last executing test programs: 3m4.7775563s ago: executing program 0 (id=1234): connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000000)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r3, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 3m3.508290299s ago: executing program 0 (id=1237): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4000001, 0x0, 0x5, 0x0, "0062092b95000004fdf5eb2bda00"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000001100)=0x12) 3m1.849411245s ago: executing program 0 (id=1242): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff018000"], 0x15) r2 = dup(r1) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b70300000000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 2m58.618620067s ago: executing program 0 (id=1246): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80) r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) socket$inet6(0xa, 0x2, 0x0) syz_emit_ethernet(0xbe, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3e, 0xb0, 0x64, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "197d25ab5c6cdbf01fe39863eb62f49000c3d6942a5e686ea59618aa7c984968", "12d234da810a504a6b0a4166eccca2e766c504479ebb08d334b334ee3d90b5ae5e1f8578858cec6b7f0937827e16b047", "3cec384575ba47e50f91fcc0eafcc824113d3c52b65c89357f4f3052", {"bd88a81b8301690b4baa4a55f96f03f3", "cc13d82e7d8ecbb5d90a4000d1d2d556"}}}}}}}, 0x0) 2m57.794452807s ago: executing program 0 (id=1250): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x2c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 2m57.075729078s ago: executing program 0 (id=1253): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r3 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0xad12, 0x0, 0x4, 0xffff7ffb}) r4 = getpgid(0x0) unshare(0x26020280) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000140)=[r4], 0x1}, 0x58) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) socket$inet(0x2, 0x6, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@grpquota}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFSLABEL(r5, 0x41009432, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r6, &(0x7f00000050c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r6, &(0x7f0000007100)={0x78, 0x0, r7, {0xa0, 0x6, 0x0, {0x4, 0x0, 0x9, 0x8, 0x0, 0x23, 0xfffff92f, 0x0, 0x4, 0xc000, 0x3ff, 0xee00, 0x0, 0x7fffffff, 0x4}}}, 0x78) write$FUSE_POLL(r5, &(0x7f0000000300)={0x18, 0xffffffffffffffda, r7, {0x3}}, 0x18) bind$l2tp(0xffffffffffffffff, 0x0, 0x0) 2m40.972183413s ago: executing program 32 (id=1253): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r3 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0xad12, 0x0, 0x4, 0xffff7ffb}) r4 = getpgid(0x0) unshare(0x26020280) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000140)=[r4], 0x1}, 0x58) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) socket$inet(0x2, 0x6, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@grpquota}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFSLABEL(r5, 0x41009432, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r6, &(0x7f00000050c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r6, &(0x7f0000007100)={0x78, 0x0, r7, {0xa0, 0x6, 0x0, {0x4, 0x0, 0x9, 0x8, 0x0, 0x23, 0xfffff92f, 0x0, 0x4, 0xc000, 0x3ff, 0xee00, 0x0, 0x7fffffff, 0x4}}}, 0x78) write$FUSE_POLL(r5, &(0x7f0000000300)={0x18, 0xffffffffffffffda, r7, {0x3}}, 0x18) bind$l2tp(0xffffffffffffffff, 0x0, 0x0) 6.783926791s ago: executing program 2 (id=1845): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000480)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0xffff, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x10, 0x4, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x9, 0x10000}]}}}}}}}, 0x0) 6.072011747s ago: executing program 2 (id=1848): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 5.944615812s ago: executing program 1 (id=1850): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000740)={0xfffffffb, 0x2, 0x1, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x404c534a, 0x0) r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', 0x0, 