c}], 0x5}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x27}], 0x5, 0x10122, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000003380)) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=ANY=[@ANYBLOB="38010000100001000000000000000000ac1e0101000000000000000000000000fe000020000000000000005c00"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000000000000000bb000000146c00000000000014000000000000000000000000001800000000000000000000080000000000000000000000fffffffff7ffffff0000000000000000000000000000000000000000000000100000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000080000000000200010628000000480003006465666c61746500"/236], 0x138}, 0x1, 0x0, 0x0, 0x4004050}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="34000000680001000000000000000000020000000000000006000700070000000c000880050005000000000008000500", @ANYRES32], 0x34}}, 0x0) socket(0x15, 0x80005, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) 247.334616ms ago: executing program 2 (id=886): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000001, 0x8013, r0, 0xf6690000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x6, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}, 0x6}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c) listen(r2, 0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000100)="5514377d925cfac68fa5e905ccd2593d6d0f37d8422f54e9fbc8881033b7e59b0ce2a896d5c195741b964850ca7444d0926630715341d8ef0611e595745d05bb0484b65adfe33ed3639e7722ef74b92df54d886779faf3deee20a0724362221a9fc4a7f86a07042dd5875131ff0d57107a01db1964be5dd15d8d3be6fd3209f87210f2e9de528884797a1c43157c6f56349e263c79cb13df66409f7cd33b9ebb000fd19d5521eab9eb89ad56a45108b1d3179077413d0e16044c0fe0", 0xbc}, {0x0}], 0x2) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000380)=0x40) 0s ago: executing program 4 (id=887): openat$full(0xffffffffffffff9c, 0x0, 0x101a40, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) fanotify_init(0xf00, 0x40000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.190' (ED25519) to the list of known hosts. [ 81.223093][ T5776] cgroup: Unknown subsys name 'net' [ 81.359870][ T5776] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.209170][ T5776] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.891223][ T5793] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.901786][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.903987][ T5799] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.909529][ T5793] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.918967][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.925619][ T5793] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.931455][ T5801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.939410][ T5793] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.945845][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.952193][ T5793] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 84.960605][ T5801] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.973353][ T5801] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.975292][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.981286][ T5801] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.990044][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.999670][ T5801] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.002621][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.017395][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.025761][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.035376][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.042696][ T5103] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.052002][ T5103] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.063811][ T5795] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.071664][ T5795] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.632708][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 85.758754][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 85.780207][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 85.844764][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 85.925070][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.932838][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.940241][ T5788] bridge_slave_0: entered allmulticast mode [ 85.948476][ T5788] bridge_slave_0: entered promiscuous mode [ 85.997385][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.005042][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.012503][ T5788] bridge_slave_1: entered allmulticast mode [ 86.019545][ T5788] bridge_slave_1: entered promiscuous mode [ 86.099880][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.107432][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.114847][ T5789] bridge_slave_0: entered allmulticast mode [ 86.121998][ T5789] bridge_slave_0: entered promiscuous mode [ 86.129349][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.141095][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.148372][ T5792] bridge_slave_0: entered allmulticast mode [ 86.155997][ T5792] bridge_slave_0: entered promiscuous mode [ 86.170857][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.197954][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.205688][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.212972][ T5789] bridge_slave_1: entered allmulticast mode [ 86.220076][ T5789] bridge_slave_1: entered promiscuous mode [ 86.227112][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.234339][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.241756][ T5792] bridge_slave_1: entered allmulticast mode [ 86.248769][ T5792] bridge_slave_1: entered promiscuous mode [ 86.257639][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.350609][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.358018][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.365743][ T5787] bridge_slave_0: entered allmulticast mode [ 86.373467][ T5787] bridge_slave_0: entered promiscuous mode [ 86.384750][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.397434][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.422192][ T5788] team0: Port device team_slave_0 added [ 86.428643][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.436145][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.443459][ T5787] bridge_slave_1: entered allmulticast mode [ 86.450435][ T5787] bridge_slave_1: entered promiscuous mode [ 86.472065][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.483860][ T5788] team0: Port device team_slave_1 added [ 86.492637][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.568766][ T5789] team0: Port device team_slave_0 added [ 86.610600][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.622546][ T5789] team0: Port device team_slave_1 added [ 86.630436][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.643902][ T5792] team0: Port device team_slave_0 added [ 86.663957][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.671306][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.697319][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.736870][ T5792] team0: Port device team_slave_1 added [ 86.758589][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.766090][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.792196][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.812178][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.819193][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.845314][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.858636][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.865737][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.891858][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.917180][ T5787] team0: Port device team_slave_0 added [ 86.927781][ T5787] team0: Port device team_slave_1 added [ 86.968446][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.976067][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.002577][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.028685][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.035748][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.062181][ T50] Bluetooth: hci2: command tx timeout [ 87.065830][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.095415][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.102567][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.128793][ T50] Bluetooth: hci1: command tx timeout [ 87.128816][ T5795] Bluetooth: hci0: command tx timeout [ 87.129122][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.135041][ T50] Bluetooth: hci3: command tx timeout [ 87.159461][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.166564][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.193101][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.234538][ T5788] hsr_slave_0: entered promiscuous mode [ 87.241518][ T5788] hsr_slave_1: entered promiscuous mode [ 87.266037][ T5789] hsr_slave_0: entered promiscuous mode [ 87.272780][ T5789] hsr_slave_1: entered promiscuous mode [ 87.279639][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.288306][ T5789] Cannot create hsr debugfs directory [ 87.326935][ T5787] hsr_slave_0: entered promiscuous mode [ 87.334898][ T5787] hsr_slave_1: entered promiscuous mode [ 87.341112][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.348705][ T5787] Cannot create hsr debugfs directory [ 87.471174][ T5792] hsr_slave_0: entered promiscuous mode [ 87.478076][ T5792] hsr_slave_1: entered promiscuous mode [ 87.485440][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.493470][ T5792] Cannot create hsr debugfs directory [ 87.881489][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.895956][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.908091][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.919323][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.993983][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.032039][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.042600][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.053873][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.137091][ T5792] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.148753][ T5792] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.160410][ T5792] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.176278][ T5792] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.268900][ T5788] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.279266][ T5788] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.289340][ T5788] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.316975][ T5788] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.364087][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.453537][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.497755][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.505330][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.526344][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.540342][ T2987] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.547557][ T2987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.562502][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.586004][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.626824][ T2987] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.634091][ T2987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.659735][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.674533][ T2987] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.681755][ T2987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.720391][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.733864][ T2987] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.741086][ T2987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.777400][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.784641][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.827098][ T5789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.876713][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.921039][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.928245][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.979839][ T1126] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.987046][ T1126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.123044][ T50] Bluetooth: hci2: command tx timeout [ 89.202007][ T50] Bluetooth: hci3: command tx timeout [ 89.204456][ T5795] Bluetooth: hci1: command tx timeout [ 89.207447][ T5103] Bluetooth: hci0: command tx timeout [ 89.366805][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.489765][ T5787] veth0_vlan: entered promiscuous mode [ 89.506528][ T5787] veth1_vlan: entered promiscuous mode [ 89.534670][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.576960][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.613624][ T5787] veth0_macvtap: entered promiscuous mode [ 89.636669][ T5787] veth1_macvtap: entered promiscuous mode [ 89.683202][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.728505][ T5792] veth0_vlan: entered promiscuous mode [ 