last executing test programs: 13m38.002690937s ago: executing program 0 (id=989): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r1 = eventfd2(0x0, 0x1) pselect6(0x40, &(0x7f00000002c0)={0x0, 0xfffffffffffffff9, 0x0, 0x3, 0x800, 0x0, 0x8000001000000000}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x1, 0x2, 0x0, 0x9e22, 0x0, 0x9b}, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000000c0)={0x1, r1}) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000100)="569534ab1bbe", 0x6}], 0x1) 13m37.004081686s ago: executing program 0 (id=992): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000b5403340861a22753635010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000400)={0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="9c050400"], 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 13m34.48101113s ago: executing program 0 (id=999): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000340)={0x1, @null, @bpq0, 0xffff, 'syz1\x00', @default, 0xfffffdb8, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) 13m34.239867932s ago: executing program 0 (id=1004): fcntl$lock(0xffffffffffffffff, 0x6, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x61) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) lsetxattr$security_capability(&(0x7f0000000340)='./file1\x00', &(0x7f00000002c0), &(0x7f0000000300)=@v2={0x2000000, [{0x5, 0x400}, {0x33c057da, 0xc8}]}, 0x14, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000) acct(&(0x7f0000000140)='./file0/file2\x00') 13m34.106893438s ago: executing program 0 (id=1006): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x100004) write$eventfd(r3, &(0x7f0000000240), 0xffffff14) read(0xffffffffffffffff, &(0x7f00000000c0)=""/154, 0x9a) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @private=0xa010101}]}, &(0x7f0000000180)=0x10) 13m33.814879353s ago: executing program 0 (id=1007): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0xa0602, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x88f, &(0x7f00000001c0)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x300) 13m33.265619239s ago: executing program 32 (id=1007): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0xa0602, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x88f, &(0x7f00000001c0)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x300) 12m51.752443841s ago: executing program 2 (id=1100): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0xff, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 12m50.300608282s ago: executing program 2 (id=1106): r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000340), 0x3, 0x100) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000240)={'wlan1\x00', &(0x7f00000002c0)=@ethtool_stats}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x8044) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r1}, 0x38) socket$nl_generic(0x10, 0x3, 0x10) getdents64(0xffffffffffffffff, &(0x7f0000001f00)=""/4111, 0x100f) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r0, 0x28, 0x6, &(0x7f0000000100)={0x0, 0xea60}, 0x10) connect$vsock_stream(r0, 0x0, 0x0) 12m49.228703144s ago: executing program 2 (id=1108): r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a240100f9ff0201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701040000fd80000000e80924030000000001"], 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0)={0x20, 0x83, 0x1, 'y'}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000540)={0x40, 0x31}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12m46.932528288s ago: executing program 2 (id=1112): fcntl$lock(0xffffffffffffffff, 0x6, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x61) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000) write$binfmt_script(r0, &(0x7f0000000940)={'#! ', './file0/file2'}, 0x11) acct(&(0x7f0000000140)='./file0/file2\x00') 12m46.831728073s ago: executing program 2 (id=1113): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r1, 0x7b2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 12m46.588196515s ago: executing program 4 (id=1115): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x4000000, 0x0, 0x3, 0x7fff, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_open_pts(r0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x4) 12m46.513418158s ago: executing program 4 (id=1116): r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000340), 0x3, 0x100) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000240)={'wlan1\x00', &(0x7f00000002c0)=@ethtool_stats}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x20, 0x10, 0x403, 0x2, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x8044) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r1}, 0x38) socket$nl_generic(0x10, 0x3, 0x10) getdents64(0xffffffffffffffff, &(0x7f0000001f00)=""/4111, 0x100f) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r0, 0x28, 0x6, &(0x7f0000000100)={0x0, 0xea60}, 0x10) connect$vsock_stream(r0, 0x0, 0x0) 12m46.456093321s ago: executing program 2 (id=1117): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001c00010a00000000fbc298"], 0x14}}, 0x20008000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x1000000000, 0x5, 0x41, 0x4, 0x0, 0x2004cb, 0x0, 0x40000000000a1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12m45.303086178s ago: executing program 33 (id=1117): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001c00010a00000000fbc298"], 0x14}}, 0x20008000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x1000000000, 0x5, 0x41, 0x4, 0x0, 0x2004cb, 0x0, 0x40000000000a1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12m45.295873038s ago: executing program 4 (id=1119): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x5}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}}, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="2703", 0x2}], 0x1}, 0x4) 12m44.487635268s ago: executing program 4 (id=1122): fcntl$lock(0xffffffffffffffff, 0x6, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x61) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000) write$binfmt_script(r0, &(0x7f0000000940)={'#! ', './file0/file2'}, 0x11) acct(&(0x7f0000000140)='./file0/file2\x00') 12m44.393870962s ago: executing program 4 (id=1124): r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad1010203010902240001000000000904290202b48cbb0009050402100000fa000905820240"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000240)={0x0, 0x17, 0x6, "000200000000"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 12m43.999844991s ago: executing program 4 (id=1125): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r1, 0x7b2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 12m43.643470259s ago: executing program 34 (id=1125): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r1, 0x7b2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1m35.37488866s ago: executing program 3 (id=3178): openat$ttyS3(0xffffffffffffff9c, 0x0, 0x21800, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000780)={'vxcan1\x00'}) syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r1) syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) 1m33.471892224s ago: executing program 3 (id=3187): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@ipv6_newrule={0x38, 0x20, 0x1, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x80, 0x0, 0x9, 0x0, 0x0, 0x5, 0x2801e}, [@FRA_SRC={0x14, 0x2, @private2}, @FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e22, 0x4e22}}]}, 0x38}}, 0x480d0) 1m31.124475159s ago: executing program 3 (id=3192): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x4000050) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) close(r3) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x6f6) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000007000000140001800500020001000000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 1m30.959141248s ago: executing program 3 (id=3194): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000340)={{0x8, 0xf, 0x3, 0xffa}, 'syz0\x00', 0x3e}) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r2, 0x5501) r3 = socket$kcm(0x29, 0x2, 0x0) r4 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0) pwritev(r4, &(0x7f0000000040)=[{&(0x7f0000000480)="db", 0x1}], 0x1, 0x4000001, 0x0) sendfile(r3, r4, 0x0, 0x8000fb00) 1m28.734293637s ago: executing program 3 (id=3204): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0xcf74, &(0x7f0000000180), 0x106}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) syz_fuse_handle_req(r4, &(0x7f0000004080)="6d797d42fb74562ec642068eb410c60f8cdc42cf09864b1dd1d244ec3ecfb9103306a02bd120cd2c684eee7cd734914ad7ec2bdd4402eeab7a2972f1672f126c4b5f6c5ff748548170bdf1020c2c3d09186940feb185436981cd578c3a2bdc19c16209468100cc1d67247885420cbc0ea004f07283bc4a5cf8499ad5ef4df93b2fa2eb26895ed9260cc61afbc766adadf7809b3a8f76d9f835acae2dac8abc42896374a6a82a8894552441bd0202daa10048b49d3bc74bba1e5258ab8ac5169facb96d9f68705a7709f6d9a66a9988c13d13a2b8b34d9f234e1c5fae79e4cb76ff3102184ed9032d2402087dcb3eff6bfac7bc4d2fdc9ea25f5289d52ed75ffcd83a2781eb4a23fdd078d1e53495305e3ed5bb4e060e89d6eb2b13586f7f5df32e34390d70f074b4f92c4624312698d86578f3d951021db151806fc314c98d819604d8d9572efc7dd71c0d1a9176ffbd48361908e927e03caa4c1ccc805fe755e616d983442660299e9dd34e5612eff964a45d613a832a0ef8e4410fcdb0313712795b369c08f907c91a4f20e5c18ff903e0ee410d77bc076f49debfd6e411104cace38e0318023527d1c54cec66790638c9ee70c29de0406b3483ca1663245edcda56dc9612e93f40f19cbde5cabb8816d7b75a266e404a8e5364d43c08cf5cc645b533c4b6fe349819c5374fac7a923a7a803ab138c873aee3718921043a60a0ce84df8b991dfa525f0955acbc866182f2409d032981ad824f037ef068501f955898c4500049f0b30014832e3b668f5873305ebd1e094f244caa90610be83a5f674decf451a82d9edca6664da89cad8dc212943828570fb365b41993f89c6d36c579157c4055a77eb1dad1dc466e743129e5e3098f4432fbe289111e102223ff04d02e8108b0925ce76118445efa09233e579f398ab373303c0bb64ff82ddb597040e58a61f82cc56161eaec13ed297a8daa9514468283037e5d0077c9803b69421070718fba4865e4b9c6d7d272c562cc4dd998e16fe288dac68b0bdf05eb2a02fd40b900944d10a94f2b3be9b6c6dc628044aa9eaf34e0474771c10bef03f6af2029643acc1e97efa0748cfca63aa9546bbfa6d7533c4dab0b931ac35b331aef91a80d5ea08ba35cf66e1779298d3338114c12f024970d12af8d67f9b165c15a8b7e37c14c2d512dca76cf6077e2011bb47cc993f3088027b2d53daca574e8b443fddf5c252788854be8aec357db43f2147f23061641d2910a4a503a3a9ca86b3656d37d443e5e4207bb38b6e8879bf3de21309eb90113ccaa75e1d1e0900efc17aecd35078b8f3d579d2d4fb576127278290d6a9ea379e22dcc4ad369d3405311efbc74702020d6cdb31267c2e4dfc6a34bf39c9db32da7f387760909843fbd02e9e291e838fcd8faac4c9ad909cc19440bb775070496ef69250f4cf90372c0f1835dacd4d605a69334d73b1228cce41fe3c6457a37531bbab6d8b15a8214ff3002d29016932de969f05ed64b720ad249b8164ea82fde08303277e7d5f0d3e86bd6021024bdb1d24afe3ae28cece041943db60034fa11c3b6ec7b09c117b086fa4016e68e46678a7c5e91c40d2866295247276109a8778b043b51ffe3ec33dbb665806cf6ca41e7143885b6ca920fd8caf475ddcc698a09d368c721f048efe9e0d372d9cc58deba32f81e7e7f6d53209050d72545bbf04356ea95c9bcec3b8b87f56963111c5454b30a12b8479afc26361a7e00a66c03aae8ebc3348ac2e9b0f52453a32efa9b8ec038e671122dc2965d3b7395051974088f4aa47a76327a0dffce6db0a2cd65e2da5539fd7673911d5605cadf30d85563a60afd58767b6adc549173818de01b0de192894a76bc4e62d8c9e341729e6ef37574cf63c27674081202b8ab9cb9d92d346b1c2dadb253532c1674b2440504f8430c0a2ae5829b016af877831ecce9b13743e821436a6c1c46a1176922dbf2721d9722edf72817f8d15fa5c7ecad046df91bb57b8d16244527c855a40403ddf1757c31361c8bec9b5701b5c10a1e96547fa2c93e03f264a366a96666e24d7f908f6fa4c3f26722961e70adfc4ccd413c2c05adeda400de500babfb80a4e4ae5e9e04444c55f006337c0a98c33f04ae0a6620a1acbc26b5c7d125c30ca542c64604a109c6022029da452a717b219456cca6bc9959f088a5f2360c390b531baf92ae2429a2d0b6c7a20c137a3a0050ae2216b871c03c56410d28472d1035bb870f94589b93ceb57a504bba5acb7a6f77699fc10ea96d8e8fb913ca78c0af33a8435344b71531207344d78ac349894aab972c1b471d52b266bbe4313ef2ba71e7a4680ff442a358699c1e18322dfd50c55b637b6e6d5f02fa61b0e8ae4ef7cbb6359f70028a6b60fe901b2ad97a62b5d527efaf5ebe23fccd80d80e02eabb1be14d40faac8a56b4785fe47c8ff4ac4ad7fcef2134b1ec599074dd45d2b7a5c45845787e0490d9d7db95b58b18f14ae6ccc39623ba0fdf64c8d027f1e7652cc90e82732d4292f4ab0f959a44ff906484fcf83e222088345541ba2b1c50b63711d8adb63c8556452c142de8a06f4b28a86f629cc1dc713dcddcfebc8b1420a603fb970ddaedfc82250637327beb5c0ad04947477bc9aec0914cd78cbf5060e4ef7806b3443c85dbe79b8e87807b1a8d141583998c412d89c23dca4aa16af321dead51a12a73be98bd8ebb4d58b3ccd2d67ec936f2596afff2ba4166015aa4cc6c433acf33df30e3d40a0d6468944a07d1f9eba1bb9eb03dbfb42ba790dc1e7f66ad1834fad94440bffe3879509120b6a5cd1890281bf0f4c2d1be00fbe6b2d09ebdf594110f2bda035262d4830dbe64aa3152612df991a6fe1d035e0b301cf527d74140c85ad79acc001fd2ddb3f283c21e8d253c6c4685584f753e01aae2dee4158c68e2e612f056eb602ad8199d84784e05b363292956247d1fd8e4201330d6060d66e10e316143015908554e5325550d61b8af87a92237edd75cf687919ed0164de95042cbcfe96b9102fe3b71f43bbb1fc24d9d2d0d81dad29ac18cce353ca7c4a7c32e12e451654addc5dc6a44d001c40913eaaf14dacab7037a68e9875ae51321d1852820794206fcc1cdd51443d5e3fcd1dc4dbf728d1ed8dc29437db0154c2f59d1d0d0b0048cb56ad965682afeda337b172cf6a77be36ab8424b919e493628846bbf485d5fefd73228e40295fa2070027f6f2ed565024b82d1058a1be0d0c364b765f2a58f382e378692d1ca4fc7f09f867ed4684dd82dd4c76e0e640f5f87d1c6c2fafdb733f1cef6572cb5e104ae9c94d26c81cbc9a5fd8fbe61ddbdc683b7f4030132b932abf0d66afafc9a9d3121f0ed962a14294bf0ba7b1d33d7808efa427b5531cd881b5c87ec159bc9557009d9762010a497ad52b57283cde9715b48a3e35a22aec3730a0cb476a59f438684346ce0c14f22d5f1e5826d3f670e9ef60f6dd51a11fd32eed673b9d0a12d8eeb8046b96c51cfc54c21b2c48c4a89273963b8345b01159f53f6b6589333afd871875b930d7a4e2e1f5dfb44157ca004a739b0e98562c83b1d8414220f677f2882ef6ab1039fc5f132d7f55046d0c9545033624338e2ca6bdfcdd9d78306818c6214f524a7d036c80b5506f97fe383c1cae3c73dd2a0c628bff47d13dc7d9f88a3c1bb84ccbcb82fd881c6f5e9aa7516bec86fd6bee49f4db3bbf468922f1ef37c499b011e36173edc0ccb92d13dda668cf88bb99649e606fee23d3d3bc1fcbdfb40c7d4a4a60b89c63e65d02a283137561ccacd0c71cf70c6f039ebd1d29cd58571fa07d74187a7931d3d8b7db3062594b696b0e11a587724440bd77aa01fbe26a031a4c3f16ef3ba7f7544d01e8b7dd0b74f3025fe54cd01be16ee80ab0cd7c56671390f2e9bd62b212cf3ff58da7207846bacf85858130a89a2cb45da85b3ee574e8bb43c6642a3060b6f07228951aeab0fe4f4099b86bf07ec39262acca7319df3d5d057baa794234b89eccf36da5d32e4a5283386a0a271be30f75917ffd9f6d96eb8b50a7f6a0b861c5d12a624f3630a18e3bc94eb58bc835cef0a1b77952df6443cc12f221fb8460f4862f382abe13b409056644ec46fde96e1992e79ec0acdf3066f77bbcd6cf1a24d9b49ce70bd3bc58cd898da801d6b1ab12fd7cecc29894b98d616ccff855116a8985653ca88722dc00aed777dfe1839251be42716824dc0c40b6548319f613faffb2f1900a1f563724b0dcb7aa694110d268e945747d860d4bcaba7837342e3d7f207547ba8c093e8d2a1a5e3e098d19343de5fa773642cfb1a2e49f98df7e13254787cc35b2d689db16e551917c0db1034b175d1f4647c35c4cfe8a871cc7983b052050be9d24ed6e6f70d9d4b7cdebc9ba7a761b8c5f2207761a6fe9db5d4ac975dbe398ae05ed180f028037f2d9684dd3b28135e150db8a8adc6c34d0cca2cb95e6babf8702f26062d0ff0f88fc915caee5597a006e211c61f6fa4ca685e79655af85cb3489f94cd9836af4b80cd20ed23ed8f3f4107814407715b471354c5274595963b00482f3723ca88f4eee346c78bd29d65899163d848c9844991e976ff817120a13ce40aab11632b6fdd9d00acb82a5ac7769a0a7ed5d30ae077bf393f5de5b12114e4d1a32c7297bc5e14b673c78cc675b097d56f7a35c3206b1584996972153e2446465492528e0565718252139e1cf500f05a0ca529d58f5b91fa9bb2321f4a508a7a8a92d0a7be5f4d249087176c7c23e27d72bd232fca3f7b36970daf2ccd64be4a798a6c30a068fbae324b4c158715949b37c3942f0eee35b90d2fe9d322420917532f6dceaf8633f4f9618f099ece4186e1adc1323b827c984ba54c887b462e169867c2e063fb60b7905f34ef362200559e4d02413667dde0c6111750995824c316305f2ddfa3035ee09fdbc28c7f3c095f5a4382ce033746394a37b4d8a61ae8c7270d3863df7382a4786d7bed9543538166dfd01d122a384a7a3de7958c0272a35856f175fa29ee100d2a0f3a6dacbbe8702cf7e8d307ac0cc7921539a371a1c2e7f834db5a903069c07ff562fee851ac9cc3f2f045146db26b13401258733c67d820d06aa068b789300ac90481f84725311544e9a2363f2ce502c02c100bb41e18a103c79bd2bf14f6b52290fa60d978c284f927829b5027ae0ea842efb3450a8ddcabf0eaff6a6a8300de389e78cee73bd8de9a2809e346ff6c79dceca4277eee4b0dae1a3e1740f306044d6e67a5783e665f9637a8f8154f9ebecf95f48146c750826fccebbb1bef247666a710cd71dcf3ac3aa9d0bccb4c4ad432bba642366e4a3b12981901358ee1d7babbb7e10737cbd8a1c159d8dd9dd521c48d2911ebb8162b51ea32185c37097c299c0e477914b49d04cabf5033a5a3660f829ce4dfb2f821e6cb19ce37df64f79eca0649ea8c6b41c6c5d08fb1dae021314609946310c833d08d46c026ddc5dbb7ac62f1123be2004729daa8156ee12bdde9529c7498c8d1a3fd59aa07b9ab7870c4e57b2f54dcc26edd206b28870cf346d741b46bcb508a5f9805ed63c6cb03a9334abfea33626b0681e59b1cecb02202c3190260b8e2963ee84d9a6b5e6be99cbf6a17e4a11e154c2a50d625ef1fd4690cb8e030e46e07c891e6db43626525d464302c44dbf65f71a485f9ea05c347b870bf63fddeaaa2336d9eca1d4c56e8a2734287f0f8a185bd8e3165a681175d1ee9d24f48c9182fd40179ea3d128c0b43c4e2c85eeefa4c932fcaf9297488a3d44e602477d94193410728a0ef0f6730e64b8cfb3e2235c6241d1252196f943d9eb9b2ce70f8c5cf21394875081f56ceb6749a8bfa43e0e545fbc6903b63c55b67ba1e064a682d58fb7117eab5407d1c998aa53a0ca190b0a4aaaa657299cee41be166a7622789b81cff0e892ba87c6ff22f29ed512ebe40cf7306b7597607de5c1c6fb2980a03cc0c6f396ecc27b6b5a3fb0a3f3375fccc397527797f6d1e98f9a873882f85a4e5b11eea65cddb12b0cec9e531a3b5de958963e20d8a520aa71588aa3ab92186e64a710ef07debe3fce6313ea69fd5bd45ca3d50e5c98ac632d5479bc0763b05509ffca67158ad8665cb858e4a8eae29ae667cfa8e39dbd15ca03846298faf7169187feae6e84deaee4ae51cd2016a867b3d11c4e6ec3ae39aeb8c8ec36a885e475f3e1e47e1fa464ef9569aba053cd066907a112612de411a5be0868543116f32d0781323c744dfeef87601981afe063122bac14b9059a68d9f356e85ec04c2767cbe79e245d791e8fb222b5134ce684f7dec8fc0630cc9aeb5fbc38dfd19628ece15342c941e52be8abf0d82ed7b0b4bf5e6184edcae53949ef5987fd7fc479fc9921f2f332ae68f5dde23a3dd0b4713c3d18913edd9ce59870f7d50fdf33f3d2e8e5045d35555b4db5f48946e1b8d8d682f0c2bdd2d0de6bfff349e5e826cfb2d18d7bb43347362f13f5e80619451527bf0d3cc617881ef718466bf2efcb5f1404c573df09e00a5c0d1648b04860ee20d9e79d4ebac94a35e0a4919b1ab0db9e9dbdce1324223850e2e137ebb0c0e1cd690a3c5c9f8576538cba5e3831e6ba56809644e389ee984df3ea8e4743d5d03619b713c984fe8b43c589b78715b9147384b5bb15af8898cd82b31aca722cbe7938f119251d9142f2661f09b49f99d8988c66198dfb9db7f225086bed1deffa78995a56f905a7ab978a9c557ea1ad306bc0cd1cd8e5acaec1e4430a42068adec4a73f891c8010f0271c38685ca66c36313d15ab5bb6948c089b1fccf7fbb340eb03446a9bcda34b2d14a11e09f71e799fda19dd85293e2b0e2ca3e68145b4ea5005592562962cc6c0b65c88d06067903716656a0a7e18ffb46162d6a0c1dac8b6c59541c8ef6bfcfa87ad59cb0e8ef6ef1d7f739c0a56cf975f9cca9ee89bac15cae197d02fc72505d23ebc6153491adccd22262979d2909fb8abd25683894e5a776824b81598a833e339a582b9ce3f8d7ce59fc3147eb3e92751867ee9c3506692b25b2d7f38d97280e85c01bf6d71a602d039aec747620d33660a9d5c9cf4010d01f9cb86db4704872307942df56f04cf6c17e57612635e769218cc91da9e2de29aac4563d695a6ebe249c14ba5332b54150a291bec28417febc4c3efae9e14a0323e561dbc80e98bf71deccff5babbcdc8015ef7a86a52781a67a4915645cfb18379084c58110f1294b2e08a6994d1a3dd4fb79437a75cdb05f36a7b3fdb449c0cea5682d37e5b0217676ff7a383a19d48860476b23ccb66779093b0f6b5b6a1ff0cef503dadf5b67382b2a501d0c13d89eec496374f43fcfa751864330479e0d1f7aa0883c2aafbb5c21b06cbea3c8b515fb1f6d061e269c3de372dc48f0b1c0a935de648a0fc4a1a32ce6aaa8432240bbc977a0ece5fd60d92ba49f1443bfc83668e8251260a5b275098e4a072d44726b91d850bd9c2485cacbf2b33be73785421c2fb259b0c1c0955339713f75ca72b9bc56a7167d8a942015385eb4f1bc3e07b23a71779d043a4f420b0fd9e889d398c955f13542c811683636b71a2fb178e951e37ed5519146c5d61e697d1148458c2f224dc6911363edd1b4d30c5cb12d0e2fb035adc33656615c05266f32c2faf5144e24086c97816c87569feb1fd41775263999ff057d9832b872506aba01db7482251f65a74c66cc01b83056970f843ef58df0d89c44f9265d5bfb50c287f330795b30848341dd26683e5df82bfc1cd1a3f2df3dae99fc38edcc614b39c8a8fa6ada4b5dff08914a92b6a16b05f13bbdbdc5e9f14808e827ee5f364ce115e12bce05122f0dea62d8dd41222fafa3c6bdecea63d3fbd0bfdef667d6ac12b6918273631bf0ec25da2783f06f77a9a0ef2490afe43f3e8b0f553c0c1078141ec0d8f426b1924bd464e4240cda50e9b8a97050360a617eb4f88baa158da8672572f641b20ab3bcbab3d38ff3c84c5c3bf309e26c8ba735503700028c0806c29e02d0a0ed73b9c5c2f2a39f57ee08b935e6e056f01733a12b08603987b14aa7fc542c65a0c03e278723127bced6ac65d2386cf847a73057d19795d5a7517e71d5e480b7380866a64da32fcd1158af9a82559898a7931535a4b75326e2769711ff857d180f16acf316130574fd37bdb658b877f06db42ab96641bc75e3d4ad7fdd9028072139dd3019b03aad32907debef345bcc57423ddfc94683884a00c5f864b8c2dd5af081fa970da251d3afc65dd360c661d8ee2ab58dc9060e2d98b39ae95bb89