0x4000, &(0x7f0000000140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}]}}) syz_init_net_socket$netrom(0x6, 0x5, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000000c0), 0x9) socket$nl_sock_diag(0x10, 0x3, 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x24000080, 0x0, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="040e1a00031000"], 0xf) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x0) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 5.747995879s ago: executing program 4 (id=1852): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) write(r0, &(0x7f0000000440)="b1118e4ef6a4e608ff08000098ff93da14cd992576d7b365020000000000000067faa180669e4d00", 0x28) 4.976658926s ago: executing program 3 (id=1853): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xff, 0x1f}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000240)={0x8000000000000001, r0, 'id1\x00'}) ioctl$MON_IOCX_MFETCH(r4, 0xc0109207, &(0x7f0000000300)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4.877991055s ago: executing program 4 (id=1854): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x40}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {}, {0xe, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'rose0\x00'}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 4.296116558s ago: executing program 3 (id=1856): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x5adae000) madvise(&(0x7f0000553000/0x4000)=nil, 0x4000, 0x16) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 3.877406892s ago: executing program 4 (id=1858): r0 = memfd_secret(0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0) syz_io_uring_setup(0x78a2, &(0x7f00000010c0)={0x0, 0xc69d, 0x10000, 0x3, 0x1c}, 0x0, 0x0) 3.776990393s ago: executing program 1 (id=1859): r0 = socket$inet6(0xa, 0x3, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffc}, 0x28) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x10000, &(0x7f0000000040)={0xa, 0x4e21, 0x9, @private0, 0x23}, 0x1c) 3.407441542s ago: executing program 2 (id=1860): ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) syz_emit_vhci(&(0x7f0000002f80)=@HCI_EVENT_PKT={0x4, @hci_ev_pkt_type_change={{0x1d, 0x5}, {0x0, 0xc8}}}, 0x8) 3.218720426s ago: executing program 5 (id=1861): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffe, 0x1, 0x0, 0x0, 0x2001c084}, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.85720378s ago: executing program 3 (id=1862): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000000c0)={'team_slave_1\x00', 0x338d}) 2.850478267s ago: executing program 4 (id=1863): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002e00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92344f242b416ae9eeefc0e9c6f203cb1276bfdbb4ddffffff7f82dc2b938189a7ca02f732e4c2eab72bf40c0682fd0a0c4ac106b29e220dc2880072599456d4c4e6f3fe684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb39df9858037458a4ca037604007600b6be484e4c9517af216bd8ed42f7dd01008e49f4a94608c9a20819e02fc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8a80366ce5401ec61921a1b529cc8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa228504e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e0200000057033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400001000000000ff8d81006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb6b3cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864010067d6bab101446ebfe3fdeed7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6f4a78444986f9b1ab61f9dab53038010000004abbfc59d6d1b18fe380df4bf024f120bd755d82033f2fb7d8fc9e0de834f7646c8dd27da1297d0c77b294e097e293db7f002c0024ab2fb4d32972cba6f49051cec1ff5d16231bbb90a2d201a500000000000000007700b06fa191ebd3a0c2ef0058ffebd7cc4cf80f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f8107671141ffffffe0c7d8e94a27a06a4e3d9acee835fd0571e5bbb3e6d2b5eba505000000968983811f832dc5390f83e817c602c4f1f0d0504255c22ee8674053d0e160e5255366139bbe5863e23c3dd42d21f542816edf56a93d0a7e6f08f9ffffff64875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875857f083144c642f71cdc8e5634c1360c056430fe77ee7ed7ac1f9743786b2fb8e0fcfcc3d36c93230b7b1da97c971c8c84a427edc3492b97e