89.740533][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.770543][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.786325][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.795679][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.804582][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.813659][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.825111][ T5792] veth1_vlan: entered promiscuous mode [ 89.839071][ T5789] veth0_vlan: entered promiscuous mode [ 89.880570][ T5789] veth1_vlan: entered promiscuous mode [ 89.923502][ T5792] veth0_macvtap: entered promiscuous mode [ 89.956406][ T5792] veth1_macvtap: entered promiscuous mode [ 89.998774][ T5789] veth0_macvtap: entered promiscuous mode [ 90.028770][ T5788] veth0_vlan: entered promiscuous mode [ 90.058175][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.070213][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.084197][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.095406][ T5789] veth1_macvtap: entered promiscuous mode [ 90.109375][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.119259][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.136562][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.148225][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.163345][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.192919][ T5792] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.204170][ T5792] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.213473][ T5792] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.222402][ T5792] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.251857][ T5788] veth1_vlan: entered promiscuous mode [ 90.278836][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.287378][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.319967][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.332573][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.344305][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.355539][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.368210][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.399771][ T5788] veth0_macvtap: entered promiscuous mode [ 90.429103][ T5788] veth1_macvtap: entered promiscuous mode [ 90.442724][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.459171][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.470712][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.484276][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.497273][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.554478][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.581157][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.590027][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.613410][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.652782][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.667283][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.676584][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.679381][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.696848][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.707605][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.717593][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.728562][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.740031][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.758520][ T5883] warning: `syz.1.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 90.816155][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.836221][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.861129][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.876487][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.891164][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.907056][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.924049][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.016069][ T5788] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.059382][ T5788] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.069203][ T5788] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.078010][ T5788] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.109942][ T2946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.119156][ T2946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.203604][ T5103] Bluetooth: hci2: command tx timeout [ 91.216464][ T5891] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 91.235536][ T2987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.255647][ T2987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.281524][ T50] Bluetooth: hci0: command tx timeout [ 91.287007][ T50] Bluetooth: hci3: command tx timeout [ 91.292499][ T5103] Bluetooth: hci1: command tx timeout [ 91.360110][ T2946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.370237][ T2946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.526417][ T2946] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.544382][ T2946] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.592311][ T5864] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 91.703934][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.739396][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.758919][ T28] audit: type=1326 audit(1760776887.433:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6c1b8efc9 code=0x7ffc0000 [ 91.822172][ T5864] usb 2-1: Using ep0 maxpacket: 8 [ 91.917341][ T5864] usb 2-1: unable to get BOS descriptor or descriptor too short [ 91.919532][ T28] audit: type=1326 audit(1760776887.463:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fa6c1b8efc9 code=0x7ffc0000 [ 91.990867][ T5864] usb 2-1: too many configurations: 48, using maximum allowed: 8 [ 91.995710][ T28] audit: type=1326 audit(1760776887.463:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6c1b8efc9 code=0x7ffc0000 [ 92.065729][ T28] audit: type=1326 audit(1760776887.463:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa6c1b8efc9 code=0x7ffc0000 [ 92.101478][ T5864] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 92.130617][ T28] audit: type=1326 audit(1760776887.463:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6c1b8efc9 code=0x7ffc0000 [ 92.187374][ T5864] usb 2-1: can't read configurations, error -71 [ 92.287136][ T8] cfg80211: failed to load regulatory.db [ 92.293627][ T28] audit: type=1326 audit(1760776887.473:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fa6c1b8efc9 code=0x7ffc0000 [ 92.351308][ T28] audit: type=1326 audit(1760776887.503:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6c1b8efc9 code=0x7ffc0000 [ 92.388059][ T28] audit: type=1326 audit(1760776887.503:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa6c1b8efc9 code=0x7ffc0000 [ 92.420649][ T28] audit: type=1326 audit(1760776887.503:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6c1b8efc9 code=0x7ffc0000 [ 92.471752][ T28] audit: type=1326 audit(1760776887.523:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5896 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa6c1b8efc9 code=0x7ffc0000 [ 92.562388][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.571133][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 93.140339][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.293782][ T50] Bluetooth: hci2: command tx timeout [ 93.361683][ T50] Bluetooth: hci0: command tx timeout [ 93.371931][ T50] Bluetooth: hci3: command tx timeout [ 93.377414][ T50] Bluetooth: hci1: command tx timeout [ 93.651287][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.241841][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 94.252425][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.265375][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.274370][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 94.283073][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.291771][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.360347][ T5976] fuse: Unknown parameter 'use00000000000000000000' [ 94.713467][ T5970] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3'. [ 94.935995][ T5994] PKCS7: Unknown OID: [5] (bad) [ 94.956790][ T5994] PKCS7: Only support pkcs7_signedData type [ 98.305143][ T6026] binder: BINDER_SET_CONTEXT_MGR already set [ 98.305660][ T6026] binder: 6024:6026 ioctl 4018620d 200000000040 returned -16 [ 99.165718][ T6043] netlink: 8 bytes leftover after parsing attributes in process `syz.2.35'. [ 99.207136][ T6043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.35'. [ 99.335731][ T6043] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 99.345063][ T6043] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 99.353896][ T6043] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 99.362825][ T6043] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 99.453380][ T6043] netlink: 8 bytes leftover after parsing attributes in process `syz.2.35'. [ 99.536394][ T6043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.35'. [ 99.589955][ T6043] Zero length message leads to an empty skb [ 99.702572][ T6045] netlink: 64 bytes leftover after parsing attributes in process `syz.1.33'. [ 100.415056][ T6063] netlink: 20 bytes leftover after parsing attributes in process `syz.3.38'. [ 102.752304][ T6116] sch_tbf: burst 21990 is lower than device lo mtu (65550) ! [ 103.748160][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 103.748177][ T28] audit: type=1326 audit(1760776899.403:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.0.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34abb8efc9 code=0x7ffc0000 [ 103.818238][ T28] audit: type=1326 audit(1760776899.403:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.0.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34abb8efc9 code=0x7ffc0000 [ 103.833550][ T6125] fuse: Unknown parameter 'user_i00000000000000000000' [ 103.863030][ T28] audit: type=1326 audit(1760776899.423:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.0.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f34abb8efc9 code=0x7ffc0000 [ 103.886836][ T28] audit: type=1326 audit(1760776899.423:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.0.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34abb8efc9 code=0x7ffc0000 [ 103.917989][ T28] audit: type=1326 audit(1760776899.423:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.0.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34abb8efc9 code=0x7ffc0000 [ 103.944310][ T28] audit: type=1326 audit(1760776899.463:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.0.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f34abb8efc9 code=0x7ffc0000 [ 104.110891][ T28] audit: type=1326 audit(1760776899.463:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.0.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34abb8efc9 code=0x7ffc0000 [ 104.150892][ T28] audit: type=1326 audit(1760776899.463:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.0.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f34abb8efc9 code=0x7ffc0000 [ 104.173772][ T28] audit: type=1326 audit(1760776899.463:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.0.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34abb8efc9 code=0x7ffc0000 [ 104.234478][ T28] audit: type=1326 audit(1760776899.463:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.0.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f34abb8efc9 code=0x7ffc0000 [ 104.691042][ T9] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 105.029891][ T9] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 105.094500][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.187918][ T9] usb 2-1: config 0 descriptor?? [ 105.204479][ T6147] syz.3.70[6147]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 105.276865][ T6147] loop3: detected capacity change from 0 to 2048 [ 105.585817][ T6148] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 106.445097][ T6138] process 'syz.1.65' launched './file1' with NULL argv: empty string added [ 108.614364][ T27] usb 2-1: USB disconnect, device number 4 [ 108.998332][ T6181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.78'. [ 109.077493][ T6172] usb usb8: usbfs: process 6172 (syz.2.75) did not claim interface 0 before use [ 109.712436][ T6195] mmap: syz.1.81 (6195) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 109.878120][ T6197] bridge_slave_0: left allmulticast mode [ 109.889375][ T6197] bridge_slave_0: left promiscuous mode [ 109.914954][ T6197] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.959592][ T6197] bridge_slave_1: left allmulticast mode [ 109.968920][ T6197] bridge_slave_1: left promiscuous mode [ 109.976389][ T6197] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.013109][ T6197] bond0: (slave bond_slave_0): Releasing backup interface [ 110.056334][ T6197] bond0: (slave bond_slave_1): Releasing backup interface [ 110.110481][ T6197] team0: Port device team_slave_0 removed [ 110.153954][ T6197] team0: Port device team_slave_1 removed [ 110.167469][ T6197] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.177894][ T6197] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.217771][ T6197] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.231733][ T6197] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.537810][ T6198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.83'. [ 110.985708][ T6200] fuse: Unknown parameter '0x0000000000000003' [ 112.235391][ T6218] netlink: 4 bytes leftover after parsing attributes in process `syz.3.91'. [ 113.327588][ T6230] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 115.822544][ T6251] af_packet: tpacket_rcv: packet too big, clamped from 100 to 4294967272. macoff=96 [ 115.920990][ T6251] netlink: 4 bytes leftover after parsing attributes in process `syz.2.102'. [ 116.675606][ T6260] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 116.838647][ T6264] binder: BINDER_SET_CONTEXT_MGR already set [ 116.846126][ T6264] binder: 6263:6264 ioctl 4018620d 200000000040 returned -16 [ 117.255416][ T6274] capability: warning: `syz.2.109' uses 32-bit capabilities (legacy support in use) [ 119.679255][ T5893] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 119.762490][ T5893] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 121.338338][ T6320] fuse: Unknown parameter '0x0000000000000003' [ 124.110185][ T6240] Set syz1 is full, maxelem 65536 reached [ 128.323037][ T6399] binder: 6398:6399 ioctl c0306201 0 returned -14 [ 128.370719][ T6372] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.378499][ T6372] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.432479][ T6372] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.526856][ T6372] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 131.448987][ T6433] binder: 6432:6433 ioctl c0306201 0 returned -14 [ 131.799953][ T6372] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.809006][ T6372] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.824313][ T6372] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.838107][ T6372] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.185428][ T6372] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 132.194521][ T6372] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 132.203533][ T6372] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 132.213113][ T6372] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 132.832857][ T6452] input: syz0 as /devices/virtual/input/input5 [ 133.139245][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.139553][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.504537][ T6468] fuse: Unknown parameter '0x0000000000000003' [ 133.940200][ T6474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.168'. [ 133.974383][ T6474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.168'. [ 134.022216][ T6474] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.031101][ T6474] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.039849][ T6474] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.048637][ T6474] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.153989][ T6472] syz_tun: entered allmulticast mode [ 134.199079][ T6474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.168'. [ 134.240552][ T6474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.168'. [ 135.197516][ T6491] binder: 6490:6491 ioctl c0306201 0 returned -14 [ 135.465884][ T6498] loop1: detected capacity change from 0 to 512 [ 135.607216][ T6498] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.177: casefold flag without casefold feature [ 135.733289][ T6498] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.177: couldn't read orphan inode 15 (err -117) [ 135.785131][ T6498] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.872176][ T6504] tipc: Started in network mode [ 135.877266][ T6504] tipc: Node identity ac14140f, cluster identity 4711 [ 135.999023][ T6504] tipc: New replicast peer: 255.255.255.255 [ 136.008549][ T6504] tipc: Enabled bearer , priority 10 [ 136.955739][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.122832][ T6423] tipc: Node number set to 2886997007 [ 137.566347][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 137.566364][ T28] audit: type=1326 audit(1760776933.243:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6513 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610a98efc9 code=0x7ffc0000 [ 137.641446][ T28] audit: type=1326 audit(1760776933.283:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6513 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610a98efc9 code=0x7ffc0000 [ 137.743949][ T28] audit: type=1326 audit(1760776933.283:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6513 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f610a98efc9 code=0x7ffc0000 [ 137.776205][ T28] audit: type=1326 audit(1760776933.283:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6513 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610a98efc9 code=0x7ffc0000 [ 137.804079][ T28] audit: type=1326 audit(1760776933.283:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6513 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610a98efc9 code=0x7ffc0000 [ 137.908331][ T28] audit: type=1326 audit(1760776933.283:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6513 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f610a98efc9 code=0x7ffc0000 [ 138.039966][ T28] audit: type=1326 audit(1760776933.283:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6513 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610a98efc9 code=0x7ffc0000 [ 138.106308][ T28] audit: type=1326 audit(1760776933.283:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6513 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f610a98efc9 code=0x7ffc0000 [ 138.144127][ T28] audit: type=1326 audit(1760776933.283:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6513 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610a98efc9 code=0x7ffc0000 [ 138.211103][ T28] audit: type=1326 audit(1760776933.283:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6513 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f610a98efc9 code=0x7ffc0000 [ 138.635681][ T6530] fuse: Unknown parameter 'fd0x0000000000000003' [ 139.403553][ T6537] loop0: detected capacity change from 0 to 512 [ 139.487758][ T6537] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.188: casefold flag without casefold feature [ 139.517259][ T6537] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.188: couldn't read orphan inode 15 (err -117) [ 139.612756][ T6537] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.998000][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.044879][ T6547] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 141.082697][ T6549] binder: BINDER_SET_CONTEXT_MGR already set [ 141.119056][ T6549] binder: 6548:6549 ioctl 4018620d 200000000040 returned -16 [ 141.183351][ T6553] fuse: Unknown parameter 'fd0x0000000000000003' [ 141.901122][ T6380] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 142.086705][ T6579] netlink: 4 bytes leftover after parsing attributes in process `syz.3.202'. [ 142.099070][ T6579] netlink: 4 bytes leftover after parsing attributes in process `syz.3.202'. [ 142.221337][ T6380] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 142.279767][ T6380] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.343144][ T6380] usb 3-1: config 0 descriptor?? [ 142.637194][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 142.637211][ T28] audit: type=1400 audit(1760776938.313:73): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5 pid=6560 comm="syz.2.198" [ 142.980162][ T6593] netlink: 72 bytes leftover after parsing attributes in process `syz.3.203'. [ 144.847924][ T6600] PKCS7: Unknown OID: [5] (bad) [ 144.927076][ T6600] PKCS7: Only support pkcs7_signedData type [ 145.226254][ T6603] fuse: Unknown parameter 'fd0x0000000000000003' [ 145.413472][ T6385] usb 3-1: USB disconnect, device number 2 [ 145.715151][ T6610] overlayfs: failed to resolve './bus': -2 [ 146.170687][ T6621] loop1: detected capacity change from 0 to 512 [ 146.314512][ T6621] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.215: casefold flag without casefold feature [ 146.367622][ T6621] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.215: couldn't read orphan inode 15 (err -117) [ 146.418925][ T6621] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.663382][ T6612] netlink: 'syz.2.210': attribute type 4 has an invalid length. [ 146.748977][ T6627] netlink: 'syz.1.215': attribute type 10 has an invalid length. [ 147.359440][ T6627] team0 (unregistering): Port device team_slave_0 removed [ 147.445831][ T6627] team0 (unregistering): Port device team_slave_1 removed [ 147.549765][ T6612] netlink: 'syz.2.210': attribute type 4 has an invalid length. [ 147.706236][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.341553][ T5778] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 148.593433][ T5778] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 148.632198][ T5778] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.717248][ T5778] usb 2-1: config 0 descriptor?? [ 149.137227][ T28] audit: type=1400 audit(1760776944.813:74): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5 pid=6633 comm="syz.1.218" [ 150.704540][ T6424] usb 2-1: USB disconnect, device number 5 [ 150.831469][ T6423] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 151.071122][ T6423] usb 1-1: Using ep0 maxpacket: 8 [ 151.080040][ T6423] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 151.106932][ T6423] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 151.127505][ T6423] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 151.137548][ T6423] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.158780][ T6423] usbtmc 1-1:16.0: bulk endpoints not found [ 151.478679][ T6685] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 153.302829][ T6724] input: syz0 as /devices/virtual/input/input7 [ 153.612729][ T6380] usb 1-1: USB disconnect, device number 2 [ 154.284107][ T6732] sch_tbf: burst 21990 is lower than device lo mtu (65550) ! [ 154.879981][ T6742] netlink: 4 bytes leftover after parsing attributes in process `syz.3.254'. [ 155.590088][ T6424] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 155.801024][ T6424] usb 4-1: Using ep0 maxpacket: 8 [ 155.814800][ T6424] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 155.825666][ T6424] usb 4-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 155.839306][ T6424] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 155.849060][ T6424] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.873840][ T6424] usbtmc 4-1:16.0: bulk endpoints not found [ 156.768406][ T6762] sch_tbf: burst 21990 is lower than device lo mtu (65550) ! [ 157.770652][ T6777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.268'. [ 157.817445][ T6777] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.826364][ T6777] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.835712][ T6777] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.844954][ T6777] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.869154][ T6777] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 157.878489][ T6777] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 157.887521][ T6777] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 157.897263][ T6777] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 157.993264][ T6777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.268'. [ 158.024747][ T6777] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 158.033718][ T6777] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 158.042584][ T6777] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 158.051334][ T6777] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 158.067914][ T6777] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 158.076961][ T6777] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 158.086828][ T6777] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 158.096402][ T6777] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 158.335756][ T6785] sch_tbf: burst 21990 is lower than device lo mtu (65550) ! [ 158.372564][ T6380] usb 4-1: USB disconnect, device number 2 [ 158.844531][ T6800] netlink: 104 bytes leftover after parsing attributes in process `syz.0.276'. [ 160.014078][ T6815] sch_tbf: burst 21990 is lower than device lo mtu (65550) ! [ 160.161280][ T6380] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 160.246777][ T6819] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 160.361410][ T6380] usb 1-1: Using ep0 maxpacket: 8 [ 160.373681][ T6380] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 160.386748][ T6380] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 160.400231][ T6380] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 160.420521][ T6380] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.442739][ T6380] usbtmc 1-1:16.0: bulk endpoints not found [ 160.695880][ T6826] netlink: 104 bytes leftover after parsing attributes in process `syz.1.285'. [ 161.149893][ T6833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.287'. [ 161.178132][ T6835] sch_tbf: burst 21990 is lower than device lo mtu (11337746) ! [ 161.849403][ T1653] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 162.182618][ T1653] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 162.191106][ T6424] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 162.206695][ T1653] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.296046][ T1653] usb 2-1: config 0 descriptor?? [ 162.505943][ T6424] usb 4-1: Using ep0 maxpacket: 16 [ 162.579563][ T6424] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 162.592166][ T28] audit: type=1400 audit(1760776958.273:75): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5 pid=6840 comm="syz.1.292" [ 162.613866][ T6424] usb 4-1: config 0 has no interface number 0 [ 162.620142][ T6424] usb 4-1: config 0 interface 8 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 162.699924][ T6424] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 162.717061][ T6424] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 162.802543][ T6424] usb 4-1: Product: syz [ 162.806840][ T6424] usb 4-1: SerialNumber: syz [ 162.818990][ T6424] usb 4-1: config 0 descriptor?? [ 162.830845][ T6424] usbhid 4-1:0.8: couldn't find an input interrupt endpoint [ 162.937914][ T6380] usb 1-1: USB disconnect, device number 3 [ 163.352163][ T6864] sch_tbf: burst 21990 is lower than device lo mtu (11337746) ! [ 163.527013][ T6866] netlink: 8 bytes leftover after parsing attributes in process `syz.0.300'. [ 163.841448][ T6424] usb 2-1: USB disconnect, device number 6 [ 164.021094][ T6423] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 164.253023][ T6423] usb 3-1: config 5 has an invalid interface number: 3 but max is 0 [ 164.262469][ T6423] usb 3-1: config 5 has no interface number 0 [ 164.288036][ T6423] usb 3-1: New USB device found, idVendor=09fb, idProduct=602a, bcdDevice=fd.36 [ 164.304656][ T6423] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.332797][ T6423] usb 3-1: Product: syz [ 164.339168][ T6423] usb 3-1: Manufacturer: syz [ 164.348028][ T6423] usb 3-1: SerialNumber: syz [ 164.362718][ T6423] ftdi_sio 3-1:5.3: FTDI USB Serial Device converter detected [ 164.381261][ T6380] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 164.394697][ T6423] ftdi_sio ttyUSB0: unknown device type: 0xfd36 [ 164.571449][ T6869] netlink: 4 bytes leftover after parsing attributes in process `syz.2.301'. [ 164.612727][ T6869] macvtap1: entered promiscuous mode [ 164.627932][ T6869] bond0: entered promiscuous mode [ 164.631133][ T6380] usb 1-1: Using ep0 maxpacket: 8 [ 164.641194][ T6869] bond_slave_0: entered promiscuous mode [ 164.653994][ T6869] bond_slave_1: entered promiscuous mode [ 164.666995][ T6380] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 164.678469][ T6869] macvtap1: entered allmulticast mode [ 164.707982][ T6380] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 164.709179][ T6869] bond0: entered allmulticast mode [ 164.735431][ T6380] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 164.764154][ T6380] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 164.798064][ T6869] bond_slave_0: entered allmulticast mode [ 164.798102][ T6380] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 164.828291][ T6869] bond_slave_1: entered allmulticast mode [ 164.837251][ T6380] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.844889][ T6869] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 164.856053][ T6870] bond0: left allmulticast mode [ 164.861464][ T6870] bond_slave_0: left allmulticast mode [ 164.872691][ T6870] bond_slave_1: left allmulticast mode [ 164.878346][ T6870] bond0: left promiscuous mode [ 164.900022][ T6380] usbtmc 1-1:16.0: bulk endpoints not found [ 164.951108][ T6870] bond_slave_0: left promiscuous mode [ 164.957265][ T6870] bond_slave_1: left promiscuous mode [ 165.018546][ T6380] usb 3-1: USB disconnect, device number 3 [ 165.035915][ T6380] ftdi_sio 3-1:5.3: device disconnected [ 165.140050][ T1653] usb 4-1: USB disconnect, device number 3 [ 166.641307][ T6380] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 166.679238][ T6909] netlink: 104 bytes leftover after parsing attributes in process `syz.1.313'. [ 166.962209][ T6380] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 166.980515][ T6380] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.991359][ T6380] usb 4-1: config 0 descriptor?? [ 167.133645][ T6380] usb 1-1: USB disconnect, device number 4 [ 167.320728][ T28] audit: type=1400 audit(1760776962.993:76): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5 pid=6904 comm="syz.3.312" [ 167.489724][ T6925] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 169.522346][ T6423] usb 4-1: USB disconnect, device number 4 [ 170.149616][ T6956] loop2: detected capacity change from 0 to 128 [ 170.224739][ T6956] FAT-fs (loop2): Directory bread(block 32) failed [ 170.235805][ T6956] FAT-fs (loop2): Directory bread(block 33) failed [ 170.245392][ T6956] FAT-fs (loop2): Directory bread(block 34) failed [ 170.272152][ T6956] FAT-fs (loop2): Directory bread(block 35) failed [ 170.304273][ T6956] FAT-fs (loop2): Directory bread(block 36) failed [ 170.326000][ T6956] FAT-fs (loop2): Directory bread(block 37) failed [ 170.335974][ T6956] FAT-fs (loop2): Directory bread(block 38) failed [ 170.343091][ T6956] FAT-fs (loop2): Directory bread(block 39) failed [ 170.350624][ T6956] FAT-fs (loop2): Directory bread(block 40) failed [ 170.358282][ T6956] FAT-fs (loop2): Directory bread(block 41) failed [ 170.841021][ T6423] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 171.120966][ T6423] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 171.174453][ T6423] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.223964][ T6423] usb 2-1: config 0 descriptor?? [ 171.522260][ T28] audit: type=1400 audit(1760776967.203:77): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5 pid=6961 comm="syz.1.329" [ 172.499870][ T6983] loop0: detected capacity change from 0 to 512 [ 172.607129][ T6983] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.335: casefold flag without casefold feature [ 172.641695][ T6983] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.335: couldn't read orphan inode 15 (err -117) [ 172.704075][ T6983] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.158696][ T6990] netlink: 'syz.0.335': attribute type 10 has an invalid length. [ 174.064356][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.101425][ T1653] usb 2-1: USB disconnect, device number 7 [ 174.784762][ T7017] PKCS7: Unknown OID: [5] (bad) [ 174.789930][ T7017] PKCS7: Only support pkcs7_signedData type [ 175.739872][ T7024] loop0: detected capacity change from 0 to 512 [ 175.919996][ T7024] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.348: casefold flag without casefold feature [ 175.959451][ T7024] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.348: couldn't read orphan inode 15 (err -117) [ 176.054948][ T7024] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.374321][ T7029] netlink: 'syz.0.348': attribute type 10 has an invalid length. [ 177.260499][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.677222][ T7036] loop2: detected capacity change from 0 to 1024 [ 177.828087][ T7036] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.981965][ T7041] loop3: detected capacity change from 0 to 1024 [ 178.054541][ T7041] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 178.061267][ T7036] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.353: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 178.084579][ T7041] EXT4-fs (loop3): filesystem is read-only [ 178.090451][ T7041] EXT4-fs (loop3): Unsupported encryption level 6 [ 178.304046][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.534725][ T7051] overlayfs: missing 'lowerdir' [ 180.211231][ T5103] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 180.220722][ T5103] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 180.230019][ T5103] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 180.239198][ T5103] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 180.248537][ T5103] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 180.251104][ T6423] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 180.256528][ T5103] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 180.461132][ T6423] usb 1-1: Using ep0 maxpacket: 8 [ 180.473898][ T6423] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 180.489869][ T6423] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 180.510862][ T6423] usb 1-1: config 16 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 180.544026][ T6423] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 180.584498][ T6423] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 180.614943][ T6423] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.662981][ T6423] usbtmc 1-1:16.0: bulk endpoints not found [ 180.681856][ T7080] chnl_net:caif_netlink_parms(): no params data found [ 180.834287][ T7092] loop3: detected capacity change from 0 to 256 [ 180.872092][ T7092] ======================================================= [ 180.872092][ T7092] WARNING: The mand mount option has been deprecated and [ 180.872092][ T7092] and is ignored by this kernel. Remove the mand [ 180.872092][ T7092] option from the mount to silence this warning. [ 180.872092][ T7092] ======================================================= [ 180.921140][ T7080] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.938930][ T7080] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.949851][ T7080] bridge_slave_0: entered allmulticast mode [ 180.970794][ T7080] bridge_slave_0: entered promiscuous mode [ 181.005118][ T7080] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.031397][ T7080] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.044536][ T7080] bridge_slave_1: entered allmulticast mode [ 181.076226][ T7080] bridge_slave_1: entered promiscuous mode [ 181.196172][ T7080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 181.240477][ T7080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.292910][ T7097] blktrace: Concurrent blktraces are not allowed on sg0 [ 181.327881][ T7080] team0: Port device team_slave_0 added [ 181.346691][ T7080] team0: Port device team_slave_1 added [ 181.419022][ T7080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 181.428282][ T7080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.467974][ T7080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 181.487567][ T7080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 181.496588][ T7080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.618372][ T7080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 181.910258][ T7080] hsr_slave_0: entered promiscuous mode [ 181.939144][ T7080] hsr_slave_1: entered promiscuous mode [ 181.968341][ T7080] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 181.988543][ T7080] Cannot create hsr debugfs directory [ 182.321196][ T5103] Bluetooth: hci1: command tx timeout [ 182.805442][ T7080] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 182.835140][ T7080] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 182.857993][ T7080] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 182.898751][ T7080] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 182.923695][ T7103] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.932266][ T7103] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.972065][ T7103] bridge0: entered allmulticast mode [ 182.992921][ T6385] usb 1-1: USB disconnect, device number 5 [ 183.034362][ T7108] bridge_slave_1: left allmulticast mode [ 183.076837][ T7108] bridge_slave_1: left promiscuous mode [ 183.100442][ T7108] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.116709][ T7108] bridge_slave_0: left allmulticast mode [ 183.124536][ T7108] bridge_slave_0: left promiscuous mode [ 183.136081][ T7108] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.407153][ T7080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.443029][ T7080] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.475949][ T5953] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.483246][ T5953] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.500853][ T5961] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.508151][ T5961] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.813778][ T7134] Bluetooth: MGMT ver 1.22 [ 183.829358][ T7134] loop3: detected capacity change from 0 to 512 [ 183.848126][ T7134] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 256)! [ 183.860022][ T7134] EXT4-fs (loop3): group descriptors corrupted! [ 183.897693][ T7080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.146548][ T7143] blktrace: Concurrent blktraces are not allowed on sg0 [ 184.411248][ T5103] Bluetooth: hci1: command tx timeout [ 184.729285][ T7080] veth0_vlan: entered promiscuous mode [ 184.786502][ T7080] veth1_vlan: entered promiscuous mode [ 184.956060][ T7080] veth0_macvtap: entered promiscuous mode [ 185.023156][ T7080] veth1_macvtap: entered promiscuous mode [ 185.135649][ T7080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 185.147363][ T7080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.160293][ T7080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 185.180472][ T7080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.232808][ T7080] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.283799][ T7080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.383160][ T7080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.405420][ T7080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.418474][ T7080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.444744][ T7080] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.483073][ T7080] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.497235][ T7080] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.517795][ T7080] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.528116][ T7080] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.860520][ T5961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.901396][ T5961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.012113][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.043823][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.481357][ T5103] Bluetooth: hci1: command tx timeout [ 186.585504][ T7169] syz_tun: entered allmulticast mode [ 186.738746][ T7175] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 186.749907][ T7175] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 186.995910][ T7182] blktrace: Concurrent blktraces are not allowed on sg0 [ 187.005474][ T7183] loop0: detected capacity change from 0 to 256 [ 187.032834][ T7183] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 187.047745][ T7183] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 187.111729][ T7183] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 188.561303][ T5103] Bluetooth: hci1: command tx timeout [ 189.463157][ T7199] netlink: 8 bytes leftover after parsing attributes in process `syz.4.399'. [ 189.710548][ T7206] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 189.730134][ T7206] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 190.024534][ T7217] netlink: 24 bytes leftover after parsing attributes in process `syz.3.406'. [ 190.033990][ T7217] netlink: 24 bytes leftover after parsing attributes in process `syz.3.406'. [ 191.362010][ T7232] loop4: detected capacity change from 0 to 1024 [ 191.401934][ T7232] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 191.486379][ T7232] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 191.518664][ T7232] EXT4-fs (loop4): orphan cleanup on readonly fs [ 191.540234][ T7232] Quota error (device loop4): v2_read_file_info: Can't read info structure [ 191.570403][ T7232] EXT4-fs warning (device loop4): ext4_enable_quotas:7175: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix. [ 191.590881][ T7232] EXT4-fs (loop4): Cannot turn on quotas: error -5 [ 191.610518][ T7232] EXT4-fs (loop4): 1 truncate cleaned up [ 191.626259][ T7232] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 191.879342][ T7080] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.099478][ T7238] loop4: detected capacity change from 0 to 128 [ 192.217959][ T7238] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 192.269031][ T7238] FAT-fs (loop4): Filesystem has been set read-only [ 192.967696][ T7247] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 193.007697][ T7251] loop3: detected capacity change from 0 to 1024 [ 193.022240][ T7251] EXT4-fs: Ignoring removed orlov option [ 193.138028][ T7251] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.145107][ T7259] loop4: detected capacity change from 0 to 128 [ 193.198938][ T7259] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 193.208977][ T7261] loop0: detected capacity change from 0 to 1024 [ 193.210132][ T7261] EXT4-fs: Ignoring removed orlov option [ 193.239951][ T7261] EXT4-fs: Ignoring removed nomblk_io_submit option [ 193.261141][ T28] audit: type=1800 audit(1760776988.933:78): pid=7251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.417" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 193.294851][ T7259] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 193.353914][ T7261] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.388212][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.650732][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.532096][ T7268] syz_tun: entered allmulticast mode [ 194.573692][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.580535][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.084092][ T7284] loop2: detected capacity change from 0 to 256 [ 195.136937][ T7284] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18d7c, utbl_chksum : 0xe619d30d) [ 195.185947][ T28] audit: type=1800 audit(1760776990.863:79): pid=7284 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.428" name="file1" dev="loop2" ino=1048598 res=0 errno=0 [ 196.101260][ T7307] loop3: detected capacity change from 0 to 8 [ 196.154978][ T7307] SQUASHFS error: zlib decompression failed, data probably corrupt [ 196.163745][ T7307] SQUASHFS error: Failed to read block 0x9b: -5 [ 196.170087][ T7307] SQUASHFS error: Unable to read metadata cache entry [99] [ 196.177552][ T7307] SQUASHFS error: Unable to read inode 0x127 [ 196.845020][ T7309] netlink: 24 bytes leftover after parsing attributes in process `syz.3.438'. [ 196.874850][ T7309] netlink: 24 bytes leftover after parsing attributes in process `syz.3.438'. [ 197.081156][ T786] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 197.139503][ T7315] PKCS7: Unknown OID: [5] (bad) [ 197.149466][ T7315] PKCS7: Only support pkcs7_signedData type [ 197.302106][ T786] usb 5-1: Using ep0 maxpacket: 8 [ 197.312824][ T786] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 197.353189][ T786] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.381143][ T786] usb 5-1: config 0 has no interfaces? [ 197.398981][ T786] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 197.423376][ T786] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.449939][ T786] usb 5-1: Product: syz [ 197.457856][ T786] usb 5-1: Manufacturer: syz [ 197.468056][ T786] usb 5-1: SerialNumber: syz [ 197.487589][ T786] usb 5-1: config 0 descriptor?? [ 197.516459][ T7317] loop3: detected capacity change from 0 to 1024 [ 197.567926][ T7317] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 197.829726][ T6385] usb 5-1: USB disconnect, device number 2 [ 197.951981][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.321307][ T7331] netlink: 8 bytes leftover after parsing attributes in process `syz.0.446'. [ 198.730758][ T7338] netlink: 24 bytes leftover after parsing attributes in process `syz.2.449'. [ 198.764037][ T7338] netlink: 24 bytes leftover after parsing attributes in process `syz.2.449'. [ 199.745304][ T7347] loop3: detected capacity change from 0 to 512 [ 199.785510][ T7347] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.452: casefold flag without casefold feature [ 199.809507][ T7347] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.452: couldn't read orphan inode 15 (err -117) [ 199.829681][ T7351] loop4: detected capacity change from 0 to 1024 [ 199.874021][ T7347] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.908118][ T7351] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.125395][ T7080] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.382986][ T7359] netlink: 60 bytes leftover after parsing attributes in process `syz.4.454'. [ 200.573844][ T7363] netlink: 8 bytes leftover after parsing attributes in process `syz.4.456'. [ 200.658898][ T7367] loop2: detected capacity change from 0 to 128 [ 200.753127][ T7367] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 200.757927][ T7368] netlink: 'syz.3.452': attribute type 10 has an invalid length. [ 200.824695][ T7367] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 201.314631][ T7375] loop2: detected capacity change from 0 to 128 [ 201.366728][ T7375] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 201.467792][ T7375] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 201.579538][ T28] audit: type=1800 audit(1760776997.253:80): pid=7375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.459" name="file1" dev="loop2" ino=94 res=0 errno=0 [ 202.927703][ T7384] loop0: detected capacity change from 0 to 512 [ 203.029360][ T7384] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 203.052867][ T7368] team0 (unregistering): Port device team_slave_0 removed [ 203.061786][ T7384] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.172110][ T7368] team0 (unregistering): Port device team_slave_1 removed [ 203.290115][ T7384] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 203.324856][ T7384] Quota error (device loop0): write_blk: dquota write failed [ 203.361190][ T7384] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 203.390420][ T7384] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.462: Failed to acquire dquot type 0 [ 203.515156][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.078183][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.187363][ T7399] loop4: detected capacity change from 0 to 8 [ 204.232197][ T7399] SQUASHFS error: zlib decompression failed, data probably corrupt [ 204.285706][ T7399] SQUASHFS error: Failed to read block 0x9b: -5 [ 204.315704][ T7399] SQUASHFS error: Unable to read metadata cache entry [99] [ 204.335950][ T7399] SQUASHFS error: Unable to read inode 0x127 [ 205.502975][ T7420] syz_tun: entered allmulticast mode [ 205.792260][ T7428] netlink: 24 bytes leftover after parsing attributes in process `syz.4.475'. [ 205.827210][ T7428] netlink: 24 bytes leftover after parsing attributes in process `syz.4.475'. [ 206.533603][ T7433] netlink: 'syz.2.477': attribute type 11 has an invalid length. [ 206.565157][ T7433] netlink: 32 bytes leftover after parsing attributes in process `syz.2.477'. [ 208.435661][ T7461] netlink: 'syz.4.488': attribute type 11 has an invalid length. [ 208.450026][ T7461] netlink: 32 bytes leftover after parsing attributes in process `syz.4.488'. [ 208.471813][ T6385] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 208.681107][ T6385] usb 4-1: Using ep0 maxpacket: 8 [ 208.718107][ T6385] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 208.731079][ T6385] usb 4-1: config 179 has no interface number 0 [ 208.761903][ T7469] netlink: 8 bytes leftover after parsing attributes in process `syz.2.491'. [ 208.764541][ T6385] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 208.808046][ T6385] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 208.851353][ T6385] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 208.893976][ T6385] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 208.917984][ T6385] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 208.953656][ T6385] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 209.045623][ T6385] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.082935][ T7456] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 209.091249][ T1653] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 209.341083][ T1653] usb 5-1: Using ep0 maxpacket: 16 [ 209.394037][ T1653] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 209.406447][ T1653] usb 5-1: config 0 has no interface number 0 [ 209.413721][ T1653] usb 5-1: config 0 interface 8 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 209.429662][ T1653] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 209.445067][ T1653] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 209.475658][ T1653] usb 5-1: Product: syz [ 209.480697][ T1653] usb 5-1: SerialNumber: syz [ 209.497606][ T1653] usb 5-1: config 0 descriptor?? [ 209.535595][ T1653] usbhid 5-1:0.8: couldn't find an input interrupt endpoint [ 209.594095][ T6380] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input8 [ 209.867443][ T786] usb 4-1: USB disconnect, device number 5 [ 209.867445][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 209.882741][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 209.900472][ T786] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 210.186923][ T7486] netlink: 'syz.0.498': attribute type 11 has an invalid length. [ 210.214099][ T7486] netlink: 32 bytes leftover after parsing attributes in process `syz.0.498'. [ 211.745507][ T7505] netlink: 24 bytes leftover after parsing attributes in process `syz.3.505'. [ 211.756981][ T7505] netlink: 24 bytes leftover after parsing attributes in process `syz.3.505'. [ 211.928066][ T6424] usb 5-1: USB disconnect, device number 3 [ 212.001173][ T5800] Bluetooth: hci0: command 0x0406 tx timeout [ 212.009589][ T5800] Bluetooth: hci2: command 0x0406 tx timeout [ 212.017085][ T5793] Bluetooth: hci3: command 0x0406 tx timeout [ 212.126891][ T7510] netlink: 'syz.2.508': attribute type 11 has an invalid length. [ 212.135521][ T7510] netlink: 4 bytes leftover after parsing attributes in process `syz.2.508'. [ 212.511013][ T6424] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 212.693420][ T6424] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 212.741152][ T6424] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 212.777910][ T6424] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 212.836460][ T6424] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.850822][ T6424] usb 5-1: Product: syz [ 212.869045][ T6424] usb 5-1: Manufacturer: syz [ 212.876617][ T6424] usb 5-1: SerialNumber: syz [ 213.326994][ T6424] usb 5-1: cannot find UAC_HEADER [ 213.508157][ T6424] snd-usb-audio: probe of 5-1:1.0 failed with error -22 [ 213.569537][ T6424] usb 5-1: USB disconnect, device number 4 [ 213.623539][ T5805] udevd[5805]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 