c319cc93c9e653bf9db205338dc5528c11a391137fe496d726f1407945b243a49a1f3a786047fc47d5e5074e0ec678f26f30cba747d50070c00323d16cff4b06089830931ca704d386140f9c201a5b50a116410be001135aeaf30d7918ccdaf35482659fbb2933e97f1a2e0fc20e6a610e37511d06d4cf931e54ce8f5ab5f688e460e3943bbbe6949a8b4ae309ee31330ece6cb9dfcae0035f3808b7295776ae7bdafffadb6113faac5cd966c2875abb7b20f1b298b48cb78c467f1be92cd3a9d0fd35b7720334274a53a6cbd041b85b6f8f9d622293f0e95a8835204de1faeb7fcdcc57fbdf0afc2e6422bc114355cb5bc979f1bf6d0fb6eb31ee98e06cdcaa1ac36ed3246d85cbdaf999da5d6a7187e8622e6d224c5549a2f2802691a08242ed44a47fc9ad627af949ec3ab5b191025ac75ee7746e2762b530a622a716edbf341e4f9e04fa5d3f77c78dcde06f3845f45c8c1954120ac5949da541882d99adbbca4b0e422e4364289ff1a903bfd1ee63faaa40ef43d3e54249909066e1727591a9632cc8440dcedf931a823e9b542d51aee43897bbbc1f652ae774c326e8400a3a6ab8d90a04e5724fb39c05875ce5afff0502bb6164bc65c107593c155da4b77f136a34c9ec39a4e70cdc4f7fec68245402b2c0fb508eac623ab41a184d3bebe5e9f24c6590c1fee571ed55a76b8554b12116a36101691397d532b46924e6ccb688ab52ffc44f8a670d542477ebd3756d6ef5373024d3f915c187a35feaf39b76453ff835f73862bad13f19e76d47c70122911431e5f71b05a9728631df66b162e708584e83349db1a68368a37cfb4e16c9987a956b3018f2f12c639bf90b5fb0f0560fa7c19887a9d12316dab9bb515cddbae2e9056a556919476b47546c0dae631a88eb8bb9da49879f56efd3d1b65d50bb01c8b4ddc20374877189915cc5824200dfac8f422364b7178f2e7799665b464ac9ec54ffd87fc8dc68e08ab178059ec02bff4ae3c683d0c96796765bdc188c1a4ef46cfa9e6376678245f8d0c907e83e6eb78ffb19e75534925b5b5bfa489fb9cd2c68f00a079c9b34dc45e76044bbfc87c75bbdc5ed0ea7ca0f249007be79116fefa74085f982f670f821ccd0bb14e1086b677f379fd1a1c96bbb4a7338e867d3f91f41b0a7eb2f1104c2ed1593691e601f2e045b3db1cac5dc0d3b302b54967558057e767c4a96f0355d97beace9fe05f0513629b2dd4e86e523d16d7e2e129264e1749b07c062d3a92d96fff5cc976855540eb441a3cef8fc59bf236c85e778b04e30fa807c3ea634af17f005fb55b55f082ca54fc154e6b9df95b951ab9612da7223efc8b63f4528dc3353a15988790d507d9fda18dc8c4adefebc12567e040fd49d2d571437bada1c08054f45545e5cb33c8db8e5b4f2d6735a7fad407fea2ac6e516016c186b7a9b5586650178b3c201eb4fcda3a22291c1f5d66557675dfc73b17edd463abd17a3ec0f1b28adeb4c294c37900002665d504610d37de5dc68fa03e16243ebca169797205d2b24cd64cb1e37328530d68c9a279e36aa0c7f718831ac30607633eab2c9e1b8d6b78649a78fd573d07f0edc18d2f52da2213e2ad44a4bfb3a80ae71d8cf57a2ae2658999d542f7c46da5a30f0f4a82296d0c95e4c6f046db42a00d8631b120a64ee260bf4dbf29103d4e2233fed2ec9ae65fb109f212f967c34e0efb52f56a9a7ab4de472f9cdb0fbcd13fb042d80216c4c717e77a5e6a9118423e0a6dc9d2f3cef598fb9bed6b4e66b279ebbc265560a471d132a854ff230673e843338dcb1ae202c797cfa59dd18eb46e313f1b0dcafdb6518c1da6b08aa1c92bd433a0b65358356a8d03a454f96add1237380049b2567a24836b7bfbdfa58186f2e295e0911dcad6c5413fb36a6e637156291efc016e8513664d515d3ddba1d2c63fa6c5a3331c3cb2f5e2eaad83a75588aca785ada46973d8a2d89686a416720a8f98e1a1eaa8c95aa0bea1dad03ec69bc4bf8300a821f67db4e0c1aab57ef1d1e06880130f6ffe76297acc62879f60e03933666a0da462b7a6b584d28041a3fbafe9a08b7a4664c46b8d40ce4f31a14b122ad74cc4a003f591e019e23cf764795d4235cc8d491c58d3be78a781a708d9fda492306a5afa7c0a43f52f39cafc6a6abc850bbbfa6254fdfd5115727210e19ec8a8857c10a9e9d5cb3001c6e04132667a30a6528e8b59661b483e5365761ac0f5c61e339833b35fd8159875177ed2b78df49ef83b45584c4609562ed2e8bb9add69e88fc0774517a15575f0250d26ae8f6f138daba5311b492c986005bef123a6fc3c1912e378cae2b64e58542293489d5a0f8b582b089c1b05f3ad0aec776b9dcfc0feb1386a98b7e2e09671a73f0eca92364d7f6da861280815b71e48934bc3d321da07878290ec81d3c5c64b8d7f55c1d2e2713edbb5fef28bc36d02302b01c4c29e5df4a9692b41e8d9364e2e408c55b9b14d3ad93889a48787df0673c3df6ba3d9222ee348199aba478e2d398b1e4ae012ca19473b3454327e5bfefb3c56576b6a6c035466f7641464806e63d7086223395a58d886b0dbedd365ce840a6990f56d697605b7d0ac60809270e4e392e89413cc94cea1cb277c4aee023bf90ded9910c96eeead4c6a10ca17151c4966f84bea565746eab573e4295e564d41bc5a6cc9df38c3d7cbd4cd618bd9f292daf95472839fe71c1edc202b6b8b5b939250934ab0dc978397fbaa7533fcce0c4b2eed8ad47779aa4b21504307c7d15e0bcb01bb60e5bafabe66e4b689e4873a1067063e17ba7d647a9a047b1b4ef7350402653b564ae1b34b8597a2357891c90ca2af6b68b794680a0511279fd213eec48dfddba7cbeeb9f9335a0679b1e6db44f27b12d898575d157c2159a86f676df18858857582bffdc006d4732257ade5dde2d1b2cf316fe2a7c5b44505cc808eae5427c43d50e9b99f9317e437df2bc640351e3e8ac249c42f782d07886b6d8875c253ee0e489f1196fa604747586df87e18a893721e6cecfe61dd82daf9b3e4f1eb745c93402c121bb639c56b91bdc77262acfa55389ede1f092733d8a69ae759f82ceda537ffbf32b65138aa3e43e8883048eccf0929de8dee297c5eee97ac7633beae01198e1b00c11276502e7660cd1f59ac619200042656c6e9757b082d374c80182290845f1bc8f2589eaf96948f148ebe675ee7fdb83e32a18eade32f99cca160a4d3504c4bea9c82cfdfe1dd80fbda7c484f2c17c20eea00", 0x2000, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000002f40)={0x78, 0x0, 0x7, {0x7, 0x0, 0x0, {0xfffffffffffffffc, 0xfffffffffffffffe, 0x400, 0xe366, 0x0, 0x6, 0x1, 0x2, 0x7f, 0x6000, 0x4, 0x0, 0x0, 0x2, 0x10}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(0xffffffffffffff9c, 0x0, 0xee01, 0xffffffffffffffff, 0x1000) socket$inet6_sctp(0xa, 0x5, 0x84) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}]}) 1m27.675887319s ago: executing program 3 (id=3209): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b0000008000000001000000ffff000001"], 0x50) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000000c0)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x70bd2a, 0x25dfdbfb, {0xa, 0x0, 0x80, 0x0, 0x0, 0x3, 0xfd, 0x9}}, 0x1c}}, 0x20000090) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x200000ca, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000005c0)={r0, &(0x7f0000000080), &(0x7f0000000280)=""/250}, 0x20) 1m12.524138194s ago: executing program 35 (id=3209): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b0000008000000001000000ffff000001"], 0x50) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000000c0)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x70bd2a, 0x25dfdbfb, {0xa, 0x0, 0x80, 0x0, 0x0, 0x3, 0xfd, 0x9}}, 0x1c}}, 0x20000090) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x200000ca, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000005c0)={r0, &(0x7f0000000080), &(0x7f0000000280)=""/250}, 0x20) 6.564815657s ago: executing program 7 (id=3501): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1206"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x13141, r0, 0x0, 0x0, &(0x7f0000000000), 0x10, 0xb7}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r1, 0x4010744d, &(0x7f0000000180)) 6.386964035s ago: executing program 7 (id=3502): syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000000)='./file2\x00', 0x804818, &(0x7f0000000100)={[{@check_relaxed}, {@check_strict}, {@hide}, {}, {@unhide}, {@nojoliet}, {@map_acorn}, {@nocompress}]}, 0x2, 0x553, &(0x7f0000000b00)="$eJzs3dtuE0kawPGvQ7JYXim7WlYIRQGKsCsFKZi2DUYWV73tslNgd1vdbZRcoYg4KMKBFWGlTW7Y3LAz0sxDMJfzEPNGaB5hRn1wjj4AOU70/1lQ5e5y1deO1Z8qcVcLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQy63ZdtGSpvE6S2o4txb4rb2n2auPbJB7B4oR44pY8T/J5eRGuunG3/d2X4//m5PZ9Nms5OIiJ9t/vv7XJ9cmJ/qvHxHwV/npG3va3Np+vdLrdd+dVCAX0M2rw/c1tGdC37SchlYm9FW1UrEfLNZDVTdNHS6HkW4pN9BO5Adq3r2nitVqWenCst/xGjWnqfsbH98v2XZFPS20tROEvvfgaSF0F02zabxG0ibeHbd5HH8Qn5lIRdppKbW23uuWxx1A3Kj4JY1K4xqV7FKpWCyVipVH1UePbXvyyAb7EDnS4uQ+tPhjOsGzN3A8E1n+l6YY8aQjS6IGPlypSSC+tIbsz/Tz/z8f6JHj7s///Sx/Y2/3jCT5/1b67Naw/D8klrN7bMqWbMtrWZGe9KQr7849orN9NESLJ0ZC8cVIS5xki8q2KKlKRSpiywtZlPpU/EOsi5GmaAllWUKJRCefKFcC0eJIJL4EomReXLknSopSlaqURYmWgiyLLx3xpCE1cZJe1mQ9ed/LoqxhMe42Kg49jHz/c9eV0oijJf/j+E7y9A0cy2/9/A8AAAAAAC4tK/ntezz/n5KbSa1umto+77AAAAAAAMAJSv7yPxsXybezborF/B8AAAAAgMvGSq6xs0QkL7fT2ppYyeVS/BIAAAAAAIBLIvn7/624SNZAuS3W7nIpzP8BAAAAALgkvhu7xn7Yvmr98qsEwZS10176h7WRrM3rbFxJX3flcI9RfcaazjpJikpaTE66etbKpY12F8H8nBVr4+Kw9gJwdgP439cEcG1SfpA7aZs7q2m5mu35SzpKvm6auuD6zSdFcZzpiUgvRf95s/5fSQ7/e681beVkvdctvHzbW01i2Yl72dnIFlA8so7iiFjeJ+stJNdcDDziqeRCjGzcvCVr672u3V66mvXsbEyklYmDI36YHjHmR5lLW81lK97m+3vSMXPxmMXCsKPPoige88g/yt20zd35u2kxIIrSuChK+6MY/F4cP4ryuCjKx4wCAM7L2pgsZMmRvPsNZ7lvy+7yldn9o8ynbeZnkhPr5MyAM7o97oxuHzO7/XzkHkjDcmw87o+Hsuqn+AWfho4bNktW/BZeeb/xb7m+ubV9f31j5VX3VfdNqVSu2A9t+1FJppLDyApyDwBggP332LEG5v+xd+GxHmaz6p3Ds+os4/1t9ysFBXkpb6Unq7KQXG2QfONgYK/5fV9DWBgza80naTK9w8vCiFndn5KrHPr9lka2PRhD+Sx+FAAAnJm5MXn4S/L/wph598FcPnp2nN93tzYAAHA6dPDZykf/t4LAtF8Uq9WiEy1qFfjuMxWYWkMr40U6cBcdr6FVO/Aj3/WbceW5qelQhZ122w8iVfcD1fZDs5QsH6iyW7+HuuV4kXHDdlM7oVau70WOG6maCV3V7vyracJFHSQvDtvaNXXjOpHxPRX6ncDVBaVCrfc1NDXtRaZu4qqn2oFpOUFOPfebnZZWNR26gWlHftphfyzj1f2glXRbOO83GwCAC2Jza/v1Sq/XfXeKlYED5878UAEAQGZMlgYAAAAAAAAAAAAAAAAAAAAAABfAWVz/R+WSV/pLQV+UeKicQGXsqePDqZ+cAJyq3wMAAP//5sZO5Q==") openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) 6.188012045s ago: executing program 7 (id=3503): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x3, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x5, 0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x0, 0x3, {0x5, 0x2, 0x6}}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000880) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$unix(0x1, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f00000001c0)=[{0x0}], 0x1}, 0x5) 5.848030292s ago: executing program 7 (id=3505): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) fcntl$lock(r0, 0x5, 0x0) 5.776800526s ago: executing program 5 (id=3506): socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000180)={0x0, 'bridge0\x00', {0x4}, 0x2}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000900006440000008001b00000000000500100004"], 0x30}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xfff1}, {0xe, 0x10}}, [@TCA_RATE={0x6, 0x5, {0xfc}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0) 5.583376205s ago: executing program 5 (id=3507): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/consoles\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x20000023896) r4 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendmsg$inet6(r4, &(0x7f0000000880)={&(0x7f0000000000)={0xa, 0x4e20, 0x2, @mcast1, 0x9}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000001c0)="8000e8beec9dbc13", 0x8}], 0x1, &(0x7f0000000040)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}], 0x28}, 0xc000) socket$inet(0x2, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='nodots,allow_utime=000000000034,usefree,check=strict,dots,\x00'/70], 0x1, 0x1e9, &(0x7f00000002c0)="$eJzs2k1rVFcYB/Bz05SkCXkppS3Jpoe2i3ZzabIsXSSUBEoHFM0IKkhuyESHGWfC3FnMiItZu/IjuBaX7gTJF8h3cOEuCNFVVl7R0bwRFyrJCPn9NvOHPwPn4cDhWdydf+7frm3k6UbWDkNJEoYWQi/sJWE6DIUPeuHP3/9+ee/y1Wv/L5ZKS5diXF5cmZuPMU7+8vT63Ue/brXHrzyefDIStqdv7OzOP9/+aXtm5/XKrWoeq3lsNNsxi2vNZjtbq1fiejWvpTFerFeyvBKrjbzSOtJv1Jubm92YNdYnxjZblTyPWaMba5VubDdju9WN2c2s2ohpmsaJscCXKD/cK4qwW3y7Goqi+O5BGN8KE8/CVEi+j8kPC8mPq8nPvWRmtyimBn1UToX7P98OPeqjIbzodcqdcv+33y//V1r6K74zffCvV51O+Zv9fq7fx6P9SBh738+f2I+GP37r92+7fy+UjvWzYf30xwcAOHfSuO/E/S5NP9b306H98Nj+Nhxmh89sDD5T3r1Ty+r1SksQBGE/DPpl4iwcXPqgTwIAAAAAAAAAAMCnOIvPCQc9IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HV7EwAA///n0Xgk") open(&(0x7f0000000780)='./bus\x00', 0x4c07e, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)=0x100000000, 0x12) r5 = socket$nl_route(0x10, 0x3, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f00000023c0), 0x80, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0) 4.639465441s ago: executing program 5 (id=3509): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x4000050) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x6f6) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000007000000140001800500020001000000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 4.139847236s ago: executing program 1 (id=3512): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000280)}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000811c0900000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x4}, 0x94) 4.007866842s ago: executing program 1 (id=3513): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x3, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x5, 0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x0, 0x3, {0x5, 0x2, 0x6}}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000880) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$unix(0x1, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)}], 0x1}, 0x5) 3.820622932s ago: executing program 1 (id=3514): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6, 0x37, 0x0, 0x9}]}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r1, &(0x7f0000000480)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd", 0x12}, {&(0x7f00000004c0)="b70000000180", 0x6}, {&(0x7f00000003c0)="06000000a2972c226ce3bf750d08c4daf10a7742e39e31ceefb1fcd2e5bc3fc84150da0d", 0x24}], 0x3) 3.686863298s ago: executing program 5 (id=3515): r0 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x1ea1e2) openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) writev(r0, &(0x7f0000000000)=[{0x0, 0x20}, {0x0}, {&(0x7f00000005c0)='2', 0x1}], 0x3) 3.584018363s ago: executing program 5 (id=3516): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000340)={{0x8, 0xf, 0x3, 0xffa}, 'syz0\x00', 0x3e}) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r2, 0x5501) r3 = socket$kcm(0x29, 0x2, 0x0) r4 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0) pwritev(r4, &(0x7f0000000040)=[{&(0x7f0000000480)="db", 0x1}], 0x1, 0x4000001, 0x0) sendfile(r3, r4, 0x0, 0x8000fb00) 3.4516765s ago: executing program 1 (id=3518): socket(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) close(0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x3, 0x6361, 0x5, 0xfffffffd, 0xfffffff3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc04c001}, 0x20000804) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x19}, {0xb, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x9}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x1}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000050}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.909835966s ago: executing program 6 (id=3519): msgsnd(0x0, &(0x7f0000000000)={0x2, "a31934321d0575403e91901180245aa13f2ffb336a09bb9a4a8ccc0f8256880e68810ae8ccde1157d5ecafd06f358b23c79ca4fb897dd8986d4db6dde423d3a6ed9777b47b8aee2b722e0299177b6ea7708876c654d4635d236181f3456596dee20d24b628e1429770da04062c764acc29fc113c36edda278c82dc3d888a1e2b320d6e501a2c1179ce94da407bcc881884b8c6c63f0fa7737bdd25ad69a6b91efc799b2fe243ee2005434c17d039485929ab11a8a55b492c3f7b7165f53c7a9d05233e4f64643a77028a218894d6e4ad52517695f13b149d338bb2ac542480a7c5fd3b7af7cfb186c2421f9d7fb2c08fdbf9f7c435d54f8020c8651dbfa3bcbd050c893dd5261eba927eb67db16e87ad71a0ee68f12fe8f98401254e3dd6ae6468fa996bf2dea268ee7c382554bc5202fef6c40f8b93c5ed4ff0dce2e6f2102a0c081c5950d87cd3a4d8e13dd79155bf23743b2cee654314ffb9375ac16ed09ec16e727cb9e93473127f46a88955aceca9b54433f249cec03ca1aeba92178ffbd34e36d30fe8594061ffd04e2b19b682b9ef5c693f19ee6bd634e67daa0b6ec2262b7ab7f1fa301e3dc385c685add64b8977cdb2a87f43ea6e26189e6cb153b5f29cb173ecce1a3583322369522db71dbe8bb4865fb4f29fcca0b652df5fca81e5e4ac27969c346abb1326075d7aeace162bacbe3778a5f3aca6dec01d4ec2792fe30a599d6038f1b0058ed5b69333bd0a7d20a7889588"}, 0x21f, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='&'], 0x1c}, 0x1, 0x0, 0x0, 0x40800}, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x20000000002, &(0x7f0000000040)) ptrace$cont(0x21, r0, 0x80000001, 0x4) 1.516001205s ago: executing program 6 (id=3520): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x10, 0x0, &(0x7f0000000240)='GPL\x00'}, 0x94) r1 = socket$inet(0x2, 0x80001, 0x84) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x10, 0x35, 0x1}, 0x10}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.370080592s ago: executing program 1 (id=3521): r0 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030003110000002cbd7000fcdbdd2503000900800000001cdc0dca1d9f68846960e56de42944af05000600002000000a000000000000000000000000000000000000000000000102000000000000000200010000000000000007160000000005000500000000000a"], 0x88}, 0x1, 0x7}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="640000001000370429bd7000fcdbdf2500000000", @ANYRES32=r1, @ANYBLOB="890c020000000000440012800b00010069703667726500003400028008000100", @ANYRES32=r1, @ANYBLOB="140007000002"], 0x64}, 0x1, 0x0, 0x0, 0x20008000}, 0x20000000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x401, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x48}, 0x1, 0x0, 0x0, 0x24048050}, 0x40) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)={0x30, r7, 0x801, 0x70bd29, 0x0, {0x7}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x9}, @L2TP_ATTR_IFNAME={0x14}]}, 0x30}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)={0x50, 0x0, 0x1, 0x0, 0x1, {}, [@IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4}]}]}, 0x50}}, 0x80) r9 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004880}, 0x0) 1.190086551s ago: executing program 6 (id=3522): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x3, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x5, 0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x0, 0x3, {0x5, 0x2, 0x6}}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000880) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$unix(0x1, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)}], 0x1}, 0x5) 693.842785ms ago: executing program 5 (id=3523): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x4000050) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x6f6) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000007000000140001800500020001000000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 673.708076ms ago: executing program 6 (id=3524): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'wlc\x00', 0x1b, 0x3, 0x10}, 0x2c) 424.024389ms ago: executing program 1 (id=3525): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090480000103010100093700086ce8220100090581"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYBLOB="4c69414f55033cd673c68541"], 0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x28, r2, 0x325, 0xfffffffe, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}}, 0x0) write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) 417.524839ms ago: executing program 6 (id=3526): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6, 0x37, 0x0, 0x9}]}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r1, &(0x7f0000000480)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd", 0x12}, {&(0x7f00000004c0)="b70000000180", 0x6}, {&(0x7f00000003c0)="06000000a2972c226ce3bf750d08c4daf10a7742e39e31ceefb1fcd2e5bc3fc84150da0d17870910e462", 0x2a}], 0x3) 197.34939ms ago: executing program 6 (id=3527): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000200)={[{@nombcache}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@nombcache}, {@nobarrier}, {@init_itable}, {@errors_remount}]}, 0x1, 0x569, &(0x7f00000002c0)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=") lsetxattr$trusted_overlay_upper(&(0x7f0000000080)='./file1\x00', &(0x7f0000000840), &(0x7f0000000900)=ANY=[], 0x361, 0x1) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f00000001c0)=ANY=[], 0xfe37, 0x0) 60.771266ms ago: executing program 7 (id=3528): open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x2) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) setitimer(0x2, 0x0, 0x0) 0s ago: executing program 7 (id=3529): socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x101, &(0x7f00000002c0)) r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, 0x0, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1026.108269][ T9496] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1026.139852][ T9496] usb 7-1: config 0 descriptor?? [ 1026.310539][T15714] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2615'. [ 1026.354413][T15714] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2615'. [ 1026.461798][T15717] loop1: detected capacity change from 0 to 2048 [ 1026.583257][ C0] raw-gadget.0 gadget.6: ignoring, device is not running [ 1026.599687][ T9496] usbhid 7-1:0.0: can't add hid device: -71 [ 1026.616088][ T9496] usbhid: probe of 7-1:0.0 failed with error -71 [ 1026.646076][ T9496] usb 7-1: USB disconnect, device number 39 [ 1027.003123][T15732] overlayfs: failed to resolve './file1': -2 [ 1027.362972][T15740] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2626'. [ 1027.391476][T15740] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2626'. [ 