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd194d48e50c84892c97c800d156b059a718f6b10274b077a710f27ab8ee953de70ea860b74a0f3c3dc11177b11cc2e62a95f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f7975fe599678fee48f83b5989543729e3600000000bc86cd51704f309130f534741377ea7b7bea3c46c0c4c4b7c27c5d057d95ac85a41cdcee8e6fa31f7d2137ed1fb4b21c13b9a2c5e3f7c9ef9e45a35adbf0b9312be929863f000000000000004a82bc080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561e34e4e8e51e81d4a355a7d00d917c16a2bb0cfb2b5f59dfead7ac6e7fa84746e2e425769b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb46e1878c5295fecc27f9c6d1f62da58c0002ea00000000009aa38a05e70591d5cdab1c488ef3c1984c7c0a566cfc2a080000009ec206a54fb49056a555414178ef00d8b8f3c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8adeaad7d3328fbb6e279f745d2872f0208635e465ca443c3a64c7803760880af23fb3f430a0311fffc96dd13b951642f1433f65b4e170a62a5f7b7d0f9d5cef0d17289c43d4aee0001f7a343899434594cc23e1c864164e130754b337e560f285dc670a31241bf657babf0615b85dc200a10294b7d5885b43ac62fc7f97a85586168483427072a535f2c7481ec261c00f725de74e48d9a86f7d4a5d28da3f099ca3e6472b9d7c86d961f525f799b4517141f018af0673b8296f867eca1ec07be11bc497a6f7d2b752bcf77c2908b64630e7fa0c2261bc2d5de32ab6bbcf296d36807544aa7c3d3301fe227b713a371414c98695e559f9cbf6b046184064a5f24a4cc6f41f21fc24a3ad7d20a89e00a9dc99a40f890869d35fba3ce6f297661d3f8ba21c65badf55d1859581f9e7ef3e2693b46a8fc85be061ce79a08002c04dc04de8b6536123b24be2ef80eb06b2db900fb30596c1574b2a31f81d61ccfd58080d2330b9c7b87b5d17d48c32daffead3414b91603e250eeedc7d601000000037426f643797be3e93da96b5643d3feed0b7c885d06006b830d7cbf3152f27522f5142dcc84a9e48a07518f0142167abf5d6685d09945cbc778bcc3e7dcfaee5d9c1689a3bafc0d3b51b5a3bfd6007954c36d532960964183842601e5364ecb6ad9168040388c7640bfa2f88643de7eebf4da8d1c3e76daace5217761d933d06bbe9609fcf5971aa1e77c3123910e63daaadd8878ad468eabaf78a96012a4ada1a9cd217fb2a0da2d521454ea9e8fcd3b5badfd6f00003a73345b841d04a02bf441955b932c59608a555bc44873272812e0fb874618a0b56b4cf44990f60000000000000000000000b20000da0ca6797590ed13b0bccf71a39e05e877893646d185a77882f866785af6b0149e336c31fb177e3e85f4c60cd4de4ce6ea73a95f434328620fa493937386ad2e2a0d60eb815aa05c33e02c32276dab36d14c63af66a31409ab2a403ec3c7a4e07bd745efa2835a8c932f22aa6da40af9bcdf808b916bc8deb37d5b8c422b65c42d17e61751c561ce775a31b52703d398d52694cfbb7d2b3791b030093b321d9f16b2f06676cf94d75cbba6491ae0b5a16ce92320321314d8d2e88d1cd7e7b1216bdaecba309a38e107103e649d46958cc6ba2d660dd41b78d832beb7206ae01508377273ea96e40760410aeed1866971e04f578e9d856d01000000045aea928f5f669be0636dc3f34f90c34531735f271527412d1ae755a9243da523d713071f9370b509a34eeb46415b2f0d271a7072cbd17e293f20132e6c15756e92776c6a0d7c3a9f512ce17edf3f1ea190853bbf93e220a6ce968b79d504c057000e7d8f8249a8158e68a90bbea8bfab2bd3c067c28e185fe62ce7020f5282cf045b9c790984c6fb65fd3187bd8bfcbe663df6b7770000f58fbad41e6eee5c9595950c4172b9c925403b2f99bbf3cb1981bb0d14bded8eae35e08278020a1ec7f508628056fd3d408a02a1cf8594bcbb21a88f477673442804f714212d000045b9f563b5352fe460a30489b1b6a6d37daead86151492f7fd4b5c64007b68a1b04027eac124478a2ef7f59fe472795785de83578cb96334e0f7c1370dc397d3aa42d937b5718b7610cdcdfe104db7801ec74980b8b111a2748321f81512e4204eb2b024b9fc9e0f257f8c6037b93b2caa236d4354b32434d5a6b01e00000000ee2ea723ea2e1accb97a200609c77e0000000000000000d3a54ccd6e13a966801e9341260d6cbce5fe03999214462cbaa297448677ab659102d0f430fbeae119a7ef2e962d2829d4dd2201c4b30d491269594c88252fbd09aced90609851bd9e5c307e7e0d39e73579c1f3563eff1a6237d3699d61acdc8e36010d76093ddd237df1c4181b0a0c4543b4249e9ff2f5e8b5e0ba2048d542de40f643fda4036124b8feb2dd45d0fa52300518c8052cc09ad73f89734fce82cc627356aa2c651ed2644f34cfbc32e8b29cf29e895e43b473ddb9a43421b4b25f8bbce8e2d7cb8547d156d5972021ae4c9e30f85413276ddebde55999d2ec3c524632b74d703147ba09e0dcb26c4b89636d28428b67e955f53bfd0c9eeb7a9d17000000000096cd8ecf1c511eea07aefa1c5cae1841efa9329d80eafefe00000000000000009111274a44c722ff9f5151aa7cb99ea3e8b2c51eadbd2d0ba1a25b08cc3e67cd186c12ea62a55ff905388bb30d1a63d42593c9aea3a84f5a6fc470d8aaaafeccb373ca26c3685679e6a048af19fca3fc5315a33687"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r1}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe28, 