214.997979][ T7541] netlink: 'syz.0.517': attribute type 11 has an invalid length. [ 215.011081][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.0.517'. [ 216.554045][ T1653] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 216.764354][ T1653] usb 5-1: config 1 has an invalid interface number: 105 but max is 0 [ 217.130066][ T1653] usb 5-1: config 1 has no interface number 0 [ 217.211402][ T1653] usb 5-1: config 1 interface 105 has no altsetting 0 [ 217.553873][ T1653] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 217.584267][ T1653] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.610292][ T1653] usb 5-1: Product: syz [ 217.614929][ T1653] usb 5-1: Manufacturer: syz [ 217.619540][ T1653] usb 5-1: SerialNumber: syz [ 218.047380][ T7579] netlink: 12 bytes leftover after parsing attributes in process `syz.2.530'. [ 218.058061][ T7578] PKCS7: Unknown OID: [5] (bad) [ 218.071130][ T7578] PKCS7: Only support pkcs7_signedData type [ 218.282218][ T1653] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: 0 [ 218.309252][ T1653] aqc111: probe of 5-1:1.105 failed with error -61 [ 218.490061][ T7581] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 218.543712][ T7581] netlink: 136 bytes leftover after parsing attributes in process `syz.0.531'. [ 218.707282][ T7583] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 219.152913][ T7592] netlink: 12 bytes leftover after parsing attributes in process `syz.0.535'. [ 219.182197][ T7592] netlink: 12 bytes leftover after parsing attributes in process `syz.0.535'. [ 219.547236][ T7596] blktrace: Concurrent blktraces are not allowed on sg0 [ 219.566016][ T6424] usb 5-1: USB disconnect, device number 5 [ 219.926923][ T7604] loop0: detected capacity change from 0 to 2048 [ 220.047850][ T7604] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 220.272338][ T28] audit: type=1800 audit(1760777015.953:81): pid=7604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.539" name="file0" dev="loop0" ino=19 res=0 errno=0 [ 220.407225][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.629112][ T7615] loop0: detected capacity change from 0 to 512 [ 220.663547][ T7615] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 220.751263][ T7615] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 220.766492][ T7615] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 220.782136][ T7615] EXT4-fs error (device loop0): __ext4_iget:5053: inode #15: block 1803188595: comm syz.0.541: invalid block [ 220.824978][ T7615] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.541: couldn't read orphan inode 15 (err -117) [ 220.945854][ T7615] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 221.764038][ T7631] netlink: 'syz.2.546': attribute type 6 has an invalid length. [ 222.572336][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.697313][ T7638] netlink: 'syz.2.549': attribute type 11 has an invalid length. [ 222.731249][ T7638] netlink: 4 bytes leftover after parsing attributes in process `syz.2.549'. [ 222.901121][ T6380] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 224.095583][ T6380] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 224.142897][ T6380] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.172000][ T6380] usb 5-1: config 0 descriptor?? [ 224.411033][ T28] audit: type=1400 audit(1760777020.083:82): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5 pid=7629 comm="syz.4.547" [ 226.270651][ T6380] usb 5-1: USB disconnect, device number 6 [ 227.109539][ T7691] loop0: detected capacity change from 0 to 1024 [ 227.583706][ T5978] hfsplus: b-tree write err: -5, ino 3 [ 227.656652][ T5789] hfsplus: node 4:3 still has 1 user(s)! [ 227.684094][ T7697] loop3: detected capacity change from 0 to 128 [ 227.808119][ T7697] FAT-fs (loop3): Directory bread(block 32) failed [ 227.828854][ T7697] FAT-fs (loop3): Directory bread(block 33) failed [ 227.841762][ T7697] FAT-fs (loop3): Directory bread(block 34) failed [ 227.848859][ T7697] FAT-fs (loop3): Directory bread(block 35) failed [ 227.860799][ T7697] FAT-fs (loop3): Directory bread(block 36) failed [ 227.881038][ T7697] FAT-fs (loop3): Directory bread(block 37) failed [ 227.909609][ T7697] FAT-fs (loop3): Directory bread(block 38) failed [ 227.921991][ T7697] FAT-fs (loop3): Directory bread(block 39) failed [ 227.943289][ T7697] FAT-fs (loop3): Directory bread(block 40) failed [ 227.950741][ T7697] FAT-fs (loop3): Directory bread(block 41) failed [ 228.268269][ T7697] syz.3.567: attempt to access beyond end of device [ 228.268269][ T7697] loop3: rw=524288, sector=4108, nr_sectors = 4 limit=128 [ 228.294158][ T7697] syz.3.567: attempt to access beyond end of device [ 228.294158][ T7697] loop3: rw=0, sector=4108, nr_sectors = 4 limit=128 [ 228.307945][ T28] audit: type=1800 audit(1760777023.983:83): pid=7697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.567" name="file1" dev="loop3" ino=1048612 res=0 errno=0 [ 228.382394][ T7697] FAT-fs (loop3): Filesystem has been set read-only [ 228.389612][ T7697] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 228.910239][ T7718] loop4: detected capacity change from 0 to 128 [ 229.876993][ T7731] PKCS7: Unknown OID: [5] (bad) [ 229.894780][ T7731] PKCS7: Only support pkcs7_signedData type [ 230.271519][ T6385] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 230.471078][ T6385] usb 5-1: Using ep0 maxpacket: 8 [ 230.479858][ T6385] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 230.555949][ T6385] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 230.610993][ T6385] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 230.635583][ T6385] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 230.686005][ T6385] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 230.702003][ T6385] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.939774][ T6385] usb 5-1: GET_CAPABILITIES returned 0 [ 230.951727][ T7747] netlink: 104 bytes leftover after parsing attributes in process `syz.0.586'. [ 230.961431][ T6385] usbtmc 5-1:16.0: can't read capabilities [ 231.173657][ T6385] usb 5-1: USB disconnect, device number 7 [ 231.975579][ T7772] loop3: detected capacity change from 0 to 1024 [ 232.047425][ T7772] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 232.296456][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.734635][ T7780] ptrace attach of "./syz-executor exec"[5792] was attempted by ""[7780] [ 234.028342][ T7792] loop0: detected capacity change from 0 to 256 [ 234.096133][ T7792] FAT-fs (loop0): Directory bread(block 64) failed [ 234.107603][ T7792] FAT-fs (loop0): Directory bread(block 65) failed [ 234.115506][ T7792] FAT-fs (loop0): Directory bread(block 66) failed [ 234.127616][ T7792] FAT-fs (loop0): Directory bread(block 67) failed [ 234.137683][ T7792] FAT-fs (loop0): Directory bread(block 68) failed [ 234.151309][ T7792] FAT-fs (loop0): Directory bread(block 69) failed [ 234.159606][ T7792] FAT-fs (loop0): Directory bread(block 70) failed [ 234.172008][ T7792] FAT-fs (loop0): Directory bread(block 71) failed [ 234.180132][ T7792] FAT-fs (loop0): Directory bread(block 72) failed [ 234.188533][ T7792] FAT-fs (loop0): Directory bread(block 73) failed [ 234.311791][ T7792] syz.0.599: attempt to access beyond end of device [ 234.311791][ T7792] loop0: rw=2049, sector=1224, nr_sectors = 4 limit=256 [ 234.562068][ T7794] netlink: 'syz.0.600': attribute type 11 has an invalid length. [ 235.111147][ T6423] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 235.291285][ T6423] usb 1-1: Using ep0 maxpacket: 8 [ 235.301031][ T6423] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 235.340605][ T6423] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 235.360683][ T6423] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 235.377818][ T6423] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 235.395024][ T7811] netlink: 104 bytes leftover after parsing attributes in process `syz.4.607'. [ 235.406359][ T6423] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 235.420981][ T6423] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.672406][ T6423] usb 1-1: GET_CAPABILITIES returned 0 [ 235.677998][ T6423] usbtmc 1-1:16.0: can't read capabilities [ 235.798903][ T7816] netlink: 'syz.4.610': attribute type 11 has an invalid length. [ 235.880753][ T6423] usb 1-1: USB disconnect, device number 6 [ 235.991869][ T7824] loop4: detected capacity change from 0 to 256 [ 236.000207][ T7824] exfat: Bad value for 'uid' [ 236.501086][ T6423] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 236.562317][ T7829] loop0: detected capacity change from 0 to 1024 [ 236.622092][ T7829] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 236.725883][ T6423] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 236.745274][ T6423] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.782384][ T6423] usb 5-1: config 0 descriptor?? [ 236.832979][ T6423] cp210x 5-1:0.0: cp210x converter detected [ 236.879202][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.100762][ T7838] netlink: 104 bytes leftover after parsing attributes in process `syz.3.616'. [ 237.262850][ T6423] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 237.283636][ T7841] loop3: detected capacity change from 0 to 1024 [ 237.309100][ T7841] EXT4-fs: Ignoring removed orlov option [ 237.376757][ T7841] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 237.396971][ T7845] loop0: detected capacity change from 0 to 1024 [ 237.506805][ T6423] usb 5-1: cp210x converter now attached to ttyUSB0 [ 237.515522][ T7845] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 237.698722][ T6380] usb 5-1: USB disconnect, device number 8 [ 237.699281][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.708988][ T6380] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 237.784845][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.803193][ T6380] cp210x 5-1:0.0: device disconnected [ 238.132417][ T6424] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 238.191076][ T6423] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 238.331401][ T6424] usb 1-1: Using ep0 maxpacket: 8 [ 238.342285][ T6424] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 238.354556][ T6424] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 238.365012][ T6424] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 238.375053][ T6423] usb 4-1: Using ep0 maxpacket: 32 [ 238.380297][ T6424] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 238.393863][ T6424] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 238.403271][ T6424] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.412462][ T6423] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 238.424773][ T6423] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.437845][ T6423] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 238.453445][ T6423] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.471966][ T6423] usb 4-1: config 0 descriptor?? [ 238.581123][ T6380] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 238.647470][ T6424] usb 1-1: GET_CAPABILITIES returned 0 [ 238.662129][ T6424] usbtmc 1-1:16.0: can't read capabilities [ 238.775861][ T6380] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 238.785748][ T6380] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7 [ 238.803792][ T6380] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 238.813089][ T6380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.821284][ T6380] usb 5-1: Product: syz [ 238.825799][ T6380] usb 5-1: Manufacturer: syz [ 238.830531][ T6380] usb 5-1: SerialNumber: syz [ 238.846124][ T6380] usb 5-1: config 0 descriptor?? [ 238.867272][ T5893] usb 1-1: USB disconnect, device number 7 [ 238.917283][ T6423] logitech 0003:046D:C29C.0002: unknown main item tag 0x6 [ 238.949537][ T6423] logitech 0003:046D:C29C.0002: hidraw0: USB HID vb4.30 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0 [ 239.211068][ T6380] usb 5-1: USB disconnect, device number 9 [ 239.290613][ T5804] udevd[5804]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 239.318641][ T6423] logitech 0003:046D:C29C.0002: no inputs found [ 239.375171][ T6423] usb 4-1: USB disconnect, device number 6 [ 239.553863][ T7867] loop0: detected capacity change from 0 to 1764 [ 239.710083][ T7867] netlink: 136 bytes leftover after parsing attributes in process `syz.0.624'. [ 239.741083][ T7867] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check. [ 239.883798][ T7869] netlink: 104 bytes leftover after parsing attributes in process `syz.0.625'. [ 240.065986][ T7871] loop3: detected capacity change from 0 to 1024 [ 240.145461][ T7871] hfsplus: catalog name length corrupted [ 241.409655][ T7901] loop0: detected capacity change from 0 to 256 [ 241.434004][ T7901] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 241.463494][ T7901] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 241.508643][ T7901] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 243.099764][ T7923] loop4: detected capacity change from 0 to 256 [ 243.236188][ T7923] FAT-fs (loop4): Directory bread(block 64) failed [ 243.252822][ T7923] FAT-fs (loop4): Directory bread(block 65) failed [ 243.281719][ T7923] FAT-fs (loop4): Directory