1027.539489][T15742] loop6: detected capacity change from 0 to 2048 [ 1027.563002][T15744] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2628'. [ 1027.606610][T15742] loop6: p1 p3 [ 1027.606610][T15742] p1: [ 1027.629131][T15742] loop6: p3 start 3036741376 is beyond EOD, truncated [ 1027.952619][ T5759] udevd[5759]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 1028.220720][T15756] loop6: detected capacity change from 0 to 128 [ 1028.300620][ T5759] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1029.775061][T15767] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2637'. [ 1029.852214][T15767] netlink: 200 bytes leftover after parsing attributes in process `syz.6.2637'. [ 1031.234263][T11638] Bluetooth: hci1: command 0x0406 tx timeout [ 1031.955016][ T8] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 1031.976735][T15786] loop1: detected capacity change from 0 to 128 [ 1032.042121][ T5759] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1032.156288][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1032.174417][ T8] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1032.183771][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1032.198096][ T8] usb 6-1: config 0 descriptor?? [ 1033.083137][ T8] usbhid 6-1:0.0: can't add hid device: -71 [ 1033.089285][ T8] usbhid: probe of 6-1:0.0 failed with error -71 [ 1033.099965][ T8] usb 6-1: USB disconnect, device number 51 [ 1033.295634][T15797] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2648'. [ 1033.310736][T15797] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2648'. [ 1033.657895][T15805] overlayfs: failed to resolve './file1': -2 [ 1034.458382][T15816] loop6: detected capacity change from 0 to 128 [ 1034.592647][T15820] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2660'. [ 1034.602122][T15820] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2660'. [ 1034.619300][ T5759] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1034.641672][T15822] loop5: detected capacity change from 0 to 512 [ 1034.685197][T15822] ext4: Unknown parameter 'uid' [ 1034.749030][ T6262] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1035.254067][ T9496] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 1035.489036][ T9496] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1035.542874][ T9496] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1035.599421][ T9496] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1035.708649][ T9496] usb 2-1: config 0 descriptor?? [ 1035.833979][ T967] usb 7-1: new full-speed USB device number 40 using dummy_hcd [ 1035.963652][ T9496] usbhid 2-1:0.0: can't add hid device: -71 [ 1035.996090][ T9496] usbhid: probe of 2-1:0.0 failed with error -71 [ 1036.031655][ T9496] usb 2-1: USB disconnect, device number 86 [ 1036.107857][ T967] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1036.135943][ T967] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1036.154231][ T967] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1036.188392][ T967] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1036.205760][ T967] usb 7-1: config 0 descriptor?? [ 1036.223400][T15881] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2670'. [ 1036.277643][T15881] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2670'. [ 1036.403102][T15889] loop5: detected capacity change from 0 to 128 [ 1036.582452][T15897] overlayfs: failed to clone upperpath [ 1036.631475][ T967] usbhid 7-1:0.0: can't add hid device: -71 [ 1036.644119][ T967] usbhid: probe of 7-1:0.0 failed with error -71 [ 1036.653005][ T967] usb 7-1: USB disconnect, device number 40 [ 1037.009884][T15911] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2683'. [ 1037.090662][T15911] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2683'. [ 1037.399999][T15927] overlayfs: failed to clone upperpath [ 1038.393071][T15940] loop5: detected capacity change from 0 to 2048 [ 1038.468230][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 1038.495335][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 1038.505062][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 1038.512376][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 1038.522819][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 1038.530367][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 1038.540562][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 1038.548316][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 1038.557908][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 1038.566258][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 1038.578346][T15940] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1038.764075][T15953] loop1: detected capacity change from 0 to 256 [ 1038.856539][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1038.869583][ T8] usb 7-1: new full-speed USB device number 41 using dummy_hcd [ 1038.901125][T15953] lo speed is unknown, defaulting to 1000 [ 1039.079015][T15963] loop5: detected capacity change from 0 to 1024 [ 1039.095586][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1039.124171][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1039.166647][ T8] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1039.183112][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1039.200566][T15963] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1039.218712][ T8] usb 7-1: config 0 descriptor?? [ 1039.299390][T15963] EXT4-fs (loop5): shut down requested (0) [ 1039.368815][T15971] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4045: comm syz.5.2696: Allocating blocks 449-513 which overlap fs metadata [ 1039.435132][T15974] overlayfs: failed to clone upperpath [ 1039.827167][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1040.313063][T15984] lo speed is unknown, defaulting to 1000 [ 1040.451490][ T8] usbhid 7-1:0.0: can't add hid device: -71 [ 1040.478461][ T8] usbhid: probe of 7-1:0.0 failed with error -71 [ 1040.535947][ T8] usb 7-1: USB disconnect, device number 41 [ 1040.710921][T15993] loop1: detected capacity change from 0 to 128 [ 1040.763562][ T5759] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1040.811114][T15995] loop6: detected capacity change from 0 to 2048 [ 1040.869135][T15995] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1041.062420][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1041.748517][T16011] vivid-000: ================= START STATUS ================= [ 1041.756606][T16011] vivid-000: Generate PTS: true [ 1041.761587][T16011] vivid-000: Generate SCR: true [ 1041.766669][T16011] tpg source WxH: 320x180 (Y'CbCr) [ 1041.771803][T16011] tpg field: 1 [ 1041.776090][T16011] tpg crop: 320x180@0x0 [ 1041.780300][T16011] tpg compose: 320x180@0x0 [ 1041.784859][T16011] tpg colorspace: 8 [ 1041.788676][T16011] tpg transfer function: 0/0 [ 1041.793281][T16011] tpg Y'CbCr encoding: 0/0 [ 1041.797891][T16011] tpg quantization: 0/0 [ 1041.802101][T16011] tpg RGB range: 0/2 [ 1041.806239][T16011] vivid-000: ================== END STATUS ================== [ 1042.394791][T16015] loop1: detected capacity change from 0 to 512 [ 1042.523965][ T5759] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1042.736934][T16028] capability: warning: `syz.3.2717' uses 32-bit capabilities (legacy support in use) [ 1042.924047][T16037] overlayfs: failed to clone upperpath [ 1043.272425][T16041] lo speed is unknown, defaulting to 1000 [ 1044.006264][T16048] loop1: detected capacity change from 0 to 128 [ 1044.490619][T16052] vivid-000: ================= START STATUS ================= [ 1044.498477][T16052] vivid-000: Generate PTS: true [ 1044.503472][T16052] vivid-000: Generate SCR: true [ 1044.508572][T16052] tpg source WxH: 320x180 (Y'CbCr) [ 1044.513745][T16052] tpg field: 1 [ 1044.518967][T16052] tpg crop: 320x180@0x0 [ 1044.523281][T16052] tpg compose: 320x180@0x0 [ 1044.528666][T16052] tpg colorspace: 8 [ 1044.532564][T16052] tpg transfer function: 0/0 [ 1044.537460][T16052] tpg Y'CbCr encoding: 0/0 [ 1044.542004][T16052] tpg quantization: 0/0 [ 1044.546289][T16052] tpg RGB range: 0/2 [ 1044.551421][T16052] vivid-000: ================== END STATUS ================== [ 1047.624102][T16080] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1047.695209][T16080] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1047.830672][T16085] vivid-000: ================= START STATUS ================= [ 1047.838565][T16085] vivid-000: Generate PTS: true [ 1047.843571][T16085] vivid-000: Generate SCR: true [ 1047.848948][T16085] tpg source WxH: 320x180 (Y'CbCr) [ 1047.854446][T16085] tpg field: 1 [ 1047.857971][T16085] tpg crop: 320x180@0x0 [ 1047.863281][T16085] tpg compose: 320x180@0x0 [ 1047.867993][T16085] tpg colorspace: 8 [ 1047.871862][T16085] tpg transfer function: 0/0 [ 1047.876574][T16085] tpg Y'CbCr encoding: 0/0 [ 1047.881104][T16085] tpg quantization: 0/0 [ 1047.885371][T16085] tpg RGB range: 0/2 [ 1047.889769][T16085] vivid-000: ================== END STATUS ================== [ 1050.301593][T16089] loop1: detected capacity change from 0 to 32768 [ 1050.335764][T16089] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1050.346815][T16089] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 1050.369568][T16089] BTRFS info (device loop1): disabling tree log [ 1050.399088][T16089] BTRFS info (device loop1): enabling auto defrag [ 1050.409104][T16089] BTRFS info (device loop1): force clearing of disk cache [ 1050.416611][T16089] BTRFS error (device loop1): support for check_integrity* not compiled in! [ 1050.455204][T16089] BTRFS error (device loop1): open_ctree failed: -22 [ 1050.534469][ T5757] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by udevd (5757) [ 1050.755435][T16105] tipc: Started in network mode [ 1050.760737][T16105] tipc: Node identity 462f635cb709, cluster identity 4711 [ 1050.851816][T16105] tipc: Enabled bearer , priority 0 [ 1051.276725][T16110] syzkaller0: entered promiscuous mode [ 1051.315155][T16110] syzkaller0: entered allmulticast mode [ 1051.526819][T16105] tipc: Resetting bearer [ 1051.545494][T16104] tipc: Resetting bearer [ 1051.594188][T16121] program syz.1.2745 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1051.615545][T16104] tipc: Disabling bearer [ 1052.409024][T16143] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1052.477070][T16143] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1052.774360][T16140] loop1: detected capacity change from 0 to 32768 [ 1052.810880][T16140] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1052.836237][T16140] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 1052.848685][T16140] BTRFS info (device loop1): disabling tree log [ 1052.855424][T16140] BTRFS info (device loop1): enabling auto defrag [ 1052.862456][T16140] BTRFS info (device loop1): force clearing of disk cache [ 1052.870535][T16140] BTRFS error (device loop1): support for check_integrity* not compiled in! [ 1052.887757][T16140] BTRFS error (device loop1): open_ctree failed: -22 [ 1052.957145][ T5759] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by udevd (5759) [ 1054.087296][T16160] lo speed is unknown, defaulting to 1000 [ 1054.559827][T13013] IPVS: starting estimator thread 0... [ 1054.673439][T16152] tipc: Started in network mode [ 1054.700385][T16152] tipc: Node identity ee794c09fe3a, cluster identity 4711 [ 1054.764258][T16152] tipc: Enabled bearer , priority 0 [ 1054.768814][T16165] IPVS: using max 20 ests per chain, 48000 per kthread [ 1054.778554][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.784986][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.785516][T16156] syzkaller0: entered promiscuous mode [ 1054.818238][T16156] syzkaller0: entered allmulticast mode [ 1055.014769][T16152] tipc: Resetting bearer [ 1055.075550][T16151] tipc: Resetting bearer [ 1055.144483][T16151] tipc: Disabling bearer [ 1055.545232][T16185] loop6: detected capacity change from 0 to 2048 [ 1055.572322][T16185] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1055.759100][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1057.734665][T16200] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1057.743555][T16200] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1058.128235][T16197] lo speed is unknown, defaulting to 1000 [ 1059.686980][T16228] loop1: detected capacity change from 0 to 8192 [ 1059.744234][ T5836] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 1059.855835][T16235] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2780'. [ 1059.950922][ T5836] usb 6-1: device descriptor read/64, error -71 [ 1060.301528][T16241] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1060.310719][T16241] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1061.753990][ T5836] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 1061.785982][T16238] lo speed is unknown, defaulting to 1000 [ 1061.904635][ T5836] usb 6-1: device descriptor read/64, error -71 [ 1062.044479][ T5836] usb usb6-port1: attempt power cycle [ 1062.370807][T16256] loop5: detected capacity change from 0 to 128 [ 1062.994548][T16257] net_ratelimit: 22 callbacks suppressed [ 1062.994565][T16257] sctp: failed to load transform for md5: -2 [ 1063.126909][T16256] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1063.191073][T16256] ext4 filesystem being mounted at /378/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1063.736699][T16277] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1063.745828][T16277] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1064.453290][ T9975] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1064.564427][ T23] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1064.776121][ T23] usb 2-1: Using ep0 maxpacket: 32 [ 1064.791736][ T23] usb 2-1: config 4 has an invalid interface number: 128 but max is 0 [ 1064.824029][ T23] usb 2-1: config 4 has no interface number 0 [ 1064.844453][ T23] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1064.853244][T16299] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2799'. [ 1064.864517][ T23] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1064.890713][ T23] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1064.900889][T16298] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2800'. [ 1064.902456][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1064.932744][ T23] hub 2-1:4.128: USB hub found [ 1064.945512][ T8] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 1065.060810][T16302] tipc: Enabling of bearer rejected, failed to enable media [ 1065.104261][ T8] usb 7-1: device descriptor read/64, error -71 [ 1065.386055][ T8] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 1065.414457][ T9496] usb 6-1: new full-speed USB device number 55 using dummy_hcd [ 1065.544001][ T8] usb 7-1: device descriptor read/64, error -71 [ 1065.608261][ T9496] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1065.623785][ T9496] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1065.634649][ T9496] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1065.643721][ T9496] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1065.668248][ T9496] usb 6-1: config 0 descriptor?? [ 1065.674855][ T8] usb usb7-port1: attempt power cycle [ 1065.773915][ T23] hub 2-1:4.128: config failed, can't read hub descriptor (err -22) [ 1065.787589][T16306] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1065.796438][T16306] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1065.896739][ T23] usb 2-1: USB disconnect, device number 87 [ 1066.104430][ T8] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 1066.134925][ T8] usb 7-1: device descriptor read/8, error -71 [ 1066.330081][ T9496] usbhid 6-1:0.0: can't add hid device: -71 [ 1066.347827][ T9496] usbhid: probe of 6-1:0.0 failed with error -71 [ 1066.367047][ T9496] usb 6-1: USB disconnect, device number 55 [ 1066.415250][ T8] usb 7-1: new high-speed USB device number 45 using dummy_hcd [ 1066.479977][ T8] usb 7-1: device descriptor read/8, error -71 [ 1066.565487][T16332] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2810'. [ 1066.604445][ T8] usb usb7-port1: unable to enumerate USB device [ 1066.725323][T16340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2811'. [ 1066.855969][T16339] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1066.865357][T16339] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1067.120241][T16349] loop5: detected capacity change from 0 to 764 [ 1068.290622][T16358] syzkaller0: entered promiscuous mode [ 1068.304160][T16358] syzkaller0: entered allmulticast mode [ 1068.361487][T16358] 0: reclassify loop, rule prio 0, protocol 800 [ 1068.511321][T16362] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2821'. [ 1068.674375][T16366] tipc: Enabled bearer , priority 0 [ 1068.687200][ T23] usb 2-1: new full-speed USB device number 88 using dummy_hcd [ 1068.705308][T16364] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1068.712132][T16366] syzkaller0: entered promiscuous mode [ 1068.714106][T16364] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1068.743253][T16366] syzkaller0: entered allmulticast mode [ 1068.828165][T16366] tipc: Resetting bearer [ 1068.861329][T16365] tipc: Resetting bearer [ 1068.910320][T16365] tipc: Disabling bearer [ 1068.926359][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1068.948048][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1068.973277][ T23] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1068.995988][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1069.019974][ T23] usb 2-1: config 0 descriptor?? [ 1069.134049][T16378] loop6: detected capacity change from 0 to 2048 [ 1069.361743][T16378] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1069.669703][T16386] lo speed is unknown, defaulting to 1000 [ 1071.530208][ T23] usbhid 2-1:0.0: can't add hid device: -71 [ 1071.538257][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1071.547804][ T23] usbhid: probe of 2-1:0.0 failed with error -71 [ 1071.561442][ T23] usb 2-1: USB disconnect, device number 88 [ 1072.232082][T16407] loop6: detected capacity change from 0 to 2048 [ 1072.455547][T16413] vivid-000: ================= START STATUS ================= [ 1072.463546][T16413] vivid-000: Generate PTS: true [ 1072.468710][T16413] vivid-000: Generate SCR: true [ 1072.473600][T16413] tpg source WxH: 320x180 (Y'CbCr) [ 1072.479001][T16413] tpg field: 1 [ 1072.482477][T16413] tpg crop: 320x180@0x0 [ 1072.486831][T16413] tpg compose: 320x180@0x0 [ 1072.491253][T16413] tpg colorspace: 8 [ 1072.495101][T16413] tpg transfer function: 0/0 [ 1072.499693][T16413] tpg Y'CbCr encoding: 0/0 [ 1072.504168][T16413] tpg quantization: 0/0 [ 1072.508355][T16413] tpg RGB range: 0/2 [ 1072.512274][T16413] vivid-000: ================== END STATUS ================== [ 1073.111812][T16407] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1073.255546][T16407] EXT4-fs error (device loop6): ext4_readdir:263: inode #2: block 16: comm syz.6.2838: path /389/file1: bad entry in directory: rec_len is smaller than minimal - offset=1868, inode=0, rec_len=0, size=2048 fake=0 [ 1073.381325][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1073.910113][T16428] lo speed is unknown, defaulting to 1000 [ 1074.916724][T16433] input: syz0 as /devices/virtual/input/input29 [ 1075.523972][T13013] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 1075.755499][T13013] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1075.772727][T13013] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1075.795237][T13013] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1075.813000][T13013] usb 6-1: config 0 descriptor?? [ 1075.826529][T16443] overlayfs: failed to clone upperpath [ 1076.066902][T13013] usbhid 6-1:0.0: can't add hid device: -71 [ 1076.073603][T13013] usbhid: probe of 6-1:0.0 failed with error -71 [ 1076.092261][T13013] usb 6-1: USB disconnect, device number 56 [ 1077.093055][T16459] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2853'. [ 1077.103814][T16459] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2853'. [ 1077.114095][ T5836] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 1077.316372][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1077.342215][ T5836] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1077.380874][ T5836] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1077.409634][ T5836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1077.441345][ T5836] usb 6-1: config 0 descriptor?? [ 1077.955156][ T5836] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 1077.972230][ T5836] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1078.053723][T16472] vivid-000: ================= START STATUS ================= [ 1078.061773][T16472] vivid-000: Generate PTS: true [ 1078.066795][T16472] vivid-000: Generate SCR: true [ 1078.071683][T16472] tpg source WxH: 320x180 (Y'CbCr) [ 1078.077027][T16472] tpg field: 1 [ 1078.080806][T16472] tpg crop: 320x180@0x0 [ 1078.085089][T16472] tpg compose: 320x180@0x0 [ 1078.089513][T16472] tpg colorspace: 8 [ 1078.093325][T16472] tpg transfer function: 0/0 [ 1078.097994][T16472] tpg Y'CbCr encoding: 0/0 [ 1078.102429][T16472] tpg quantization: 0/0 [ 1078.106744][T16472] tpg RGB range: 0/2 [ 1078.110719][T16472] vivid-000: ================== END STATUS ================== [ 1078.841243][ C0] usb 6-1: input irq status -75 received [ 1078.927850][T16476] loop6: detected capacity change from 0 to 128 [ 1078.997875][T16476] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1079.012221][T16476] ext4 filesystem being mounted at /395/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1080.468688][ T5836] usb 6-1: USB disconnect, device number 57 [ 1080.616820][ T9992] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1080.706604][T16495] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2864'. [ 1080.717205][T16495] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2864'. [ 1080.740653][T16493] input: syz0 as /devices/virtual/input/input30 [ 1082.377232][T16512] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2871'. [ 1082.579894][T16503] loop1: detected capacity change from 0 to 40427 [ 1082.651833][T16516] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 1082.677713][ T5759] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1082.889079][T16503] loop1: detected capacity change from 0 to 1024 [ 1082.896604][T16503] EXT4-fs: Ignoring removed bh option [ 1082.902220][T16503] EXT4-fs: Ignoring removed i_version option [ 1082.910181][T16503] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1082.934171][T16503] EXT4-fs (loop1): stripe (9) is not aligned with cluster size (16), stripe is disabled [ 1082.964297][T16503] EXT4-fs (loop1): can't mount with data_err=abort, fs mounted w/o journal [ 1082.978168][ T8] usb 7-1: new full-speed USB device number 46 using dummy_hcd [ 1083.139658][ T9] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 1083.168949][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1083.188437][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1083.208917][ T8] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1083.218665][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1083.684732][ T8] usb 7-1: config 0 descriptor?? [ 1083.703923][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 1084.024221][ T9] usb 6-1: config 4 has an invalid interface number: 128 but max is 0 [ 1084.032481][ T9] usb 6-1: config 4 has no interface number 0 [ 1084.063657][ T9] usb 6-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1084.087792][ T9] usb 6-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1084.120231][ T9] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1084.136413][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1084.172941][ T9] hub 6-1:4.128: USB hub found [ 1084.233804][ T8] elan 0003:04F3:0755.0011: unknown main item tag 0x0 [ 1084.258509][ T8] elan 0003:04F3:0755.0011: unknown main item tag 0x0 [ 1084.267641][ T8] elan 0003:04F3:0755.0011: unknown main item tag 0x0 [ 1084.277891][ T8] elan 0003:04F3:0755.0011: unknown main item tag 0x0 [ 1084.287827][T16533] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1084.296689][T16533] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1084.310445][ T8] elan 0003:04F3:0755.0011: unknown main item tag 0x0 [ 1084.328510][ T8] elan 0003:04F3:0755.0011: failed to start in urb: -90 [ 1084.341341][ T8] elan 0003:04F3:0755.0011: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0 [ 1084.433271][ T9187] usb 7-1: USB disconnect, device number 46 [ 1084.590340][ T9] hub 6-1:4.128: config failed, can't read hub descriptor (err -22) [ 1084.633447][T16543] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2881'. [ 1084.643821][ T9] usb 6-1: USB disconnect, device number 58 [ 1085.854330][ T9] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 1086.058702][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1086.073306][ T9] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1086.083750][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1086.104083][ T9] usb 2-1: config 0 descriptor?? [ 1086.112252][T16552] loop6: detected capacity change from 0 to 40427 [ 1086.139085][T16552] F2FS-fs (loop6): Invalid SB checksum offset: 0 [ 1086.151295][T16552] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock [ 1086.170392][T16552] F2FS-fs (loop6): invalid crc value [ 1086.250551][T16568] autofs4:pid:16568:autofs_fill_super: called with bogus options [ 1086.282653][T16552] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0 [ 1086.292881][T16552] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 1086.332517][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 1086.344022][ T9] usbhid: probe of 2-1:0.0 failed with error -71 [ 1086.367883][ T9] usb 2-1: USB disconnect, device number 89 [ 1086.407244][ T28] audit: type=1804 audit(1773767806.195:483): pid=16552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.2885" name="/newroot/402/file1/bus" dev="loop6" ino=10 res=1 errno=0 [ 1086.572952][T16574] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2891'. [ 1087.015469][ T9] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 1087.295068][ T9992] syz-executor: attempt to access beyond end of device [ 1087.295068][ T9992] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1087.309464][ T9992] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 1087.345718][T16581] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1087.354962][T16581] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1087.357840][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1087.381519][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1087.402135][ T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1087.412659][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1087.432190][ T9] usb 2-1: config 0 descriptor?? [ 1087.848398][ T9] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving [ 1087.859928][ T9] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1087.864106][ T23] usb 7-1: new full-speed USB device number 47 using dummy_hcd [ 1088.191186][ C1] usb 2-1: input irq status -75 received [ 1088.226447][ T23] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1088.237718][ T23] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1088.248234][ T23] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1088.257356][ T23] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1088.269649][ T23] usb 7-1: config 0 descriptor?? [ 1089.002495][ T23] elan 0003:04F3:0755.0013: unknown main item tag 0x0 [ 1089.011412][ T23] elan 0003:04F3:0755.0013: unknown main item tag 0x0 [ 1089.018678][ T23] elan 0003:04F3:0755.0013: unknown main item tag 0x0 [ 1089.025879][ T23] elan 0003:04F3:0755.0013: unknown main item tag 0x0 [ 1089.033138][ T23] elan 0003:04F3:0755.0013: unknown main item tag 0x0 [ 1089.050871][ T23] elan 0003:04F3:0755.0013: failed to start in urb: -90 [ 1089.092509][ T23] elan 0003:04F3:0755.0013: hidraw1: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0 [ 1089.240381][ T23] usb 7-1: USB disconnect, device number 47 [ 1089.331894][T16597] fido_id[16597]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 1089.631551][ T23] usb 2-1: USB disconnect, device number 90 [ 1090.759311][T16611] loop1: detected capacity change from 0 to 2048 [ 1090.894630][T16613] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1090.903403][T16613] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1091.306623][T16621] vivid-000: ================= START STATUS ================= [ 1091.314747][T16621] vivid-000: Generate PTS: true [ 1091.319749][T16621] vivid-000: Generate SCR: true [ 1091.324903][T16621] tpg source WxH: 320x180 (Y'CbCr) [ 1091.330148][T16621] tpg field: 1 [ 1091.333631][T16621] tpg crop: 320x180@0x0 [ 1091.337969][T16621] tpg compose: 320x180@0x0 [ 1091.342524][T16621] tpg colorspace: 8 [ 1091.346514][T16621] tpg transfer function: 0/0 [ 1091.351255][T16621] tpg Y'CbCr encoding: 0/0 [ 1091.355908][T16621] tpg quantization: 0/0 [ 1091.360202][T16621] tpg RGB range: 0/2 [ 1091.364318][T16621] vivid-000: ================== END STATUS ================== [ 1093.277248][T16638] loop1: detected capacity change from 0 to 2048 [ 1093.306443][T16639] tipc: Enabled bearer , priority 0 [ 1093.319175][T16639] syzkaller0: entered promiscuous mode [ 1093.325437][T16639] syzkaller0: entered allmulticast mode [ 1093.338203][ T5759] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1093.356321][T16639] tipc: Resetting bearer [ 1093.383293][T16636] tipc: Resetting bearer [ 1093.411180][ T9496] usb 7-1: new full-speed USB device number 48 using dummy_hcd [ 1093.421898][T16636] tipc: Disabling bearer [ 1093.565279][T16643] syzkaller0: entered promiscuous mode [ 1093.587369][T16643] syzkaller0: entered allmulticast mode [ 1093.613465][ T9496] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1093.662556][ T9496] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1093.677061][ T9496] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1093.694776][ T9496] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1093.706307][T16644] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1093.715108][T16644] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1093.716466][ T9496] usb 7-1: config 0 descriptor?? [ 1094.177148][ T9496] elan 0003:04F3:0755.0014: unknown main item tag 0x0 [ 1094.190111][ T9496] elan 0003:04F3:0755.0014: unknown main item tag 0x0 [ 1094.198650][ T9496] elan 0003:04F3:0755.0014: unknown main item tag 0x0 [ 1094.206109][ T9496] elan 0003:04F3:0755.0014: unknown main item tag 0x0 [ 1094.213956][ T9496] elan 0003:04F3:0755.0014: unknown main item tag 0x0 [ 1094.270189][ T5836] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 1094.270975][ T9496] elan 0003:04F3:0755.0014: failed to start in urb: -90 [ 1094.319544][ T9496] elan 0003:04F3:0755.0014: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0 [ 1094.393250][ T9496] usb 7-1: USB disconnect, device number 48 [ 1094.508994][T16660] fido_id[16660]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 1094.520701][ T5836] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1094.562430][ T5836] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1094.589869][ T5836] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1094.615536][ T5836] usb 2-1: config 0 descriptor?? [ 1094.857747][ T5836] usbhid 2-1:0.0: can't add hid device: -71 [ 1094.870800][ T5836] usbhid: probe of 2-1:0.0 failed with error -71 [ 1094.915341][ T5836] usb 2-1: USB disconnect, device number 91 [ 1095.484222][ T5836] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 1096.039534][T16669] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2926'. [ 1096.127171][ T5836] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1096.145723][ T5836] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1096.164942][ T5836] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1096.174926][ T5836] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1096.232738][ T5836] usb 2-1: config 0 descriptor?? [ 1096.760657][ T5836] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving [ 1096.784248][ T5836] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1096.799905][T16693] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1096.808751][T16693] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1097.574335][ T5836] usb 2-1: USB disconnect, device number 92 [ 1099.231403][T16728] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1099.240211][T16728] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1101.604128][ T9] usb 7-1: new high-speed USB device number 49 using dummy_hcd [ 1101.808666][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1101.830382][ T9] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1101.848688][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1101.868598][ T9] usb 7-1: config 0 descriptor?? [ 1102.094065][ T9] usbhid 7-1:0.0: can't add hid device: -71 [ 1102.102326][ T9] usbhid: probe of 7-1:0.0 failed with error -71 [ 1102.120701][ T9] usb 7-1: USB disconnect, device number 49 [ 1102.659295][ T9] usb 7-1: new high-speed USB device number 50 using dummy_hcd [ 1102.878818][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1102.909433][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1103.691784][ T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1103.802635][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1104.004758][ T9] usb 7-1: config 0 descriptor?? [ 1104.721620][ T9] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving [ 1104.963580][ T9] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 1104.997356][ T9] usb 7-1: USB disconnect, device number 50 [ 1105.153392][T16784] fido_id[16784]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 1107.883950][ T8] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 1108.066208][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1108.077371][ T8] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1108.086530][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1108.097260][ T8] usb 2-1: config 0 descriptor?? [ 1108.310662][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 1108.322160][ T8] usbhid: probe of 2-1:0.0 failed with error -71 [ 1108.338803][ T8] usb 2-1: USB disconnect, device number 93 [ 1109.557778][T16845] vivid-000: ================= START STATUS ================= [ 1109.566528][T16845] vivid-000: Generate PTS: true [ 1109.571626][T16845] vivid-000: Generate SCR: true [ 1109.576734][T16845] tpg source WxH: 320x180 (Y'CbCr) [ 1109.581934][T16845] tpg field: 1 [ 1109.585424][T16845] tpg crop: 320x180@0x0 [ 1109.589636][T16845] tpg compose: 320x180@0x0 [ 1109.594256][T16845] tpg colorspace: 8 [ 1109.598111][T16845] tpg transfer function: 0/0 [ 1109.602760][T16845] tpg Y'CbCr encoding: 0/0 [ 1109.607267][T16845] tpg quantization: 0/0 [ 1109.611497][T16845] tpg RGB range: 0/2 [ 1109.615574][T16845] vivid-000: ================== END STATUS ================== [ 1110.607919][T16847] overlayfs: failed to resolve './bus': -2 [ 1110.941519][ T8] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 1112.111486][T16866] tipc: Enabling of bearer rejected, failed to enable media [ 1112.146217][T16868] loop6: detected capacity change from 0 to 128 [ 1112.204787][T16868] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1112.252629][T16868] ext4 filesystem being mounted at /423/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1112.265339][T16877] loop1: detected capacity change from 0 to 1024 [ 1112.310891][ T9992] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1112.323598][ T5757] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1113.784395][T16888] overlayfs: failed to resolve './bus': -2 [ 1113.993706][T16890] vivid-000: ================= START STATUS ================= [ 1114.001504][T16890] vivid-000: Generate PTS: true [ 1114.006440][T16890] vivid-000: Generate SCR: true [ 1114.011352][T16890] tpg source WxH: 320x180 (Y'CbCr) [ 1114.016557][T16890] tpg field: 1 [ 1114.019933][T16890] tpg crop: 320x180@0x0 [ 1114.024125][T16890] tpg compose: 320x180@0x0 [ 1114.028554][T16890] tpg colorspace: 8 [ 1114.032454][T16890] tpg transfer function: 0/0 [ 1114.037101][T16890] tpg Y'CbCr encoding: 0/0 [ 1114.041527][T16890] tpg quantization: 0/0 [ 1114.045735][T16890] tpg RGB range: 0/2 [ 1114.049761][T16890] vivid-000: ================== END STATUS ================== [ 1114.544289][ T8] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 1114.984472][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1115.089036][ T8] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1115.172470][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1115.234497][ T8] usb 2-1: config 0 descriptor?? [ 1115.285780][T16902] loop5: detected capacity change from 0 to 128 [ 1115.304622][T16900] overlayfs: missing 'lowerdir' [ 1115.349684][T16902] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1115.390637][T16902] ext4 filesystem being mounted at /415/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1115.432564][T16905] tipc: Enabled bearer , priority 0 [ 1115.448122][T16905] syzkaller0: entered promiscuous mode [ 1115.453643][T16905] syzkaller0: entered allmulticast mode [ 1115.462884][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 1115.471076][ T8] usbhid: probe of 2-1:0.0 failed with error -71 [ 1115.482275][ T8] usb 2-1: USB disconnect, device number 95 [ 1115.546928][ T9975] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1115.548390][T16905] tipc: Resetting bearer [ 1115.634157][T16904] tipc: Resetting bearer [ 1115.738839][T16904] tipc: Disabling bearer [ 1115.806899][T16918] fuse: Bad value for 'fd' [ 1115.954524][ T8] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 1116.064629][ T5836] usb 6-1: new high-speed USB device number 59 using dummy_hcd [ 1117.224391][T16929] overlayfs: failed to resolve './bus': -2 [ 1117.275905][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 1117.284210][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.310694][ T8] usb 2-1: device descriptor read/all, error -71 [ 1117.503671][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1117.664120][ T5836] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1117.723262][ T5836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1117.857882][ T5836] usb 6-1: config 0 descriptor?? [ 1117.986671][T16934] loop6: detected capacity change from 0 to 8192 [ 1118.074502][T16944] overlayfs: missing 'lowerdir' [ 1118.334455][ T5836] usbhid 6-1:0.0: can't add hid device: -71 [ 1118.458094][ T5836] usbhid: probe of 6-1:0.0 failed with error -71 [ 1118.735802][ T5836] usb 6-1: USB disconnect, device number 59 [ 1119.303955][ T5836] usb 6-1: new high-speed USB device number 60 using dummy_hcd [ 1119.397546][T16960] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1119.407099][T16960] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1119.561495][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1119.712423][ T5836] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1119.855509][ T9] usb 7-1: new high-speed USB device number 51 using dummy_hcd [ 1119.875703][ T5836] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1119.895755][ T5836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1119.919011][ T5836] usb 6-1: config 0 descriptor?? [ 1119.931196][ T5836] usb 6-1: can't set config #0, error -71 [ 1119.960546][ T5836] usb 6-1: USB disconnect, device number 60 [ 1120.179218][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1120.202684][ T9] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1120.239270][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1120.265226][ T9] usb 7-1: config 0 descriptor?? [ 1120.494503][ T9] usbhid 7-1:0.0: can't add hid device: -71 [ 1120.514145][ T9] usbhid: probe of 7-1:0.0 failed with error -71 [ 1120.541229][ T9] usb 7-1: USB disconnect, device number 51 [ 1120.620766][T16973] overlayfs: missing 'lowerdir' [ 1121.065337][T16962] loop5: detected capacity change from 0 to 40427 [ 1121.104680][ T9] usb 7-1: new high-speed USB device number 52 using dummy_hcd [ 1121.161431][T16962] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 1121.237979][T16962] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 1121.384304][T16962] F2FS-fs (loop5): invalid crc value [ 1121.395250][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1121.461079][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1121.540762][ T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1121.569572][T16962] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 1121.593584][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1121.593907][T16962] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1121.652396][ T9] usb 7-1: config 0 descriptor?? [ 1121.708740][T16985] fuse: Bad value for 'fd' [ 1122.304743][T16991] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3024'. [ 1122.495664][ T9] usbhid 7-1:0.0: can't add hid device: -71 [ 1122.508033][ T9] usbhid: probe of 7-1:0.0 failed with error -71 [ 1122.535512][ T9] usb 7-1: USB disconnect, device number 52 [ 1122.845666][T16982] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1122.890592][T16982] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1123.163481][T17004] overlayfs: missing 'lowerdir' [ 1123.458987][T17015] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1123.468115][T17015] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1124.221248][T17021] loop1: detected capacity change from 0 to 2048 [ 1124.274555][ T5759] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1124.591951][T17034] overlayfs: missing 'lowerdir' [ 1125.712337][T17045] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1125.721610][T17045] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1127.070863][T17059] bridge0: port 1(bridge_slave_0) entered disabled state [ 1127.082420][T17059] bridge0: port 2(bridge_slave_1) entered disabled state [ 1127.126917][T17064] netlink: 'syz.1.3049': attribute type 16 has an invalid length. [ 1127.136016][T17064] netlink: 'syz.1.3049': attribute type 17 has an invalid length. [ 1127.207330][T17066] overlayfs: missing 'lowerdir' [ 1127.216891][T17064] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1127.306025][ T8] usb 6-1: new high-speed USB device number 61 using dummy_hcd [ 1127.521258][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1127.548157][ T8] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1127.571602][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1127.598853][ T8] usb 6-1: config 0 descriptor?? [ 1127.733732][T17081] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1127.742889][T17081] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1128.287061][ T8] usbhid 6-1:0.0: can't add hid device: -71 [ 1128.390140][ T8] usbhid: probe of 6-1:0.0 failed with error -71 [ 1128.399125][ T8] usb 6-1: USB disconnect, device number 61 [ 1128.803950][ T8] usb 6-1: new high-speed USB device number 62 using dummy_hcd [ 1129.026538][T17088] loop1: detected capacity change from 0 to 2048 [ 1129.478663][T17097] overlayfs: missing 'workdir' [ 1129.497132][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1130.281506][ T8] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1130.294524][ T8] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1130.303768][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1130.314142][ T8] usb 6-1: config 0 descriptor?? [ 1130.454083][ T8] usb 6-1: can't set config #0, error -71 [ 1130.499477][ T8] usb 6-1: USB disconnect, device number 62 [ 1130.713516][T17115] loop1: detected capacity change from 0 to 512 [ 1130.735971][T17115] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 1130.736014][T17113] loop5: detected capacity change from 0 to 2048 [ 1130.770590][T17115] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 1130.779988][T17115] EXT4-fs (loop1): write access unavailable, skipping orphan cleanup [ 1130.790528][T17115] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1130.857216][T17118] batadv_slave_1: entered promiscuous mode [ 1130.860412][T17113] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1130.886448][T17118] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3071'. [ 1130.895862][T17115] EXT4-fs error (device loop1): ext4_encrypted_get_link:46: inode #16: comm syz.1.3069: bad symlink. [ 1130.896227][T17118] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1130.954882][T14403] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1131.029236][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1131.079193][T17118] batadv_slave_1 (unregistering): left promiscuous mode [ 1131.100746][T17118] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1131.398081][T17131] overlayfs: missing 'workdir' [ 1131.573983][ T5836] usb 7-1: new high-speed USB device number 53 using dummy_hcd [ 1132.389361][ T5836] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1132.405599][ T5836] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1132.415695][ T5836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1132.433132][ T5836] usb 7-1: config 0 descriptor?? [ 1132.515617][T17144] loop1: detected capacity change from 0 to 2048 [ 1132.545628][ T5759] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1132.661770][ T5836] usbhid 7-1:0.0: can't add hid device: -71 [ 1132.678742][ T5836] usbhid: probe of 7-1:0.0 failed with error -71 [ 1132.700013][ T5836] usb 7-1: USB disconnect, device number 53 [ 1133.065912][T17155] netlink: 'syz.3.3086': attribute type 16 has an invalid length. [ 1133.077072][T17155] netlink: 'syz.3.3086': attribute type 17 has an invalid length. [ 1133.095615][T17155] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1133.224285][ T5836] usb 7-1: new high-speed USB device number 54 using dummy_hcd [ 1133.625799][ T5836] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1133.702030][ T5836] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1133.812084][ T5836] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1133.879061][ T5836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1134.085612][ T5836] usb 7-1: config 0 descriptor?? [ 1134.484203][ T5836] usbhid 7-1:0.0: can't add hid device: -71 [ 1134.516034][ T5836] usbhid: probe of 7-1:0.0 failed with error -71 [ 1134.557173][ T5836] usb 7-1: USB disconnect, device number 54 [ 1134.582756][T17169] loop1: detected capacity change from 0 to 2048 [ 1136.048421][T17195] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1136.057378][T17195] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1136.422794][T17194] syzkaller0: entered promiscuous mode [ 1136.534123][T17194] syzkaller0: entered allmulticast mode [ 1136.880204][T17205] netlink: 'syz.6.3104': attribute type 16 has an invalid length. [ 1136.898600][T17205] netlink: 'syz.6.3104': attribute type 17 has an invalid length. [ 1136.964824][T17205] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1138.812110][T17228] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1138.821296][T17228] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1139.551378][T17233] loop5: detected capacity change from 0 to 512 [ 1139.670869][T17233] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1139.714982][T17233] ext4 filesystem being mounted at /434/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1139.735409][T17240] syzkaller0: entered promiscuous mode [ 1139.749495][T17240] syzkaller0: entered allmulticast mode [ 1139.844148][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1142.100305][T17268] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1142.109544][T17268] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1142.675619][T17270] syzkaller0: entered promiscuous mode [ 1142.693996][T17270] syzkaller0: entered allmulticast mode [ 1142.856170][T17277] loop6: detected capacity change from 0 to 1024 [ 1142.873713][T17277] EXT4-fs: Ignoring removed oldalloc option [ 1142.896565][T17277] EXT4-fs: Ignoring removed bh option [ 1142.906025][T17277] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1142.963230][T17277] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1143.221090][T17289] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3133'. [ 1143.280259][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1144.191559][T17308] syzkaller0: entered promiscuous mode [ 1144.199972][T17308] syzkaller0: entered allmulticast mode [ 1144.283223][T17310] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3142'. [ 1144.694790][T17304] loop5: detected capacity change from 0 to 40427 [ 1144.715581][T17304] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 1144.721974][T17304] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 1144.778655][T17304] F2FS-fs (loop5): invalid crc value [ 1145.433954][T17304] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 1145.441158][T17304] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1145.591702][ T28] audit: type=1804 audit(1773767865.375:484): pid=17304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.3139" name="/newroot/442/file1/bus" dev="loop5" ino=10 res=1 errno=0 [ 1145.645697][T17340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3149'. [ 1146.295781][ T9975] syz-executor: attempt to access beyond end of device [ 1146.295781][ T9975] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1146.314523][ T9975] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1146.721161][T17355] netlink: 'syz.1.3154': attribute type 16 has an invalid length. [ 1146.742211][T17355] netlink: 'syz.1.3154': attribute type 17 has an invalid length. [ 1146.771256][T17355] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1147.271820][T17354] loop6: detected capacity change from 0 to 32768 [ 1147.354416][T17354] ocfs2: Slot 0 on device (7,6) was already allocated to this node! [ 1147.390707][T17354] JBD2: Ignoring recovery information on journal [ 1147.505493][T17354] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 1147.912646][ T9992] ocfs2: Unmounting device (7,6) on (node local) [ 1148.370139][T17393] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3167'. [ 1148.401033][T17368] loop5: detected capacity change from 0 to 40427 [ 1148.431471][T17368] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 1148.445885][T17368] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 1148.471300][T17368] F2FS-fs (loop5): invalid crc value [ 1148.769462][T17368] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 1148.804119][T17368] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1149.565107][ T28] audit: type=1804 audit(1773767869.355:485): pid=17368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.3160" name="/newroot/445/file1/bus" dev="loop5" ino=10 res=1 errno=0 [ 1150.419239][ T9975] syz-executor: attempt to access beyond end of device [ 1150.419239][ T9975] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1150.470931][ T9975] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1150.488360][T17406] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3169'. [ 1150.718158][T17408] loop1: detected capacity change from 0 to 2048 [ 1150.930087][ T5759] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1151.392952][T17418] input: syz0 as /devices/virtual/input/input31 [ 1151.617531][T17412] loop6: detected capacity change from 0 to 32768 [ 1151.732270][T17412] ocfs2: Slot 0 on device (7,6) was already allocated to this node! [ 1151.811169][T17412] JBD2: Ignoring recovery information on journal [ 1151.881719][T17412] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 1152.239241][ T9992] ocfs2: Unmounting device (7,6) on (node local) [ 1152.671904][T17438] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3178'. [ 1153.418393][T17447] loop1: detected capacity change from 0 to 2048 [ 1153.864313][ T9] usb 7-1: new high-speed USB device number 55 using dummy_hcd [ 1154.034068][ T9] usb 7-1: device descriptor read/64, error -71 [ 1154.322418][T17466] loop5: detected capacity change from 0 to 128 [ 1154.483257][ T28] audit: type=1800 audit(1773767874.215:486): pid=17466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3189" name="bus" dev="loop5" ino=1048810 res=0 errno=0 [ 1154.924030][ T9] usb 7-1: new high-speed USB device number 56 using dummy_hcd [ 1155.116908][ T9] usb 7-1: device descriptor read/64, error -71 [ 1155.299444][ T9] usb usb7-port1: attempt power cycle [ 1155.718297][T17453] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1155.750963][T17453] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1155.804435][ T9] usb 7-1: new high-speed USB device number 57 using dummy_hcd [ 1155.844952][ T9] usb 7-1: device descriptor read/8, error -71 [ 1155.994411][ T9496] usb 6-1: new high-speed USB device number 63 using dummy_hcd [ 1156.056213][T17453] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1156.065486][T17453] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1156.074860][T17453] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1156.083977][T17453] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1156.124062][ T9] usb 7-1: new high-speed USB device number 58 using dummy_hcd [ 1156.150099][T17453] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1156.159648][T17453] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1156.164661][ T9] usb 7-1: device descriptor read/8, error -71 [ 1156.169028][T17453] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1156.184414][T17453] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1156.217339][ T9496] usb 6-1: Using ep0 maxpacket: 16 [ 1156.239048][ T9496] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1156.263981][ T9496] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1156.294199][ T9] usb usb7-port1: unable to enumerate USB device [ 1156.300724][ T9496] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1156.315344][ T9496] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1156.320765][T17477] loop1: detected capacity change from 0 to 2048 [ 1156.331211][ T9496] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1156.331238][ T9496] usb 6-1: Product: syz [ 1156.331253][ T9496] usb 6-1: Manufacturer: syz [ 1156.331266][ T9496] usb 6-1: SerialNumber: syz [ 1156.411420][ T5759] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1156.698089][T17484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3195'. [ 1156.797501][ T9496] usb 6-1: 0:2 : does not exist [ 1156.918222][T17494] loop6: detected capacity change from 0 to 128 [ 1156.976056][T17494] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1156.999450][T17494] ext4 filesystem being mounted at /468/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1157.095132][T17494] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1157.483537][T17503] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1157.492479][T17503] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1158.398131][T17507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3200'. [ 1158.427271][T17507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3200'. [ 1158.493050][T17507] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3200'. [ 1158.611682][T17511] loop6: detected capacity change from 0 to 2048 [ 1158.682462][T17511] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1158.796230][ T9] usb 6-1: USB disconnect, device number 63 [ 1159.009336][T17523] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1159.018521][T17523] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1159.650261][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1159.682978][T17527] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3207'. [ 1160.033215][T17539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3208'. [ 1160.234762][T17542] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1160.243809][T17542] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1160.932851][T17547] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3213'. [ 1160.990202][T17548] input: syz0 as /devices/virtual/input/input32 [ 1161.594943][T17556] loop5: detected capacity change from 0 to 2048 [ 1161.648730][T17556] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1161.843592][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1161.858078][ T8] usb 7-1: new high-speed USB device number 59 using dummy_hcd [ 1162.047921][ T8] usb 7-1: Using ep0 maxpacket: 16 [ 1162.079214][ T8] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1162.114690][ T8] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1162.144073][ T8] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1162.167829][ T8] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1162.182210][ T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1162.190661][ T8] usb 7-1: Product: syz [ 1162.200785][ T8] usb 7-1: Manufacturer: syz [ 1162.206271][ T8] usb 7-1: SerialNumber: syz [ 1162.401994][T17564] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1162.411021][T17564] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1163.145665][ T8] usb 7-1: 0:2 : does not exist [ 1163.469681][T17573] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3219'. [ 1163.973432][T17579] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1163.982587][T17579] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1164.472720][ T8] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 1164.620782][ T5836] usb 7-1: USB disconnect, device number 59 [ 1164.715311][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1164.742249][T17581] loop5: detected capacity change from 0 to 1024 [ 1164.758753][ T8] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1164.770107][T17581] EXT4-fs: Ignoring removed oldalloc option [ 1164.804159][T17581] EXT4-fs: Ignoring removed bh option [ 1164.814003][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1164.823560][T17581] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1164.844083][ T8] usb 2-1: config 0 descriptor?? [ 1164.916953][T17581] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1165.071006][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 1165.094008][ T8] usbhid: probe of 2-1:0.0 failed with error -71 [ 1165.114244][ T8] usb 2-1: USB disconnect, device number 98 [ 1165.158524][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1165.282954][T17590] loop6: detected capacity change from 0 to 2048 [ 1165.352383][T17590] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1165.687701][T17597] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1165.696934][T17597] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1166.236236][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1166.294079][ T8] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 1166.493409][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1166.515078][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1166.551143][ T8] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1166.560960][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1166.578709][ T8] usb 2-1: config 0 descriptor?? [ 1166.899056][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 1166.925733][ T8] usbhid: probe of 2-1:0.0 failed with error -71 [ 1167.272049][ T8] usb 2-1: USB disconnect, device number 99 [ 1168.408032][T17618] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1168.416910][T17618] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1169.401037][T17624] loop1: detected capacity change from 0 to 512 [ 1169.425340][T17626] loop5: detected capacity change from 0 to 1024 [ 1169.440141][T17626] EXT4-fs: Ignoring removed oldalloc option [ 1169.447064][T17626] EXT4-fs: Ignoring removed bh option [ 1169.453698][T17626] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1169.486010][T17626] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1169.499671][ T5759] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1169.845258][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1169.942912][T17637] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1169.952099][T17637] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1170.795662][T17645] loop5: detected capacity change from 0 to 2048 [ 1170.931015][T17645] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1171.034475][T17651] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1171.043912][T17651] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1171.584160][T17631] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1229: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 1171.851702][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1172.061754][T17658] loop1: detected capacity change from 0 to 128 [ 1174.090528][T17675] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1174.099715][T17675] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1175.395675][T17685] loop6: detected capacity change from 0 to 128 [ 1175.484093][ T28] audit: type=1800 audit(1773767895.245:487): pid=17685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3251" name="bus" dev="loop6" ino=1048812 res=0 errno=0 [ 1176.184712][T17687] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3253'. [ 1176.443294][T11638] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1176.457051][T11638] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1176.468083][T11638] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1176.494683][T11638] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1176.502463][T11638] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1176.511217][T11638] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1176.532373][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1176.571714][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1176.580112][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1176.589783][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1176.624242][ T51] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1176.632929][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1176.963756][T17701] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1176.973053][T17701] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1177.642530][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.649177][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.677527][T17694] lo speed is unknown, defaulting to 1000 [ 1177.857257][T17707] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3261'. [ 1178.835632][T11638] Bluetooth: hci4: command tx timeout [ 1179.073830][T17694] chnl_net:caif_netlink_parms(): no params data found [ 1179.347027][T17736] input: syz0 as /devices/virtual/input/input35 [ 1179.544027][T16851] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 1179.666413][T17694] bridge0: port 1(bridge_slave_0) entered blocking state [ 1179.700113][T17694] bridge0: port 1(bridge_slave_0) entered disabled state [ 1179.720641][T17694] bridge_slave_0: entered allmulticast mode [ 1179.729960][T17694] bridge_slave_0: entered promiscuous mode [ 1179.742754][T17694] bridge0: port 2(bridge_slave_1) entered blocking state [ 1179.750456][T17694] bridge0: port 2(bridge_slave_1) entered disabled state [ 1179.757712][T16851] usb 6-1: Using ep0 maxpacket: 32 [ 1179.763684][T17694] bridge_slave_1: entered allmulticast mode [ 1179.770540][T16851] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1179.783930][T16851] usb 6-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 1179.799602][T17694] bridge_slave_1: entered promiscuous mode [ 1179.807703][T16851] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1179.835301][T16851] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1179.867573][T17694] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1179.890394][T17694] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1179.951664][T17694] team0: Port device team_slave_0 added [ 1179.980259][T17694] team0: Port device team_slave_1 added [ 1180.113708][T17694] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1180.132800][T17694] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1180.193679][T17694] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1180.207918][T17694] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1180.215461][T17694] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1180.249061][T17694] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1180.449145][T17694] hsr_slave_0: entered promiscuous mode [ 1180.482498][T17694] hsr_slave_1: entered promiscuous mode [ 1180.493730][T17694] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1180.502778][T17694] Cannot create hsr debugfs directory [ 1180.829284][T17745] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1180.874758][T17745] bond1: (slave lo): Enslaving as an active interface with an up link [ 1180.883309][T17745] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1180.914185][T11638] Bluetooth: hci4: command tx timeout [ 1182.141175][T17694] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1182.195635][T17694] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1182.223520][T17694] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1182.288578][T17694] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1182.307773][ T23] usb 6-1: USB disconnect, device number 64 [ 1182.660032][T17772] input: syz0 as /devices/virtual/input/input36 [ 1183.001462][T11638] Bluetooth: hci4: command tx timeout [ 1183.084396][T17694] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1183.119640][T17694] 8021q: adding VLAN 0 to HW filter on device team0 [ 1183.138168][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 1183.145310][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1183.241273][T17777] syzkaller0: entered promiscuous mode [ 1183.282665][T17777] syzkaller0: entered allmulticast mode [ 1183.355538][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 1183.362765][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1185.074295][T11638] Bluetooth: hci4: command tx timeout [ 1185.163604][T16851] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 1185.368237][T16851] usb 6-1: Using ep0 maxpacket: 32 [ 1185.439644][T16851] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1185.449920][T16851] usb 6-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 1185.460103][T16851] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1185.481772][T16851] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1187.714424][T17792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3285'. [ 1187.858232][T17803] loop6: detected capacity change from 0 to 512 [ 1187.961688][T17803] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1188.000328][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1188.029183][T17803] ext4 filesystem being mounted at /498/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1188.176542][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1188.260527][T17694] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1188.318753][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1188.346025][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1188.495862][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1188.534726][T17457] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 1188.726301][T17457] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1188.738140][T17457] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1188.747669][T17457] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1188.856484][T17457] usb 2-1: config 0 descriptor?? [ 1188.863485][ T5836] usb 6-1: USB disconnect, device number 65 [ 1189.192847][T17457] usbhid 2-1:0.0: can't add hid device: -71 [ 1189.199995][T17457] usbhid: probe of 2-1:0.0 failed with error -71 [ 1189.209122][T17457] usb 2-1: USB disconnect, device number 100 [ 1189.310814][T17694] veth0_vlan: entered promiscuous mode [ 1189.335575][T17832] input: syz0 as /devices/virtual/input/input37 [ 1189.350456][T17694] veth1_vlan: entered promiscuous mode [ 1189.754000][T17457] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1189.764159][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 1189.914287][T17457] usb 2-1: device descriptor read/64, error -32 [ 1189.960958][T17849] loop6: detected capacity change from 0 to 2048 [ 1190.048262][T17849] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1190.102974][T17694] veth0_macvtap: entered promiscuous mode [ 1190.111902][T17694] veth1_macvtap: entered promiscuous mode [ 1190.296085][T17694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1190.309121][T17694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.324146][T17457] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1190.329736][T17694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1190.343118][T17694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.363575][T17694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1190.407478][T17694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.418322][T17694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1190.434886][T17694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.455806][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1190.467641][T17694] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1190.570319][T17457] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1190.592397][T17457] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1190.671506][T17694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1190.713237][T17694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.758460][T17457] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1190.767990][T17457] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1190.786448][T17457] usb 2-1: config 0 descriptor?? [ 1190.808659][T17694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1190.824483][T17694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.882469][T17857] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1190.891399][T17857] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1190.901485][T17694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1191.426818][T17694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1191.482269][T17457] usbhid 2-1:0.0: can't add hid device: -71 [ 1191.573703][T17457] usbhid: probe of 2-1:0.0 failed with error -71 [ 1191.585331][T17694] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1191.654406][T17457] usb 2-1: USB disconnect, device number 102 [ 1191.838476][T17694] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1191.878944][T17694] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1191.883672][T17866] loop5: detected capacity change from 0 to 512 [ 1191.916216][T17866] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1191.934658][T17694] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1191.948316][T17694] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1191.975605][T17866] EXT4-fs warning (device loop5): dx_probe:869: inode #2: comm syz.5.3298: Unimplemented hash flags: 0x0001 [ 1191.992338][T17866] EXT4-fs warning (device loop5): dx_probe:966: inode #2: comm syz.5.3298: Corrupt directory, running e2fsck is recommended [ 1192.007397][T17866] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 3: comm syz.5.3298: path /481/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=4294967295, rec_len=7, size=1024 fake=0 [ 1192.136015][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1192.194091][T17457] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1192.338378][T17880] loop6: detected capacity change from 0 to 2048 [ 1192.400525][T17457] usb 2-1: Using ep0 maxpacket: 32 [ 1192.420089][T17457] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1192.453947][T17457] usb 2-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 1192.480484][T17880] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1192.490579][T17457] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1192.522290][T17457] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1192.566537][T15861] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1192.614747][T15861] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1192.695247][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1192.770779][ T12] hsr_slave_0: left promiscuous mode [ 1192.795135][ T12] hsr_slave_1: left promiscuous mode [ 1192.826335][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1192.837183][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1192.846054][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1192.853766][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1192.862143][ T12] bridge_slave_1: left allmulticast mode [ 1192.867948][ T12] bridge_slave_1: left promiscuous mode [ 1192.874149][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.891305][ T12] bridge_slave_0: left allmulticast mode [ 1192.907793][ T12] bridge_slave_0: left promiscuous mode [ 1192.925371][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1193.002896][ T12] veth1_macvtap: left promiscuous mode [ 1193.024173][ T12] veth0_macvtap: left promiscuous mode [ 1193.030498][ T12] veth1_vlan: left promiscuous mode [ 1193.036024][ T12] veth0_vlan: left promiscuous mode [ 1193.185207][T17894] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1193.194297][T17894] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1194.164055][ T9496] usb 7-1: new high-speed USB device number 60 using dummy_hcd [ 1194.419514][ T9496] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1194.443251][ T9496] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1194.497571][ T9496] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1194.549875][ T9496] usb 7-1: config 0 descriptor?? [ 1194.771477][ T9496] usbhid 7-1:0.0: can't add hid device: -71 [ 1194.779876][ T9496] usbhid: probe of 7-1:0.0 failed with error -71 [ 1194.818708][ T9496] usb 7-1: USB disconnect, device number 60 [ 1195.217153][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1195.362993][ T9496] usb 7-1: new high-speed USB device number 61 using dummy_hcd [ 1195.409927][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1195.487477][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1195.555349][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1195.622553][ T9496] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1195.633608][ T9496] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1195.663413][ T9496] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1195.672961][ T9496] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1195.711548][ T9496] usb 7-1: config 0 descriptor?? [ 1196.077916][ T12] bond0 (unregistering): Released all slaves [ 1196.198031][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1196.208038][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1196.217287][T17907] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3306'. [ 1196.281874][T16851] usb 2-1: USB disconnect, device number 103 [ 1196.523633][T17913] loop5: detected capacity change from 0 to 512 [ 1196.547256][ T9496] usbhid 7-1:0.0: can't add hid device: -71 [ 1196.556811][ T9496] usbhid: probe of 7-1:0.0 failed with error -71 [ 1196.594015][ T9496] usb 7-1: USB disconnect, device number 61 [ 1196.633566][T17913] EXT4-fs: Ignoring removed oldalloc option [ 1196.834959][T17913] EXT4-fs (loop5): 1 truncate cleaned up [ 1196.841860][T17913] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1196.932357][T17926] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1196.941465][T17926] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1197.437469][ T12] IPVS: stop unused estimator thread 0... [ 1197.622978][T17931] loop7: detected capacity change from 0 to 2048 [ 1197.704110][T17937] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3309'. [ 1197.747547][T17931] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1197.775958][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1197.924860][T17694] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1198.013650][T17940] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1198.022957][T17940] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1199.594580][ T8] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1199.834018][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 1199.845339][ T23] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 1199.886535][ T8] usb 2-1: config 4 has an invalid interface number: 128 but max is 0 [ 1199.896981][ T8] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1199.908743][ T8] usb 2-1: config 4 has no interface number 0 [ 1199.924245][ T8] usb 2-1: config 4 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1199.954480][ T8] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1199.964340][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1199.985819][ T8] hub 2-1:4.128: bad descriptor, ignoring hub [ 1199.991956][ T8] hub: probe of 2-1:4.128 failed with error -5 [ 1200.001494][ T8] usbhid 2-1:4.128: couldn't find an input interrupt endpoint [ 1200.155842][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1200.171797][ T23] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1200.241433][T17974] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1200.250359][T17974] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1200.262909][ T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1200.386262][ T23] usb 6-1: config 0 descriptor?? [ 1200.822127][ T23] usbhid 6-1:0.0: can't add hid device: -71 [ 1200.828524][ T23] usbhid: probe of 6-1:0.0 failed with error -71 [ 1200.838117][ T23] usb 6-1: USB disconnect, device number 66 [ 1201.079132][T17979] netlink: 1752 bytes leftover after parsing attributes in process `syz.6.3319'. [ 1201.374388][ T23] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 1201.579196][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1201.584293][T17996] loop7: detected capacity change from 0 to 512 [ 1201.596953][ T23] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1201.610927][ T23] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1201.620782][ T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1201.823034][ T23] usb 6-1: config 0 descriptor?? [ 1201.826721][T17996] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1201.845039][T17996] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1201.973635][T18004] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1201.983099][T18004] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1202.626511][T17694] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1202.683772][ T8] usb 2-1: USB disconnect, device number 104 [ 1202.983242][T18019] netlink: 1752 bytes leftover after parsing attributes in process `syz.7.3328'. [ 1203.090766][ T23] usbhid 6-1:0.0: can't add hid device: -71 [ 1203.104507][ T23] usbhid: probe of 6-1:0.0 failed with error -71 [ 1203.138851][ T23] usb 6-1: USB disconnect, device number 67 [ 1203.223623][T18026] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1203.232879][T18026] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1204.150704][T18039] loop6: detected capacity change from 0 to 128 [ 1204.552053][ T28] audit: type=1800 audit(1773767924.335:488): pid=18039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3330" name="bus" dev="loop6" ino=1048817 res=0 errno=0 [ 1205.223835][T18046] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1205.233149][T18046] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1206.453997][T17457] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 1206.650166][T17457] usb 6-1: Using ep0 maxpacket: 32 [ 1206.666315][T17457] usb 6-1: config 4 has an invalid interface number: 128 but max is 0 [ 1206.703981][T17457] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1206.733980][T17457] usb 6-1: config 4 has no interface number 0 [ 1206.740161][T17457] usb 6-1: config 4 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1206.797387][T17457] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1206.831788][T17457] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1206.872785][T17457] hub 6-1:4.128: bad descriptor, ignoring hub [ 1206.904470][T17457] hub: probe of 6-1:4.128 failed with error -5 [ 1206.937819][T17457] usbhid 6-1:4.128: couldn't find an input interrupt endpoint [ 1207.193190][T18053] loop6: detected capacity change from 0 to 40427 [ 1207.211900][T18053] F2FS-fs (loop6): Invalid SB checksum offset: 0 [ 1207.230453][T18053] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock [ 1207.257184][T18053] F2FS-fs (loop6): invalid crc value [ 1207.343915][T18069] netlink: 1752 bytes leftover after parsing attributes in process `syz.7.3337'. [ 1207.531391][T18053] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0 [ 1207.538646][T18053] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 1207.639890][T18077] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1207.649000][T18077] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1208.292780][ T28] audit: type=1804 audit(1773767928.075:489): pid=18053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.3335" name="/newroot/519/file1/bus" dev="loop6" ino=10 