0xfffffffffffffff5, &(0x7f0000000980)="b0ff04c66b0d698cb89e2fe086dd1f74ffff06000000fe80000000000000ac14140746647b7954c4c06b580febc28eb143d0f6c0bad62c67a04402ba4125c7024f63fdb0b6c8ee826b4dfe6042a2f057c66cad677d850ea9928bcfcb47e585e427746ed3b27c40060cbd030a6d675c9926af53cd3085b24f9b7a486775c4f284f8c5a572ca115bce90c0ee9d4e7a07f5f1518092cb1f156694036f6618a59196631e6303fd5307d1112601d3641c9492f7dc3503416836b14590c53b1fc1ac149b70cc1142d6bc57fc3a76839fa2f96878b520fedfb9f64d81584a2e85ab4f6ec718b02d78f2ebf04e6b3b94610a21616181629a03c3dc0bf05e0a71f887833b81db7a10bc53259cb80716f6804934a411d424c1db98d454be1adb2776fdbb92b299d3b80af6987a871b4549fdb4c8297ee31ad925c8b0fb1a9d2589b08ed52602cbc26b56df71201bc4ea8621c56f33d251c1d4589af2dcd78fbb4e34bde02cb3920a30cee9489ee72c3e19304c16c2110e1839712d484b80abe77786a7e2ba834874a4e16b93dd07297554a06c2ad2c906f8ebb1db8730df096709184728d48f0a806696bd0d4b12d0064b933d9675353dae77fe8419451f85da63be78b70ca2a84a77f572d9f289d4313e6f6039fe756ac13a5d08838315dff44cda433cc7bc6b77449f8c", 0x0, 0x2f, 0xe8034000, 0xf000, 0xfffffffffffffe2a, &(0x7f0000000000), &(0x7f00000000c0)="c6769e45b7c61302926682c7f9e9bb5ba2b3cdf023e8da0392a4cd62e2370f25ae5ba0dab896bcf5b774cd28bebbde39f796ae27d04582bb7c03e9fe830ea22c9fd03f6d2779515fdad3f5d0de07b7b70996102fdb67b1e77a34a5b7136a212fa2c0ea502588309dc3e42c55a6f93e6ba5e1b492f9db48f0fdd2f9fb937b3e8a63dcf9dd855837433998ba579da27559", 0x5dc}, 0x28) 2.638719069s ago: executing program 2 (id=1864): open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50) open$dir(&(0x7f0000000000)='./file0\x00', 0x200, 0x12) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.413134417s ago: executing program 5 (id=1865): getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000440)=@assoc_value={0x0, 0xfc4}, &(0x7f0000000480)=0x8) r0 = fsopen(0x0, 0x0) fsmount(r0, 0x0, 0x5) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_WRITE_DEF_LINK_POLICY={{0xf}, 0x80}}}, 0x7) 2.412769674s ago: executing program 1 (id=1866): syz_emit_ethernet(0x3e, 0x0, 0x0) r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185) 2.248572767s ago: executing program 3 (id=1867): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x10) 1.997201569s ago: executing program 2 (id=1868): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x80, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000300)="93", 0x1, 0x14, &(0x7f0000000100)={0xa, 0x4e23, 0x7, @loopback}, 0x1c) sendmmsg$inet(r0, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="f1076d9d305873007cb8508d495fdb104e84dfc0489e6438a078b2a3948d34f06f54e6bd1cd8056957fcba082c934130c237eda18368924ae7f15d638235c0c9488ee95710c7ecdcba39d2940a5c90986a5acc06a9b7930d6acffbcd36289aa9a47f1df1ca888cc877e275a08bcfaa22", 0x70}, {0x0}], 0x2}}], 0x1, 0x24000094) 1.717448027s ago: executing program 5 (id=1869): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x8000, 0x700, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x6b, 0x0, 0x0, 0x29, 0x0, @multicast1, @empty}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x2, {{0x5, 0x4, 0x0, 0x24, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, @multicast1, @empty}}}}) 1.613617383s ago: executing program 3 (id=1870): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000080)=@assoc_value, &(0x7f00000000c0)=0x8) 1.600383374s ago: executing program 4 (id=1871): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30b529, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {}, {0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x2, 0xffffffffffffffff, 0xa, 0x8}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = dup(r2) setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="8200"]) 1.23295763s ago: executing program 1 (id=1872): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) pselect6(0x40, &(0x7f0000000040)={0x9, 0x62ca, 0x20, 0x0, 0x100000, 0xffffffffffffffff, 0x53, 0xecbc}, 0x0, 0x0, 0x0, 0x0) 1.219175454s ago: executing program 5 (id=1873): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f00000000c0)={@any, 0x7, 0x9, 0xa06a, 0x4, 