bread(block 66) failed [ 243.305256][ T7923] FAT-fs (loop4): Directory bread(block 67) failed [ 243.352242][ T7923] FAT-fs (loop4): Directory bread(block 68) failed [ 243.393224][ T7923] FAT-fs (loop4): Directory bread(block 69) failed [ 243.414181][ T7923] FAT-fs (loop4): Directory bread(block 70) failed [ 243.456496][ T7923] FAT-fs (loop4): Directory bread(block 71) failed [ 243.496886][ T7923] FAT-fs (loop4): Directory bread(block 72) failed [ 243.531178][ T7923] FAT-fs (loop4): Directory bread(block 73) failed [ 244.193159][ T7930] loop4: detected capacity change from 0 to 512 [ 244.540266][ T7930] EXT4-fs (loop4): Test dummy encryption mode enabled [ 244.552142][ T7930] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 244.620726][ T7930] EXT4-fs (loop4): 1 truncate cleaned up [ 244.633414][ T7930] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 245.055825][ T7930] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 245.199044][ T7080] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.464175][ T6380] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 247.736607][ T6380] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 247.758946][ T6380] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.793978][ T6380] usb 5-1: config 0 descriptor?? [ 248.109750][ T28] audit: type=1400 audit(1760777043.783:84): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5 pid=7977 comm="syz.4.659" [ 248.571029][ T5893] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 248.919732][ T5893] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 248.968243][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.082572][ T5893] usb 1-1: config 0 descriptor?? [ 249.098066][ T5893] cp210x 1-1:0.0: cp210x converter detected [ 249.497165][ T5893] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 250.473551][ T5893] cp210x 1-1:0.0: failed to get vendor val 0x370c size 15: -71 [ 250.512266][ T5893] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 250.576073][ T5893] usb 1-1: cp210x converter now attached to ttyUSB0 [ 250.601344][ T5893] usb 1-1: USB disconnect, device number 8 [ 250.635886][ T5893] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 250.666825][ T5893] cp210x 1-1:0.0: device disconnected [ 252.091934][ T5893] usb 5-1: USB disconnect, device number 10 [ 252.253249][ T8026] loop4: detected capacity change from 0 to 512 [ 252.297084][ T8031] overlayfs: missing 'lowerdir' [ 252.308713][ T8026] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 252.327639][ T8026] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 252.339837][ T8026] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.673: Failed to acquire dquot type 0 [ 252.354177][ T8026] EXT4-fs (loop4): Remounting filesystem read-only [ 252.362731][ T8026] EXT4-fs (loop4): 1 orphan inode deleted [ 252.370219][ T8026] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.384279][ T8026] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 252.504263][ T7080] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.274720][ T8067] netlink: 'syz.4.683': attribute type 11 has an invalid length. [ 255.699404][ T8069] loop4: detected capacity change from 0 to 512 [ 255.743458][ T8069] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 255.895591][ T8069] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 255.944574][ T8069] ext4 filesystem being mounted at /70/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 256.004064][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.010596][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.047332][ T8069] Quota error (device loop4): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 256.109057][ T8069] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 256.132572][ T8069] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.684: Failed to acquire dquot type 0 [ 256.307729][ T7080] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 256.609149][ T8087] netlink: 44 bytes leftover after parsing attributes in process `syz.4.688'. [ 256.933462][ T8092] loop4: detected capacity change from 0 to 128 [ 256.991794][ T8092] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 257.050763][ T8096] loop3: detected capacity change from 0 to 1024 [ 257.120839][ T8092] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 257.192406][ T8096] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 257.435344][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.612382][ T6424] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 257.811827][ T6424] usb 5-1: Using ep0 maxpacket: 8 [ 257.819570][ T6424] usb 5-1: config 0 has no interfaces? [ 257.835426][ T6424] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 257.850124][ T6424] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.868248][ T6424] usb 5-1: Product: syz [ 257.965105][ T6424] usb 5-1: Manufacturer: syz [ 258.007721][ T6424] usb 5-1: SerialNumber: syz [ 258.052835][ T6424] usb 5-1: config 0 descriptor?? [ 258.401672][ T5778] usb 5-1: USB disconnect, device number 11 [ 258.912607][ T8126] ptrace attach of "./syz-executor exec"[5788] was attempted by ""[8126] [ 259.430014][ T8123] loop3: detected capacity change from 0 to 2048 [ 259.505154][ T8123] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 259.523101][ T7080] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 259.584214][ T8123] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 259.777856][ T8133] loop4: detected capacity change from 0 to 1024 [ 259.881065][ T8133] hfsplus: xattr searching failed [ 259.889798][ T28] audit: type=1800 audit(1760777055.563:85): pid=8133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.704" name="file1" dev="loop4" ino=2 res=0 errno=0 [ 260.041875][ T5953] hfsplus: bad catalog file entry [ 260.063624][ T5953] hfsplus: b-tree write err: -5, ino 3 [ 261.911640][ T8159] ptrace attach of "./syz-executor exec"[5792] was attempted by ""[8159] [ 262.766400][ T8161] loop4: detected capacity change from 0 to 128 [ 262.802979][ T8161] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 262.847227][ T8161] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 262.911187][ T28] audit: type=1800 audit(1760777058.573:86): pid=8161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.715" name="file1" dev="loop4" ino=94 res=0 errno=0 [ 263.381080][ T786] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 263.595181][ T786] usb 4-1: Using ep0 maxpacket: 16 [ 263.711097][ T786] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 263.722126][ T786] usb 4-1: config 0 has no interface number 0 [ 263.728396][ T786] usb 4-1: config 0 interface 8 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 263.772569][ T786] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 263.790365][ T786] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 263.811005][ T786] usb 4-1: Product: syz [ 263.815249][ T786] usb 4-1: SerialNumber: syz [ 263.984891][ T786] usb 4-1: config 0 descriptor?? [ 264.313610][ T786] usbhid 4-1:0.8: couldn't find an input interrupt endpoint [ 264.983387][ T8191] syzkaller0: entered promiscuous mode [ 264.988936][ T8191] syzkaller0: entered allmulticast mode [ 269.091654][ T6424] usb 4-1: USB disconnect, device number 7 [ 269.921121][ T6424] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 270.463046][ T6424] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 270.477475][ T6424] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.497947][ T8243] PKCS7: Unknown OID: [5] (bad) [ 270.512008][ T6424] usb 4-1: config 0 descriptor?? [ 270.523863][ T6424] cp210x 4-1:0.0: cp210x converter detected [ 270.596558][ T8243] PKCS7: Only support pkcs7_signedData type [ 270.932410][ T6424] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 271.180215][ T6424] cp210x 4-1:0.0: failed to get vendor val 0x370c size 15: -71 [ 271.208872][ T6424] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 271.287075][ T6424] usb 4-1: cp210x converter now attached to ttyUSB0 [ 271.319861][ T6424] usb 4-1: USB disconnect, device number 8 [ 271.391077][ T6424] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 271.432445][ T6424] cp210x 4-1:0.0: device disconnected [ 272.921096][ T5778] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 273.901050][ T5778] usb 4-1: Using ep0 maxpacket: 8 [ 273.913389][ T5778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 273.931318][ T5778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 273.993077][ T5778] usb 4-1: New USB device found, idVendor=056a, idProduct=0038, bcdDevice= 0.00 [ 274.010931][ T5778] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.029730][ T5778] usb 4-1: config 0 descriptor?? [ 274.298092][ T5778] usbhid 4-1:0.0: can't add hid device: -71 [ 274.324623][ T5778] usbhid: probe of 4-1:0.0 failed with error -71 [ 274.361268][ T5778] usb 4-1: USB disconnect, device number 9 [ 274.931623][ T5778] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 275.151141][ T5778] usb 1-1: Using ep0 maxpacket: 16 [ 275.172300][ T5778] usb 1-1: config 0 has an invalid interface number: 29 but max is 0 [ 275.201042][ T5778] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 275.237423][ T5778] usb 1-1: config 0 has no interface number 0 [ 275.239189][ T8294] loop3: detected capacity change from 0 to 256 [ 275.263778][ T5778] usb 1-1: New USB device found, idVendor=050d, idProduct=2102, bcdDevice=70.d0 [ 275.318736][ T5778] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.330524][ T5778] usb 1-1: Product: syz [ 275.336610][ T5778] usb 1-1: Manufacturer: syz [ 275.348851][ T5778] usb 1-1: SerialNumber: syz [ 275.365945][ T5778] usb 1-1: config 0 descriptor?? [ 275.398995][ T8294] FAT-fs (loop3): Directory bread(block 64) failed [ 275.416454][ T8296] netlink: 60 bytes leftover after parsing attributes in process `syz.2.754'. [ 275.437452][ T8294] FAT-fs (loop3): Directory bread(block 65) failed [ 275.458967][ T8294] FAT-fs (loop3): Directory bread(block 66) failed [ 275.508366][ T8294] FAT-fs (loop3): Directory bread(block 67) failed [ 275.533335][ T8294] FAT-fs (loop3): Directory bread(block 68) failed [ 275.560341][ T8294] FAT-fs (loop3): Directory bread(block 69) failed [ 275.590947][ T8294] FAT-fs (loop3): Directory bread(block 70) failed [ 275.597530][ T8294] FAT-fs (loop3): Directory bread(block 71) failed [ 275.619976][ T8294] FAT-fs (loop3): Directory bread(block 72) failed [ 275.647108][ T8294] FAT-fs (loop3): Directory bread(block 73) failed [ 275.910078][ T8304] PKCS7: Unknown OID: [5] (bad) [ 275.915848][ T8304] PKCS7: Only support pkcs7_signedData type [ 276.153267][ T8307] ptrace attach of "./syz-executor exec"[5792] was attempted by ""[8307] [ 277.234229][ T8314] netlink: 12 bytes leftover after parsing attributes in process `syz.3.760'. [ 277.523587][ T8316] loop3: detected capacity change from 0 to 128 [ 277.547019][ T8316] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 277.608683][ T8316] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 277.725057][ T28] audit: type=1800 audit(1760777073.403:87): pid=8316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.761" name="file1" dev="loop3" ino=94 res=0 errno=0 [ 277.733087][ T5778] usb 1-1: USB disconnect, device number 9 [ 277.995960][ T8325] netlink: 60 bytes leftover after parsing attributes in process `syz.0.764'. [ 278.129207][ T8329] loop0: detected capacity change from 0 to 128 [ 278.156322][ T8329] EXT4-fs: Ignoring removed nomblk_io_submit option [ 278.183307][ T8329] EXT4-fs (loop0): Test dummy encryption mode enabled [ 278.245945][ T8329] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 278.266182][ T8329] ext4 filesystem being mounted at /194/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 278.609374][ T8341] ptrace attach of "./syz-executor exec"[7080] was attempted by ""[8341] [ 279.004050][ T8329] fscrypt (loop0): Error allocating 'xts(aes)' transform: -4 [ 279.217844][ T5789] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 279.318454][ T8350] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 279.578753][ T8358] PKCS7: Unknown OID: [5] (bad) [ 279.601004][ T8358] PKCS7: Only support pkcs7_signedData type [ 282.839076][ T8385] loop0: detected capacity change from 0 to 256 [ 283.346344][ T8390] ptrace attach of "./syz-executor exec"[7080] was attempted by ""[8390] [ 289.778450][ T8448] netlink: 96 bytes leftover after parsing attributes in process `syz.4.798'. [ 290.283909][ T8461] ptrace attach of "./syz-executor exec"[5792] was attempted by ""[8461] [ 295.457300][ T8526] xt_hashlimit: max too large, truncated to 1048576 [ 295.466995][ T8526] No such timeout policy "syz1" [ 297.637962][ T8540] netlink: 96 bytes leftover after parsing attributes in process `syz.3.828'. [ 299.931344][ T8574] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 299.987097][ T8576] netlink: 96 bytes leftover after parsing attributes in process `syz.3.839'. [ 300.112705][ T8578] netlink: 12 bytes leftover after parsing attributes in process `syz.3.840'. [ 300.428848][ T8582] syzkaller0: entered promiscuous mode [ 300.442743][ T8582] syzkaller0: entered allmulticast mode [ 302.110706][ T8597] pimreg: entered allmulticast mode [ 302.488625][ T8597] loop0: detected capacity change from 0 to 8192 [ 302.618226][ T8597] pimreg: left allmulticast mode [ 304.161256][ T5103] Bluetooth: hci1: command 0x0406 tx timeout [ 312.531246][ T8703] ptrace attach of "./syz-executor exec"[7080] was attempted by ""[8703] [ 313.030318][ T8705] loop0: detected capacity change from 0 to 16 [ 313.074813][ T8705] erofs: (device loop0): mounted with root inode @ nid 36. [ 313.372905][ T5778] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 313.583179][ T5778] usb 1-1: config index 0 descriptor too short (expected 539, got 27) [ 313.597403][ T5778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 4 [ 313.633781][ T5778] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 313.648377][ T5778] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.669103][ T5778] usb 1-1: Product: syz [ 313.678973][ T5778] usb 1-1: Manufacturer: syz [ 313.695219][ T5778] usb 1-1: SerialNumber: syz [ 313.707269][ T5778] usb 1-1: config 0 descriptor?? [ 313.718765][ T5778] hub 1-1:0.0: bad descriptor, ignoring hub [ 313.729561][ T5778] hub: probe of 1-1:0.0 failed with error -5 [ 313.749511][ T5778] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input9 [ 313.794505][ T5778] usbtouchscreen 1-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -22 [ 313.886158][ T5778] usbtouchscreen: probe of 1-1:0.0 failed with error -22 [ 313.964479][ T5778] usb 1-1: USB disconnect, device number 10 [ 315.283353][ T8724] netlink: 4 bytes leftover after parsing attributes in process `syz.3.878'. [ 315.595592][ T8724] netlink: 4 bytes leftover after parsing attributes in process `syz.3.878'. [ 316.774791][ T5778] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 317.883598][ T5778] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 317.936716][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.949646][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.976749][ T5778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 318.074598][ T5778] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 318.210997][ T5778] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 318.260979][ T5778] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 318.280961][ T5778] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.341116][ T5778] usb 1-1: config 0 descriptor?? [ 318.346806][ T8731] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 318.787253][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 318.798906][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 318.821144][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 318.854907][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 318.905266][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 318.941001][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 318.981811][ T5778] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 319.035401][ T5778] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 319.603638][ T6380] usb 1-1: USB disconnect, device number 11 [ 378.886384][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.892888][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 424.300849][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 424.307947][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P8751/1:b..l [ 424.316472][ C1] rcu: (detected by 1, t=10502 jiffies, g=37657, q=330 ncpus=2) [ 424.324245][ C1] task:syz.3.885 state:R running task stack:26536 pid:8751 ppid:5792 flags:0x00004002 [ 424.336248][ C1] Call Trace: [ 424.339570][ C1] [ 424.342553][ C1] __schedule+0x14d2/0x44d0 [ 424.347137][ C1] ? asan.module_dtor+0x20/0x20 [ 424.352050][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 424.358095][ C1] ? preempt_schedule_irq+0xaa/0x140 [ 424.363457][ C1] preempt_schedule_irq+0xb5/0x140 [ 424.368622][ C1] ? preempt_schedule_notrace+0x110/0x110 [ 424.374401][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 424.380255][ C1] irqentry_exit+0x67/0x70 [ 424.384710][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 424.390732][ C1] RIP: 0010:lock_acquire+0x1f2/0x410 [ 424.396062][ C1] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00 [ 424.415711][ C1] RSP: 0018:ffffc9000b6473c0 EFLAGS: 00000206 [ 424.421841][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 9e7001b6511ac900 [ 424.429849][ C1] RDX: 0000000000000000 RSI: ffffffff8aaace60 RDI: ffffffff8afc64c0 [ 424.437863][ C1] RBP: ffffc9000b6474c8 R08: dffffc0000000000 R09: 1ffffffff21b4ea0 [ 424.445877][ C1] R10: dffffc0000000000 R11: fffffbfff21b4ea1 R12: 1ffff920016c8e84 [ 424.453883][ C1] R13: ffffffff8cd2ff20 R14: 0000000000000246 R15: dffffc0000000000 [ 424.461915][ C1] ? percpu_ref_put+0xef/0x180 [ 424.466728][ C1] ? uncharge_batch+0x2ff/0x440 [ 424.471623][ C1] ? read_lock_is_recursive+0x20/0x20 [ 424.477038][ C1] ? folio_unqueue_deferred_split+0x49/0x190 [ 424.483065][ C1] ? percpu_ref_put+0x19/0x180 [ 424.487868][ C1] ? page_ext_get+0x22/0x2b0 [ 424.492497][ C1] page_ext_get+0x3e/0x2b0 [ 424.496948][ C1] ? page_ext_get+0x22/0x2b0 [ 424.501579][ C1] __reset_page_owner+0x2e/0x190 [ 424.506561][ C1] ? rcu_is_watching+0x15/0xb0 [ 424.511379][ C1] free_unref_page_prepare+0x7ce/0x8e0 [ 424.516896][ C1] free_unref_page+0x32/0x2e0 [ 424.521619][ C1] ? __folio_put+0xef/0x210 [ 424.526160][ C1] hpage_collapse_scan_file+0x4b45/0x5b80 [ 424.531962][ C1] ? hpage_collapse_scan_file+0x194/0x5b80 [ 424.537825][ C1] ? hugepage_vma_revalidate+0x310/0x310 [ 424.543515][ C1] ? madvise_collapse+0x190/0xde0 [ 424.548586][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 424.553676][ C1] ? up_read+0x20/0x20 [ 424.557789][ C1] madvise_collapse+0x67e/0xde0 [ 424.562708][ C1] do_madvise+0x8f1/0x3710 [ 424.567190][ C1] ? madvise_set_anon_name+0x440/0x440 [ 424.572693][ C1] ? _raw_spin_unlock+0x40/0x40 [ 424.577585][ C1] ? preempt_schedule_thunk+0x1a/0x30 [ 424.583014][ C1] ? try_to_wake_up+0x756/0x1140 [ 424.588015][ C1] ? wake_up_q+0xca/0x100 [ 424.592398][ C1] ? futex_wake+0x40d/0x4b0 [ 424.596953][ C1] ? futex_wake_mark+0x150/0x150 [ 424.601925][ C1] ? do_recvmmsg+0x6cc/0x7d0 [ 424.606577][ C1] ? do_futex+0x35d/0x3e0 [ 424.610955][ C1] ? __fget_files+0x28/0x4d0 [ 424.615600][ C1] ? __ia32_sys_get_robust_list+0x90/0x90 [ 424.621381][ C1] ? lock_chain_count+0x20/0x20 [ 424.626281][ C1] __x64_sys_madvise+0xa6/0xc0 [ 424.631093][ C1] do_syscall_64+0x55/0xb0 [ 424.635554][ C1] ? clear_bhb_loop+0x40/0x90 [ 424.640268][ C1] ? clear_bhb_loop+0x40/0x90 [ 424.644989][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 424.650931][ C1] RIP: 0033:0x7fa6c1b8efc9 [ 424.655404][ C1] RSP: 002b:00007fa6c294a038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 424.663858][ C1] RAX: ffffffffffffffda RBX: 00007fa6c1de6180 RCX: 00007fa6c1b8efc9 [ 424.671862][ C1] RDX: 0000000000000019 RSI: 0000000008000000 RDI: 0000200000000000 [ 424.679883][ C1] RBP: 00007fa6c1c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 424.687902][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.695913][ C1] R13: 00007fa6c1de6218 R14: 00007fa6c1de6180 R15: 00007ffc36b75d08 [ 424.703942][ C1] [ 424.706996][ C1] rcu: rcu_preempt kthread starved for 10191 jiffies! g37657 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 424.718252][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 424.728337][ C1] rcu: RCU grace-period kthread stack dump: [ 424.734250][ C1] task:rcu_preempt state:R running task stack:27656 pid:17 ppid:2 flags:0x00004000 [ 424.745077][ C1] Call Trace: [ 424.748388][ C1] [ 424.751360][ C1] __schedule+0x14d2/0x44d0 [ 424.755950][ C1] ? asan.module_dtor+0x20/0x20 [ 424.760869][ C1] ? enqueue_timer+0x225/0x530 [ 424.765679][ C1] ? __mod_timer+0x984/0xdb0 [ 424.770327][ C1] schedule+0xbd/0x170 [ 424.774440][ C1] schedule_timeout+0x160/0x280 [ 424.779330][ C1] ? console_conditional_schedule+0x40/0x40 [ 424.785267][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 424.791204][ C1] ? update_process_times+0x1b0/0x1b0 [ 424.796634][ C1] ? prepare_to_swait_event+0x339/0x360 [ 424.802244][ C1] rcu_gp_fqs_loop+0x302/0x1560 [ 424.807165][ C1] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 424.813375][ C1] ? rcu_gp_init+0x1510/0x1510 [ 424.818194][ C1] ? rcu_gp_cleanup+0xb4c/0xca0 [ 424.823103][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 424.828347][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 424.833602][ C1] rcu_gp_kthread+0x99/0x380 [ 424.838244][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 424.843406][ C1] ? __kthread_parkme+0x7a/0x1c0 [ 424.848397][ C1] ? __kthread_parkme+0x162/0x1c0 [ 424.853478][ C1] kthread+0x2fa/0x390 [ 424.857589][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 424.862751][ C1] ? kthread_blkcg+0xd0/0xd0 [ 424.867379][ C1] ret_from_fork+0x48/0x80 [ 424.871835][ C1] ? kthread_blkcg+0xd0/0xd0 [ 424.876458][ C1] ret_from_fork_asm+0x11/0x20 [ 424.881284][ C1] [ 424.884332][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 424.890697][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 [ 424.897760][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 424.907849][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 424.913623][ C1] Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 43 b9 39 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56 [ 424.933363][ C1] RSP: 0018:ffffc90000187de0 EFLAGS: 000002c2 [ 424.939474][ C1] RAX: a3dc63b339bc7200 RBX: ffffffff8161858b RCX: a3dc63b339bc7200 [ 424.947485][ C1] RDX: 0000000000000001 RSI: ffffffff8aaabce0 RDI: ffffffff8afc64c0 [ 424.955492][ C1] RBP: ffffc90000187f20 R08: ffff8880b8f36b2b R09: 1ffff110171e6d65 [ 424.963506][ C1] R10: dffffc0000000000 R11: ffffed10171e6d66 R12: ffffffff8e4a8568 [ 424.971515][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff1100364e780 [ 424.979519][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 424.988482][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 424.995101][ C1] CR2: 00007f2d1b783d58 CR3: 000000000cb30000 CR4: 00000000003506e0 [ 425.003111][ C1] Call Trace: [ 425.006425][ C1] [ 425.009383][ C1] default_idle+0x13/0x20 [ 425.013786][ C1] default_idle_call+0x6c/0xa0 [ 425.018591][ C1] do_idle+0x1eb/0x510 [ 425.022707][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 425.027943][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 425.033196][ C1] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 425.038887][ C1] cpu_startup_entry+0x43/0x60 [ 425.043699][ C1] start_secondary+0xee/0xf0 [ 425.048330][ C1] secondary_startup_64_no_verify+0x179/0x17b [ 425.054549][ C1] SYZFAIL: failed to send rpc fd=3 want=312 sent=0 n=-1 (errno 32: Broken pipe) [ 427.234110][ T8593] syz_tun (unregistering): left allmulticast mode [ 427.511576][ T5788] syz_tun (unregistering): left allmulticast mode [ 427.829560][ T5961] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.991212][ T7080] syz_tun (unregistering): left allmulticast mode [ 428.052987][ T5961] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.171365][ T5961] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.299293][ T8747] syz_tun (unregistering): left allmulticast mode [ 428.332200][ T5961] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.587888][ T5961] hsr_slave_0: left promiscuous mode [ 429.595223][ T5961] hsr_slave_1: left promiscuous mode [ 429.634897][ T5961] veth1_macvtap: left promiscuous mode [ 429.648173][ T5961] veth0_macvtap: left promiscuous mode [ 429.655006][ T5961] veth1_vlan: left promiscuous mode [ 429.661398][ T5961] veth0_vlan: left promiscuous mode [ 430.701003][ T5961] bond0 (unregistering): Released all slaves [ 431.261119][ T5961] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.344710][ T5961] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.436120][ T5961] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.507096][ T5961] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.664218][ T5961] hsr_slave_0: left promiscuous mode [ 432.671937][ T5961] hsr_slave_1: left promiscuous mode [ 432.678269][ T5961] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 432.690776][ T5961] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 432.700534][ T5961] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 432.713781][ T5961] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 432.722264][ T5961] bridge_slave_1: left allmulticast mode [ 432.727971][ T5961] bridge_slave_1: left promiscuous mode [ 432.740938][ T5961] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.763975][ T5961] bridge_slave_0: left allmulticast mode [ 432.769788][ T5961] bridge_slave_0: left promiscuous mode [ 432.780730][ T5961] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.838282][ T5961] veth1_macvtap: left promiscuous mode [ 432.843970][ T5961] veth0_macvtap: left promiscuous mode [ 432.849736][ T5961] veth1_vlan: left promiscuous mode [ 432.860292][ T5961] veth0_vlan: left promiscuous mode [ 433.549610][ T5961] team0 (unregistering): Port device team_slave_1 removed [ 433.596897][ T5961] team0 (unregistering): Port device team_slave_0 removed [ 433.640619][ T5961] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 433.690502][ T5961] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 434.194385][ T5961] bond0 (unregistering): Released all slaves