res=1 errno=0 [ 1208.612907][T18082] syz.1.3340 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1208.814046][ T5836] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 1209.364444][ T9] usb 6-1: USB disconnect, device number 68 [ 1210.602439][ T5836] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1210.784548][T18107] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1210.793321][T18107] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1211.594946][ T5836] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1211.604377][ T5836] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1211.943138][ T5836] usb 8-1: config 0 descriptor?? [ 1212.024071][ T5836] usb 8-1: can't set config #0, error -71 [ 1212.072292][ T5836] usb 8-1: USB disconnect, device number 2 [ 1212.239926][T18121] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1212.355128][T18123] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.3347'. [ 1212.627945][ T9992] syz-executor: attempt to access beyond end of device [ 1212.627945][ T9992] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1212.704033][ T9992] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 1213.233135][T18144] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1213.242550][T18144] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1213.354113][ T5836] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 1213.544479][ T5836] usb 8-1: Using ep0 maxpacket: 32 [ 1213.654733][ T5836] usb 8-1: config 4 has an invalid interface number: 128 but max is 0 [ 1213.719539][ T5836] usb 8-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1213.788933][ T5836] usb 8-1: config 4 has no interface number 0 [ 1213.814066][ T5836] usb 8-1: config 4 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1213.843973][ T5836] usb 8-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1213.869367][ T5836] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1213.958392][ T5836] hub 8-1:4.128: bad descriptor, ignoring hub [ 1214.024003][ T5836] hub: probe of 8-1:4.128 failed with error -5 [ 1214.066095][ T5836] usbhid 8-1:4.128: couldn't find an input interrupt endpoint [ 1214.375918][T18160] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.3357'. [ 1214.483185][T18168] program syz.5.3358 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1214.492889][ T5836] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1214.627573][T18174] loop5: detected capacity change from 0 to 512 [ 1214.679197][T18174] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1214.693295][T18174] ext4 filesystem being mounted at /495/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1214.709495][ T5836] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1214.721833][ T5836] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1214.731655][ T5836] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1214.743812][ T5836] usb 2-1: config 0 descriptor?? [ 1214.884877][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1214.970737][ T5836] usbhid 2-1:0.0: can't add hid device: -71 [ 1214.984990][ T5836] usbhid: probe of 2-1:0.0 failed with error -71 [ 1215.004215][ T5836] usb 2-1: USB disconnect, device number 105 [ 1215.563987][ T5836] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 1215.797648][ T5836] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1215.818789][ T5836] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1215.833560][ T5836] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1215.881565][ T5836] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1215.923617][ T5836] usb 2-1: config 0 descriptor?? [ 1216.058704][T18217] loop7: detected capacity change from 0 to 512 [ 1216.084896][T16851] usb 8-1: USB disconnect, device number 3 [ 1216.797236][ T5836] usbhid 2-1:0.0: can't add hid device: -71 [ 1216.818552][ T5836] usbhid: probe of 2-1:0.0 failed with error -71 [ 1216.850173][ T5836] usb 2-1: USB disconnect, device number 106 [ 1217.571861][T18251] bridge0: port 1(bridge_slave_0) entered disabled state [ 1217.594296][T18251] bridge0: port 2(bridge_slave_1) entered disabled state [ 1217.670410][T18254] netlink: 'syz.6.3378': attribute type 16 has an invalid length. [ 1217.689003][T18254] netlink: 'syz.6.3378': attribute type 17 has an invalid length. [ 1217.709329][T18254] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1217.764472][ T23] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 1217.964633][ T23] usb 6-1: Using ep0 maxpacket: 32 [ 1217.979373][ T23] usb 6-1: config 4 has an invalid interface number: 128 but max is 0 [ 1218.006702][ T23] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1218.035182][ T23] usb 6-1: config 4 has no interface number 0 [ 1218.047675][ T23] usb 6-1: config 4 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1218.081384][ T23] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1218.104787][ T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1218.166204][ T23] hub 6-1:4.128: bad descriptor, ignoring hub [ 1218.172357][ T23] hub: probe of 6-1:4.128 failed with error -5 [ 1218.210998][ T23] usbhid 6-1:4.128: couldn't find an input interrupt endpoint [ 1218.815878][ T23] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1219.050918][T18301] vivid-000: ================= START STATUS ================= [ 1219.058999][T18301] vivid-000: Generate PTS: true [ 1219.063971][T18301] vivid-000: Generate SCR: true [ 1219.068852][T18301] tpg source WxH: 320x180 (Y'CbCr) [ 1219.074354][T18301] tpg field: 1 [ 1219.077739][T18301] tpg crop: 320x180@0x0 [ 1219.081904][T18301] tpg compose: 320x180@0x0 [ 1219.086809][T18301] tpg colorspace: 8 [ 1219.090799][T18301] tpg transfer function: 0/0 [ 1219.095418][T18301] tpg Y'CbCr encoding: 0/0 [ 1219.099920][T18301] tpg quantization: 0/0 [ 1219.104177][T18301] tpg RGB range: 0/2 [ 1219.108075][T18301] vivid-000: ================== END STATUS ================== [ 1219.361380][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1219.372449][ T23] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1219.381906][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1219.393318][ T23] usb 2-1: config 0 descriptor?? [ 1220.589788][ T23] usbhid 2-1:0.0: can't add hid device: -71 [ 1220.597599][ T23] usbhid: probe of 2-1:0.0 failed with error -71 [ 1220.606491][ T23] usb 2-1: USB disconnect, device number 107 [ 1220.894677][T17457] usb 6-1: USB disconnect, device number 69 [ 1220.994029][ T23] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1221.215910][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1221.244028][ T23] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1221.280358][ T23] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1221.290595][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1221.326943][ T23] usb 2-1: config 0 descriptor?? [ 1221.405031][T18318] bridge0: port 2(bridge_slave_1) entered disabled state [ 1221.412424][T18318] bridge0: port 1(bridge_slave_0) entered disabled state [ 1221.780751][T18318] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1221.832055][T18318] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1222.156297][T18318] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1222.162533][ T23] usbhid 2-1:0.0: can't add hid device: -71 [ 1222.165636][T18318] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1222.177296][ T23] usbhid: probe of 2-1:0.0 failed with error -71 [ 1222.181949][T18318] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1222.196049][T18318] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1222.206101][ T23] usb 2-1: USB disconnect, device number 108 [ 1222.268950][T18318] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1222.278030][T18318] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1222.287183][T18318] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1222.296246][T18318] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1222.311226][ T8] lo speed is unknown, defaulting to 1000 [ 1223.126798][T18358] vivid-000: ================= START STATUS ================= [ 1223.134571][T18358] vivid-000: Generate PTS: true [ 1223.139551][T18358] vivid-000: Generate SCR: true [ 1223.144537][T18358] tpg source WxH: 320x180 (Y'CbCr) [ 1223.149663][T18358] tpg field: 1 [ 1223.153039][T18358] tpg crop: 320x180@0x0 [ 1223.157357][T18358] tpg compose: 320x180@0x0 [ 1223.161786][T18358] tpg colorspace: 8 [ 1223.166360][T18358] tpg transfer function: 0/0 [ 1223.171175][T18358] tpg Y'CbCr encoding: 0/0 [ 1223.175748][T18358] tpg quantization: 0/0 [ 1223.180048][T18358] tpg RGB range: 0/2 [ 1223.184423][T18358] vivid-000: ================== END STATUS ================== [ 1223.356148][ T8] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 1223.532563][T18368] loop6: detected capacity change from 0 to 1024 [ 1223.569435][T18368] EXT4-fs: Ignoring removed oldalloc option [ 1223.590569][T18368] EXT4-fs: Ignoring removed bh option [ 1223.594614][ T8] usb 8-1: Using ep0 maxpacket: 32 [ 1223.617438][T18368] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1223.634234][ T8] usb 8-1: config 4 has an invalid interface number: 128 but max is 0 [ 1223.659465][ T8] usb 8-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1223.723481][ T8] usb 8-1: config 4 has no interface number 0 [ 1223.751167][T18368] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1223.753717][ T8] usb 8-1: config 4 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1223.914752][ T8] usb 8-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1223.949081][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1223.998750][ T8] hub 8-1:4.128: bad descriptor, ignoring hub [ 1224.018091][ T8] hub: probe of 8-1:4.128 failed with error -5 [ 1224.065992][ T8] usbhid 8-1:4.128: couldn't find an input interrupt endpoint [ 1224.094976][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1224.464080][ T8] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 1224.667068][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1224.691550][ T8] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1224.705047][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1224.725649][ T8] usb 6-1: config 0 descriptor?? [ 1225.004419][T18406] vivid-000: ================= START STATUS ================= [ 1225.012105][T18406] vivid-000: Generate PTS: true [ 1225.017429][T18406] vivid-000: Generate SCR: true [ 1225.022308][T18406] tpg source WxH: 320x180 (Y'CbCr) [ 1225.027516][T18406] tpg field: 1 [ 1225.030897][T18406] tpg crop: 320x180@0x0 [ 1225.035292][T18406] tpg compose: 320x180@0x0 [ 1225.039802][T18406] tpg colorspace: 8 [ 1225.043611][T18406] tpg transfer function: 0/0 [ 1225.048502][T18406] tpg Y'CbCr encoding: 0/0 [ 1225.053030][T18406] tpg quantization: 0/0 [ 1225.057284][T18406] tpg RGB range: 0/2 [ 1225.061191][T18406] vivid-000: ================== END STATUS ================== [ 1225.393092][ T8] usbhid 6-1:0.0: can't add hid device: -71 [ 1225.409999][ T8] usbhid: probe of 6-1:0.0 failed with error -71 [ 1225.445192][ T8] usb 6-1: USB disconnect, device number 70 [ 1225.475013][T18420] syzkaller0: entered promiscuous mode [ 1225.481859][T18420] syzkaller0: entered allmulticast mode [ 1225.518825][T18423] loop1: detected capacity change from 0 to 512 [ 1225.577269][ T5759] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1225.814826][T18324] usb 8-1: USB disconnect, device number 4 [ 1226.024430][ T8] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 1226.250712][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1226.276823][ T8] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1226.316190][ T8] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1226.343365][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1226.371815][ T8] usb 6-1: config 0 descriptor?? [ 1226.933422][T18465] syzkaller0: entered promiscuous mode [ 1226.954612][T18465] syzkaller0: entered allmulticast mode [ 1227.212564][ T8] usbhid 6-1:0.0: can't add hid device: -71 [ 1227.223638][T18476] loop1: detected capacity change from 0 to 1024 [ 1227.230483][ T8] usbhid: probe of 6-1:0.0 failed with error -71 [ 1227.243951][ T8] usb 6-1: USB disconnect, device number 71 [ 1227.253514][T18476] EXT4-fs: Ignoring removed oldalloc option [ 1227.254527][ T23] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 1227.268353][T18476] EXT4-fs: Ignoring removed bh option [ 1227.490950][ T23] usb 8-1: Using ep0 maxpacket: 32 [ 1227.503070][ T23] usb 8-1: config 4 has an invalid interface number: 128 but max is 0 [ 1227.535448][ T23] usb 8-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1227.555446][ T23] usb 8-1: config 4 has no interface number 0 [ 1227.572128][ T23] usb 8-1: config 4 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1227.608662][ T23] usb 8-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1227.621670][ T23] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1227.646288][ T23] hub 8-1:4.128: bad descriptor, ignoring hub [ 1227.652446][ T23] hub: probe of 8-1:4.128 failed with error -5 [ 1227.682920][ T23] usbhid 8-1:4.128: couldn't find an input interrupt endpoint [ 1227.891664][T18503] loop5: detected capacity change from 0 to 512 [ 1227.916349][T18503] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1228.001539][T18503] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 1228.559198][T18523] loop1: detected capacity change from 0 to 1024 [ 1228.568299][T18520] syzkaller0: entered promiscuous mode [ 1228.573814][T18520] syzkaller0: entered allmulticast mode [ 1228.595474][T18523] EXT4-fs: Ignoring removed oldalloc option [ 1228.625981][T18523] EXT4-fs: Ignoring removed bh option [ 1229.218464][ T23] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1230.087070][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1230.098932][T17475] usb 8-1: USB disconnect, device number 5 [ 1230.135786][ T23] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1230.186452][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1230.253817][ T23] usb 2-1: config 0 descriptor?? [ 1230.531819][ T23] usbhid 2-1:0.0: can't add hid device: -71 [ 1230.579707][ T23] usbhid: probe of 2-1:0.0 failed with error -71 [ 1230.639305][ T23] usb 2-1: USB disconnect, device number 109 [ 1231.346267][T18569] loop7: detected capacity change from 0 to 1024 [ 1231.371077][T18569] EXT4-fs: Ignoring removed oldalloc option [ 1231.392442][T18569] EXT4-fs: Ignoring removed bh option [ 1231.396075][T18568] syzkaller0: entered promiscuous mode [ 1231.415179][T18568] syzkaller0: entered allmulticast mode [ 1231.418786][T18569] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1231.484523][ T23] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1231.512684][T18569] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1231.691738][T18580] loop6: detected capacity change from 0 to 512 [ 1231.721134][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1231.732275][T17694] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1231.748686][ T23] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1231.808505][ T23] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1231.821350][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1231.832106][ T23] usb 2-1: config 0 descriptor?? [ 1231.972524][ T23] usb 2-1: can't set config #0, error -71 [ 1232.004568][ T23] usb 2-1: USB disconnect, device number 110 [ 1232.194250][ T27] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 1232.331775][T18598] loop6: detected capacity change from 0 to 1024 [ 1232.400458][T18598] EXT4-fs: Ignoring removed bh option [ 1232.485399][T18598] EXT4-fs (loop6): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1232.583189][T18598] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1232.754126][ T27] usb 8-1: Using ep0 maxpacket: 32 [ 1232.764880][ T27] usb 8-1: config 4 has an invalid interface number: 128 but max is 0 [ 1232.798554][ T27] usb 8-1: config 4 has no interface number 0 [ 1232.817868][ T27] usb 8-1: config 4 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1232.822614][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1232.836912][ T27] usb 8-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1232.860444][ T27] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1232.896277][ T27] hub 8-1:4.128: bad descriptor, ignoring hub [ 1232.902710][ T27] hub: probe of 8-1:4.128 failed with error -5 [ 1232.955675][T18614] syzkaller0: entered promiscuous mode [ 1232.957163][ T27] usbhid 8-1:4.128: couldn't find an input interrupt endpoint [ 1232.961181][T18614] syzkaller0: entered allmulticast mode [ 1233.003196][T18620] loop5: detected capacity change from 0 to 1024 [ 1233.022376][T18620] EXT4-fs: Ignoring removed oldalloc option [ 1233.041104][T18620] EXT4-fs: Ignoring removed bh option [ 1233.075148][T18620] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1233.133518][T18620] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1233.279349][ T9975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1233.363106][T18631] loop1: detected capacity change from 0 to 512 [ 1233.447414][ T5757] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1233.464356][ T9496] usb 7-1: new high-speed USB device number 62 using dummy_hcd [ 1233.598508][T18641] loop1: detected capacity change from 0 to 256 [ 1233.695896][ T9496] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1233.721224][ T9496] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1233.747248][ T9496] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1233.781888][ T9496] usb 7-1: config 0 descriptor?? [ 1234.004358][ T9496] usbhid 7-1:0.0: can't add hid device: -71 [ 1234.039502][ T9496] usbhid: probe of 7-1:0.0 failed with error -71 [ 1234.088048][ T9496] usb 7-1: USB disconnect, device number 62 [ 1234.573669][T18670] syzkaller0: entered promiscuous mode [ 1234.591267][T18670] syzkaller0: entered allmulticast mode [ 1234.597759][ T9496] usb 7-1: new high-speed USB device number 63 using dummy_hcd [ 1234.824160][ T9496] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1234.866993][ T9496] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1234.923433][ T9496] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1234.966771][ T9496] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1234.999106][ T9496] usb 7-1: config 0 descriptor?? [ 1235.100039][T18687] loop7: detected capacity change from 0 to 1024 [ 1235.107423][ T8] usb 8-1: USB disconnect, device number 6 [ 1235.115158][T18687] EXT4-fs: Ignoring removed oldalloc option [ 1235.133030][T18687] EXT4-fs: Ignoring removed bh option [ 1235.156368][T18687] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1235.243302][T18687] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1235.500906][T17694] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1235.824279][ T9496] usbhid 7-1:0.0: can't add hid device: -71 [ 1235.838153][ T9496] usbhid: probe of 7-1:0.0 failed with error -71 [ 1235.857839][ T9496] usb 7-1: USB disconnect, device number 63 [ 1236.472703][T18708] syzkaller0: entered promiscuous mode [ 1236.490280][T18708] syzkaller0: entered allmulticast mode [ 1236.685088][T17475] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 1236.778082][T18713] syzkaller0: entered promiscuous mode [ 1236.783613][T18713] syzkaller0: entered allmulticast mode [ 1236.894036][T17475] usb 8-1: Using ep0 maxpacket: 32 [ 1236.911903][T17475] usb 8-1: config 4 has an invalid interface number: 128 but max is 0 [ 1236.936792][T17475] usb 8-1: config 4 has no interface number 0 [ 1236.963509][T17475] usb 8-1: config 4 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1236.993459][T17475] usb 8-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1237.021874][T17475] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1237.066628][T17475] hub 8-1:4.128: bad descriptor, ignoring hub [ 1237.072769][T17475] hub: probe of 8-1:4.128 failed with error -5 [ 1237.085955][T17475] usbhid 8-1:4.128: couldn't find an input interrupt endpoint [ 1237.303988][ T8] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 1237.534200][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 1237.555407][ T8] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1237.579394][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1237.613985][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1237.637790][ T8] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1237.657764][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1237.681069][ T8] usb 2-1: Product: syz [ 1237.695750][ T8] usb 2-1: Manufacturer: syz [ 1237.700466][ T8] usb 2-1: SerialNumber: syz [ 1238.170755][ C0] raw-gadget.1 gadget.1: ignoring, device is not running [ 1238.185191][ T8] usb 2-1: 0:2 : does not exist [ 1238.198596][ T8] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1) [ 1238.273668][ T8] usb 2-1: USB disconnect, device number 111 [ 1238.311647][ T5759] udevd[5759]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1239.077842][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.084234][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.193996][T17475] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1239.396032][T17475] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1239.431446][T18744] syzkaller0: entered promiscuous mode [ 1239.433987][T17475] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1239.451135][T18744] syzkaller0: entered allmulticast mode [ 1239.466781][T17475] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1239.500372][T17475] usb 2-1: config 0 descriptor?? [ 1239.584300][ T27] usb 8-1: USB disconnect, device number 7 [ 1239.639605][T18746] syzkaller0: entered promiscuous mode [ 1239.663985][T18746] syzkaller0: entered allmulticast mode [ 1239.747047][T17475] usbhid 2-1:0.0: can't add hid device: -71 [ 1239.753102][T17475] usbhid: probe of 2-1:0.0 failed with error -71 [ 1239.786966][T17475] usb 2-1: USB disconnect, device number 112 [ 1240.151843][T18757] loop6: detected capacity change from 0 to 512 [ 1240.207779][T18757] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1240.258689][T18757] ext4 filesystem being mounted at /557/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1240.264844][T18762] lo speed is unknown, defaulting to 1000 [ 1240.354268][T17475] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 1240.417492][ T9992] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1240.549660][T17475] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1240.558671][T18766] loop6: detected capacity change from 0 to 512 [ 1240.562628][T17475] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1240.580300][T17475] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1240.589475][T17475] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1240.602240][T17475] usb 2-1: config 0 descriptor?? [ 1240.617057][ T5759] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1240.620143][ T28] audit: type=1326 audit(1773767960.405:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18761 comm="syz.5.3498" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efc32f9c799 code=0x0 [ 1241.016584][T18773] loop7: detected capacity change from 0 to 164 [ 1241.066555][ T8] usb 7-1: new high-speed USB device number 64 using dummy_hcd [ 1241.226032][T18775] syzkaller0: entered promiscuous mode [ 1241.231550][T18775] syzkaller0: entered allmulticast mode [ 1241.284563][ T8] usb 7-1: Using ep0 maxpacket: 32 [ 1241.295753][ T8] usb 7-1: config 4 has an invalid interface number: 128 but max is 0 [ 1241.309789][ T8] usb 7-1: config 4 has no interface number 0 [ 1241.317522][ T8] usb 7-1: config 4 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1241.347480][ T8] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1241.357042][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1241.380178][ T8] hub 7-1:4.128: bad descriptor, ignoring hub [ 1241.391557][ T8] hub: probe of 7-1:4.128 failed with error -5 [ 1241.411501][ T8] usbhid 7-1:4.128: couldn't find an input interrupt endpoint [ 1241.475547][T17475] usbhid 2-1:0.0: can't add hid device: -71 [ 1241.483595][T17475] usbhid: probe of 2-1:0.0 failed with error -71 [ 1241.492909][T17475] usb 2-1: USB disconnect, device number 113 [ 1241.627157][T18782] netlink: 'syz.5.3506': attribute type 16 has an invalid length. [ 1241.636268][T18782] netlink: 'syz.5.3506': attribute type 17 has an invalid length. [ 1241.679968][T18782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1241.689506][T18782] 8021q: adding VLAN 0 to HW filter on device team0 [ 1241.701347][T18782] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1241.719756][ T9] lo speed is unknown, defaulting to 1000 [ 1242.009016][T18788] loop5: detected capacity change from 0 to 128 [ 1242.129308][ T28] audit: type=1800 audit(1773767961.895:491): pid=18788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3507" name="bus" dev="loop5" ino=1048829 res=0 errno=0 [ 1242.749910][T18792] loop1: detected capacity change from 0 to 512 [ 1242.826599][ T5757] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1243.034495][T18799] syzkaller0: entered promiscuous mode [ 1243.041090][T18799] syzkaller0: entered allmulticast mode [ 1243.353806][T18803] syzkaller0: entered promiscuous mode [ 1243.360199][T18803] syzkaller0: entered allmulticast mode [ 1243.931247][ T27] usb 7-1: USB disconnect, device number 64 [ 1244.141593][T18816] loop6: detected capacity change from 0 to 128 [ 1245.229873][T18813] input: syz0 as /devices/virtual/input/input41 [ 1245.289208][ T28] audit: type=1800 audit(1773767965.065:492): pid=18814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3517" name="bus" dev="loop6" ino=1048831 res=0 errno=0 [ 1245.443771][T18821] tipc: Started in network mode [ 1245.448879][T18821] tipc: Node identity 7668180690f8, cluster identity 4711 [ 1245.466912][T18821] tipc: Enabled bearer , priority 0 [ 1245.494353][T18818] tipc: Resetting bearer [ 1245.762107][T18817] tipc: Disabling bearer [ 1246.195099][T18831] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3521'. [ 1246.405131][T18833] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3521'. [ 1246.445650][T18834] syzkaller0: entered promiscuous mode [ 1246.463960][T18834] syzkaller0: entered allmulticast mode [ 1246.849051][T18845] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 1247.200545][T18855] loop6: detected capacity change from 0 to 1024 [ 1247.254032][ T27] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 1247.277089][T18855] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1247.354275][T18855] ================================================================== [ 1247.362406][T18855] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 1247.370259][T18855] Read of size 18446744073709551588 at addr ffff88807e179840 by task syz.6.3527/18855 [ 1247.379808][T18855] [ 1247.382138][T18855] CPU: 0 PID: 18855 Comm: syz.6.3527 Not tainted syzkaller #0 [ 1247.389596][T18855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1247.399692][T18855] Call Trace: [ 1247.402998][T18855] [ 1247.405942][T18855] dump_stack_lvl+0x18c/0x250 [ 1247.410714][T18855] ? read_lock_is_recursive+0x20/0x20 [ 1247.416226][T18855] ? show_regs_print_info+0x20/0x20 [ 1247.421456][T18855] ? load_image+0x400/0x400 [ 1247.426025][T18855] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 1247.431638][T18855] ? __virt_addr_valid+0x18c/0x540 [ 1247.436806][T18855] ? __virt_addr_valid+0x469/0x540 [ 1247.441967][T18855] print_report+0xa8/0x210 [ 1247.446436][T18855] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 1247.451922][T18855] kasan_report+0x117/0x150 [ 1247.456472][T18855] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 1247.461952][T18855] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 1247.463997][ T27] usb 2-1: Using ep0 maxpacket: 32 [ 1247.467413][T18855] kasan_check_range+0x241/0x290 [ 1247.467441][T18855] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 1247.467464][T18855] __asan_memmove+0x29/0x70 [ 1247.484666][ T27] usb 2-1: config 4 has an invalid interface number: 128 but max is 0 [ 1247.487523][T18855] ext4_xattr_set_entry+0x94b/0x1e90 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1247.487567][T18855] ext4_xattr_block_set+0xae8/0x32b0 [ 1247.500425][ T27] usb 2-1: config 4 has no interface number 0 [ 1247.501161][T18855] ? ext4_destroy_inode+0x200/0x200 [ 1247.510048][ T27] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1247.512582][T18855] ? proc_nr_inodes+0x230/0x230 [ 1247.532683][T18855] ? do_raw_spin_unlock+0x121/0x230 [ 1247.537907][T18855] ? _raw_spin_unlock+0x28/0x40 [ 1247.542779][T18855] ? ext4_xattr_block_find+0x350/0x350 [ 1247.548271][T18855] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 1247.554018][T18855] ext4_xattr_set_handle+0xe2e/0x14c0 [ 1247.559423][T18855] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 1247.565433][T18855] ? __ext4_journal_start_sb+0x259/0x560 [ 1247.571120][T18855] ext4_xattr_set+0x252/0x340 [ 1247.575853][T18855] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 1247.581606][T18855] ? evm_protected_xattr_common+0x170/0x190 [ 1247.587666][T18855] ? ext4_xattr_security_get+0x40/0x40 [ 1247.593139][T18855] __vfs_setxattr+0x431/0x470 [ 1247.597839][T18855] __vfs_setxattr_noperm+0x12d/0x5e0 [ 1247.603149][T18855] vfs_setxattr+0x16b/0x2f0 [ 1247.603942][ T27] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1247.607657][T18855] ? xattr_permission+0x470/0x470 [ 1247.621691][T18855] ? __mnt_want_write+0x223/0x2a0 [ 1247.626738][T18855] ? path_setxattr+0x3a1/0x5d0 [ 1247.631530][T18855] path_setxattr+0x3f3/0x5d0 [ 1247.636136][T18855] ? simple_xattrs_free+0x150/0x150 [ 1247.641371][T18855] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1247.647569][T18855] ? lock_chain_count+0x20/0x20 [ 1247.652433][T18855] __x64_sys_setxattr+0xbb/0xd0 [ 1247.657307][T18855] do_syscall_64+0x55/0xa0 [ 1247.661737][T18855] ? clear_bhb_loop+0x40/0x90 [ 1247.666570][T18855] ? clear_bhb_loop+0x40/0x90 [ 1247.671271][T18855] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1247.677173][T18855] RIP: 0033:0x7f1f2bd9c799 [ 1247.681708][T18855] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1247.701603][T18855] RSP: 002b:00007f1f2cc15028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 1247.710036][T18855] RAX: ffffffffffffffda RBX: 00007f1f2c015fa0 RCX: 00007f1f2bd9c799 [ 1247.718114][T18855] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 1247.723924][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1247.726082][T18855] RBP: 00007f1f2be32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1247.742230][T18855] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 1247.750213][T18855] R13: 00007f1f2c016038 R14: 00007f1f2c015fa0 R15: 00007ffe75f11418 [ 1247.754042][ T27] usb 2-1: can't set config #4, error -71 [ 1247.758188][T18855] [ 1247.766931][T18855] [ 1247.769279][T18855] Allocated by task 18855: [ 1247.773710][T18855] kasan_set_track+0x4e/0x70 [ 1247.778319][T18855] __kasan_kmalloc+0x8f/0xa0 [ 1247.780590][ T27] usb 2-1: USB disconnect, device number 114 [ 1247.783084][T18855] __kmalloc_node_track_caller+0xb2/0x230 [ 1247.794964][T18855] kmemdup+0x2b/0x70 [ 1247.798881][T18855] ext4_xattr_block_set+0x9ea/0x32b0 [ 1247.804158][T18855] ext4_xattr_set_handle+0xe2e/0x14c0 [ 1247.809554][T18855] ext4_xattr_set+0x252/0x340 [ 1247.814249][T18855] __vfs_setxattr+0x431/0x470 [ 1247.819109][T18855] __vfs_setxattr_noperm+0x12d/0x5e0 [ 1247.824411][T18855] vfs_setxattr+0x16b/0x2f0 [ 1247.828923][T18855] path_setxattr+0x3f3/0x5d0 [ 1247.833522][T18855] __x64_sys_setxattr+0xbb/0xd0 [ 1247.838377][T18855] do_syscall_64+0x55/0xa0 [ 1247.843068][T18855] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1247.848970][T18855] [ 1247.851292][T18855] Last potentially related work creation: [ 1247.857350][T18855] kasan_save_stack+0x3e/0x60 [ 1247.862036][T18855] __kasan_record_aux_stack+0xaf/0xc0 [ 1247.867420][T18855] call_rcu+0x153/0x950 [ 1247.871589][T18855] rxrpc_lookup_local+0xf11/0x1610 [ 1247.877076][T18855] rxrpc_sendmsg+0x30a/0x5b0 [ 1247.881738][T18855] sock_write_iter+0x2df/0x420 [ 1247.886597][T18855] io_write+0xa3b/0x1970 [ 1247.890884][T18855] io_issue_sqe+0x289/0xc90 [ 1247.895485][T18855] io_submit_sqes+0xa8a/0x1d00 [ 1247.900263][T18855] __se_sys_io_uring_enter+0x315/0x2540 [ 1247.905831][T18855] do_syscall_64+0x55/0xa0 [ 1247.910271][T18855] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1247.916180][T18855] [ 1247.918504][T18855] Second to last potentially related work creation: [ 1247.925084][T18855] kasan_save_stack+0x3e/0x60 [ 1247.929787][T18855] __kasan_record_aux_stack+0xaf/0xc0 [ 1247.935170][T18855] call_rcu+0x153/0x950 [ 1247.939337][T18855] rxrpc_lookup_local+0xf11/0x1610 [ 1247.944547][T18855] rxrpc_sendmsg+0x30a/0x5b0 [ 1247.949152][T18855] sock_write_iter+0x2df/0x420 [ 1247.954012][T18855] io_write+0xa3b/0x1970 [ 1247.958263][T18855] io_issue_sqe+0x289/0xc90 [ 1247.962796][T18855] io_submit_sqes+0xa8a/0x1d00 [ 1247.967550][T18855] __se_sys_io_uring_enter+0x315/0x2540 [ 1247.973269][T18855] do_syscall_64+0x55/0xa0 [ 1247.977875][T18855] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1247.984133][T18855] [ 1247.986444][T18855] The buggy address belongs to the object at ffff88807e179800 [ 1247.986444][T18855] which belongs to the cache kmalloc-1k of size 1024 [ 1248.000513][T18855] The buggy address is located 64 bytes inside of [ 1248.000513][T18855] 1024-byte region [ffff88807e179800, ffff88807e179c00) [ 1248.013792][T18855] [ 1248.016112][T18855] The buggy address belongs to the physical page: [ 1248.022612][T18855] page:ffffea0001f85e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e178 [ 1248.032913][T18855] head:ffffea0001f85e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1248.041878][T18855] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1248.049845][T18855] page_type: 0xffffffff() [ 1248.054251][T18855] raw: 00fff00000000840 ffff888017c41dc0 ffffea0001f5c200 dead000000000002 [ 1248.062810][T18855] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 1248.071812][T18855] page dumped because: kasan: bad access detected [ 1248.078228][T18855] page_owner tracks the page as allocated [ 1248.083920][T18855] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 10145, tgid 10145 (kworker/u4:9), ts 896307045281, free_ts 896299346448 [ 1248.104906][T18855] post_alloc_hook+0x1c1/0x200 [ 1248.109655][T18855] get_page_from_freelist+0x1951/0x19e0 [ 1248.115187][T18855] __alloc_pages+0x1f0/0x460 [ 1248.119807][T18855] alloc_slab_page+0x5d/0x160 [ 1248.124462][T18855] new_slab+0x87/0x2d0 [ 1248.128516][T18855] ___slab_alloc+0xc5d/0x12f0 [ 1248.133174][T18855] __kmem_cache_alloc_node+0x19e/0x250 [ 1248.138613][T18855] __kmalloc+0xa4/0x230 [ 1248.142753][T18855] ___neigh_create+0x6d2/0x2440 [ 1248.147656][T18855] ip6_finish_output2+0x1581/0x1630 [ 1248.152859][T18855] ndisc_send_skb+0xc26/0x14f0 [ 1248.157657][T18855] addrconf_dad_completed+0x7ef/0xd90 [ 1248.163026][T18855] addrconf_dad_work+0xc90/0x1530 [ 1248.168072][T18855] process_scheduled_works+0xa5d/0x15d0 [ 1248.173635][T18855] worker_thread+0xa55/0xfc0 [ 1248.178222][T18855] kthread+0x2fa/0x390 [ 1248.182270][T18855] page last free stack trace: [ 1248.186920][T18855] free_unref_page_prepare+0x7b2/0x8c0 [ 1248.192361][T18855] free_unref_page+0x32/0x2e0 [ 1248.197023][T18855] __unfreeze_partials+0x1cf/0x210 [ 1248.202112][T18855] put_cpu_partial+0x17c/0x250 [ 1248.206849][T18855] __slab_free+0x319/0x400 [ 1248.211239][T18855] qlist_free_all+0x75/0xd0 [ 1248.215732][T18855] kasan_quarantine_reduce+0x143/0x160 [ 1248.221195][T18855] __kasan_slab_alloc+0x22/0x80 [ 1248.226026][T18855] slab_post_alloc_hook+0x6e/0x4b0 [ 1248.231150][T18855] kmem_cache_alloc+0x11a/0x2d0 [ 1248.236010][T18855] vm_area_dup+0x27/0x270 [ 1248.240414][T18855] copy_mm+0xca8/0x1d50 [ 1248.244564][T18855] copy_process+0x16f7/0x3d80 [ 1248.249239][T18855] kernel_clone+0x24b/0x8a0 [ 1248.253754][T18855] __x64_sys_clone+0x1b7/0x230 [ 1248.258510][T18855] do_syscall_64+0x55/0xa0 [ 1248.262992][T18855] [ 1248.265498][T18855] Memory state around the buggy address: [ 1248.271330][T18855] ffff88807e179700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1248.279416][T18855] ffff88807e179780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1248.287631][T18855] >ffff88807e179800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1248.295667][T18855] ^ [ 1248.301792][T18855] ffff88807e179880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1248.309828][T18855] ffff88807e179900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1248.317888][T18855] ================================================================== [ 1248.351248][T18855] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1248.358475][T18855] CPU: 0 PID: 18855 Comm: syz.6.3527 Not tainted syzkaller #0 [ 1248.365927][T18855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1248.375983][T18855] Call Trace: [ 1248.379260][T18855] [ 1248.382203][T18855] dump_stack_lvl+0x18c/0x250 [ 1248.386879][T18855] ? show_regs_print_info+0x20/0x20 [ 1248.392089][T18855] ? load_image+0x400/0x400 [ 1248.396609][T18855] panic+0x2dc/0x730 [ 1248.400509][T18855] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1248.406665][T18855] ? bpf_jit_dump+0xd0/0xd0 [ 1248.411163][T18855] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 1248.417135][T18855] ? _raw_spin_unlock+0x40/0x40 [ 1248.422066][T18855] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 1248.427519][T18855] check_panic_on_warn+0x84/0xa0 [ 1248.432450][T18855] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 1248.437906][T18855] end_report+0x6f/0x130 [ 1248.442247][T18855] kasan_report+0x128/0x150 [ 1248.446787][T18855] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 1248.452255][T18855] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 1248.457712][T18855] kasan_check_range+0x241/0x290 [ 1248.462658][T18855] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 1248.468116][T18855] __asan_memmove+0x29/0x70 [ 1248.472612][T18855] ext4_xattr_set_entry+0x94b/0x1e90 [ 1248.477900][T18855] ext4_xattr_block_set+0xae8/0x32b0 [ 1248.483351][T18855] ? ext4_destroy_inode+0x200/0x200 [ 1248.488542][T18855] ? proc_nr_inodes+0x230/0x230 [ 1248.493387][T18855] ? do_raw_spin_unlock+0x121/0x230 [ 1248.498596][T18855] ? _raw_spin_unlock+0x28/0x40 [ 1248.503523][T18855] ? ext4_xattr_block_find+0x350/0x350 [ 1248.508988][T18855] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 1248.514377][T18855] ext4_xattr_set_handle+0xe2e/0x14c0 [ 1248.519749][T18855] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 1248.525811][T18855] ? __ext4_journal_start_sb+0x259/0x560 [ 1248.531437][T18855] ext4_xattr_set+0x252/0x340 [ 1248.536282][T18855] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 1248.542167][T18855] ? evm_protected_xattr_common+0x170/0x190 [ 1248.548148][T18855] ? ext4_xattr_security_get+0x40/0x40 [ 1248.553604][T18855] __vfs_setxattr+0x431/0x470 [ 1248.558278][T18855] __vfs_setxattr_noperm+0x12d/0x5e0 [ 1248.563643][T18855] vfs_setxattr+0x16b/0x2f0 [ 1248.568147][T18855] ? xattr_permission+0x470/0x470 [ 1248.573163][T18855] ? __mnt_want_write+0x223/0x2a0 [ 1248.578181][T18855] ? path_setxattr+0x3a1/0x5d0 [ 1248.582936][T18855] path_setxattr+0x3f3/0x5d0 [ 1248.587517][T18855] ? simple_xattrs_free+0x150/0x150 [ 1248.592713][T18855] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1248.598687][T18855] ? lock_chain_count+0x20/0x20 [ 1248.603525][T18855] __x64_sys_setxattr+0xbb/0xd0 [ 1248.608371][T18855] do_syscall_64+0x55/0xa0 [ 1248.612785][T18855] ? clear_bhb_loop+0x40/0x90 [ 1248.617450][T18855] ? clear_bhb_loop+0x40/0x90 [ 1248.622118][T18855] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1248.628011][T18855] RIP: 0033:0x7f1f2bd9c799 [ 1248.632415][T18855] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1248.652098][T18855] RSP: 002b:00007f1f2cc15028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 1248.660507][T18855] RAX: ffffffffffffffda RBX: 00007f1f2c015fa0 RCX: 00007f1f2bd9c799 [ 1248.668476][T18855] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 1248.676627][T18855] RBP: 00007f1f2be32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1248.684674][T18855] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 1248.692632][T18855] R13: 00007f1f2c016038 R14: 00007f1f2c015fa0 R15: 00007ffe75f11418 [ 1248.700652][T18855] [ 1248.703984][T18855] Kernel Offset: disabled [ 1248.708300][T18855] Rebooting in 86400 seconds..