0x5, "b6c319dc9f29a04efa58e4c2d1714caeca714d6d0192e619f1ae8493c113e386f9db1044e40b8cdccce46503a23b568cb347f0c58dcbdab556ef0f66211e0f86c09c8b8bede8f6068739348e0664c1806ec746ac89ab2c7941bb8677223b65bdcd1391303dc5c9580568bc30177d6c563ff130927789034dec42a05f8fc65e1e"}) 889.5374ms ago: executing program 3 (id=1874): r0 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r1], 0x54}}, 0x0) 825.240827ms ago: executing program 4 (id=1875): r0 = syz_open_dev$video(&(0x7f0000000b40), 0x7, 0x28000) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000580)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 718.688543ms ago: executing program 1 (id=1876): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0xdb, 0x3, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3}) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x86, 0xfff, 0x800}) dup(r2) close_range(r0, 0xffffffffffffffff, 0x0) 669.653497ms ago: executing program 5 (id=1877): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0) sendmsg$nl_generic(r0, 0x0, 0x84) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) syz_open_dev$vim2m(0x0, 0x7, 0x2) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) r2 = socket$packet(0x11, 0x2, 0x300) dup(r2) sendto$inet6(r1, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) r3 = socket$inet6(0xa, 0x3, 0x5) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) sendmmsg$inet6(r1, &(0x7f0000001080)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000040)="17", 0x1}], 0x1}}], 0x1, 0x40004) 516.234001ms ago: executing program 2 (id=1878): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d08030700000004000000000000000600142603600e120800110000810401110016000a00104005000000036010fab94dcf5c0461c1d67f6f94007134cf", 0x4f}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x18000000000002a0, 0xf, 0x3a, &(0x7f0000000040)="b90108001f", 0x0, 0x80100, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 22.754202ms ago: executing program 1 (id=1879): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file1\x00', 0x0, 0xa2) chdir(&(0x7f0000000140)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) linkat(r1, &(0x7f0000000100)='./file1\x00', r2, &(0x7f0000000240)='./bus\x00', 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) 0s ago: executing program 5 (id=1880): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb56450000822be3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) kernel console output (not intermixed with test programs): 314.649013][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.112610][ T6177] input: syz1 as /devices/virtual/input/input5 [ 315.331513][ T6179] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 315.986310][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 316.567093][ T6191] input: syz1 as /devices/virtual/input/input7 [ 316.843744][ T6196] netlink: 24 bytes leftover after parsing attributes in process `syz.3.80'. [ 317.547740][ T6202] netlink: 'syz.0.83': attribute type 10 has an invalid length. [ 317.670968][ T6202] team0: Port device dummy0 added [ 317.721449][ T6203] netlink: 'syz.0.83': attribute type 10 has an invalid length. [ 317.828299][ T6203] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 317.916839][ T6203] team0: Failed to send options change via netlink (err -105) [ 317.926524][ T6203] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 317.947410][ T6203] team0: Port device dummy0 removed [ 317.972175][ T6203] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 320.352411][ T6232] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 320.360194][ T6232] IPv6: NLM_F_CREATE should be set when creating new route [ 321.268513][ T6242] netlink: 'syz.4.100': attribute type 10 has an invalid length. [ 321.475871][ T6244] netlink: 'syz.4.100': attribute type 10 has an invalid length. [ 321.514571][ T6242] team0: Port device dummy0 added [ 321.598304][ T6244] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 321.719614][ T6244] team0: Failed to send options change via netlink (err -105) [ 321.736551][ T6244] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 321.749666][ T6244] team0: Port device dummy0 removed [ 321.775401][ T6244] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 321.787647][ T6249] binder: 6246:6249 ioctl c0306201 0 returned -14 [ 322.681599][ T6258] Zero length message leads to an empty skb [ 323.810226][ T6268] input: syz1 as /devices/virtual/input/input8 [ 324.167345][ T6272] loop4: detected capacity change from 0 to 512 [ 324.267898][ T6272] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 324.505165][ T6272] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 324.526120][ T6272] System zones: 0-2, 18-18, 34-34 [ 324.586768][ T6272] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 324.606549][ T6272] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 325.175272][ T6290] syz_tun: entered allmulticast mode [ 325.306814][ T6289] syz_tun: left allmulticast mode [ 325.441112][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.384236][ T6300] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 326.393924][ T6300] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 326.403601][ T6300] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 326.469247][ T6302] netlink: 8 bytes leftover after parsing attributes in process `syz.2.123'. [ 327.396978][ T6309] syz_tun: entered allmulticast mode [ 327.466660][ T6308] syz_tun: left allmulticast mode [ 327.819613][ T6314] loop4: detected capacity change from 0 to 1024 [ 327.846687][ T6314] EXT4-fs: Ignoring removed nobh option [ 327.853134][ T6314] EXT4-fs: Ignoring removed oldalloc option [ 327.860504][ T6314] EXT4-fs: Ignoring removed bh option [ 328.039013][ T6314] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 328.349440][ T6323] loop2: detected capacity change from 0 to 512 [ 328.441071][ T6323] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 328.505143][ T11] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 328.516527][ T6323] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 328.550040][ T6323] System zones: 0-2, 18-18, 34-34 [ 328.595490][ T6323] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 328.608950][ T6323] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 328.648860][ T6329] overlayfs: failed to resolve './file1': -2 [ 328.764602][ T11] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 328.775432][ T11] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 328.863322][ T11] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 328.873086][ T11] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 328.882086][ T11] usb 5-1: SerialNumber: syz [ 329.247422][ T11] usb 5-1: 0:2 : does not exist [ 329.442381][ T11] usb 5-1: USB disconnect, device number 2 [ 329.503053][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 329.962610][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 330.258941][ T6339] loop0: detected capacity change from 0 to 1024 [ 330.364427][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 331.255057][ T6348] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 331.346116][ T6339] mmap: syz.0.138 (6339) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 331.513781][ T5854] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 331.785602][ T5854] usb 2-1: Using ep0 maxpacket: 32 [ 331.884599][ T5854] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 331.896816][ T5854] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 332.163891][ T5854] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 332.179223][ T5854] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 332.190071][ T5854] usb 2-1: Product: syz [ 332.195033][ T5854] usb 2-1: Manufacturer: syz [ 332.199917][ T5854] usb 2-1: SerialNumber: syz [ 332.541494][ T5854] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input9 [ 332.835469][ T5851] usb 2-1: USB disconnect, device number 2 [ 332.918503][ T6356] overlayfs: failed to resolve './file1': -2 [ 332.947059][ T5851] appletouch 2-1:1.0: input: appletouch disconnected [ 333.968250][ T6362] loop4: detected capacity change from 0 to 512 [ 334.095680][ T6362] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 334.263584][ T6362] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 334.272372][ T6362] System zones: 0-2, 18-18, 34-34 [ 334.283765][ T5811] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 334.407161][ T6362] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 334.420575][ T6362] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 334.877430][ T6374] netlink: 'syz.3.151': attribute type 10 has an invalid length. [ 334.915254][ T6374] team0: Port device dummy0 added [ 335.061730][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 335.087077][ T6374] netlink: 'syz.3.151': attribute type 10 has an invalid length. [ 335.197872][ T6374] team0: Port device dummy0 removed [ 335.224288][ T6374] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 335.966720][ T6383] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 336.327631][ T6387] overlayfs: failed to resolve './file1': -2 [ 337.771325][ T5811] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 338.401259][ T1323] hfsplus: b-tree write err: -5, ino 4 [ 338.552084][ T6409] netlink: 'syz.2.167': attribute type 10 has an invalid length. [ 338.608919][ T6409] netlink: 'syz.2.167': attribute type 10 has an invalid length. [ 338.679134][ T6409] team0: Port device dummy0 removed [ 338.703420][ T6409] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 339.357363][ T6416] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 340.606136][ T6429] netlink: 44 bytes leftover after parsing attributes in process `syz.4.175'. [ 341.067759][ T6434] input: syz1 as /devices/virtual/input/input10 [ 341.382952][ T6437] loop3: detected capacity change from 0 to 1024 [ 341.960927][ T6444] netlink: 'syz.2.181': attribute type 10 has an invalid length. [ 342.012371][ T6439] loop4: detected capacity change from 0 to 1024 [ 342.075942][ T6439] EXT4-fs: Ignoring removed nobh option [ 342.076591][ T6447] netlink: 'syz.2.181': attribute type 10 has an invalid length. [ 342.082014][ T6439] EXT4-fs: Ignoring removed oldalloc option [ 342.097166][ T6439] EXT4-fs: Ignoring removed bh option [ 342.145597][ T6444] bond0: (slave dummy0): Releasing backup interface [ 342.189486][ T6444] team0: Port device dummy0 added [ 342.280858][ T6447] team0: Port device dummy0 removed [ 342.319896][ T6447] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 342.426140][ T6439] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 342.933686][ T1885] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 342.984264][ T6453] netlink: 'syz.0.183': attribute type 4 has an invalid length. [ 343.164541][ T6453] netlink: 'syz.0.183': attribute type 4 has an invalid length. [ 343.255167][ T1885] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 343.265897][ T1885] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 343.428222][ T1885] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 343.441593][ T1885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 343.451718][ T1885] usb 5-1: SerialNumber: syz [ 343.904908][ T1885] usb 5-1: 0:2 : does not exist [ 344.255117][ T1885] usb 5-1: USB disconnect, device number 3 [ 345.041236][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 345.556265][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 346.654289][ T6467] netlink: 44 bytes leftover after parsing attributes in process `syz.0.189'. [ 346.677099][ T3526] hfsplus: b-tree write err: -5, ino 4 [ 348.327763][ T6483] netlink: 'syz.1.196': attribute type 4 has an invalid length. [ 348.402550][ T6476] syz.3.191 (6476): drop_caches: 2 [ 348.586659][ T6483] netlink: 'syz.1.196': attribute type 4 has an invalid length. [ 349.424986][ T6489] loop3: detected capacity change from 0 to 1024 [ 349.481307][ T6489] EXT4-fs: Ignoring removed nobh option [ 349.487750][ T6489] EXT4-fs: Ignoring removed oldalloc option [ 349.494431][ T6489] EXT4-fs: Ignoring removed bh option [ 349.616280][ T6489] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 350.023764][ T1885] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 350.260454][ T6505] netlink: 'syz.2.203': attribute type 10 has an invalid length. [ 350.263861][ T1885] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 350.279339][ T1885] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 350.285555][ T6503] loop4: detected capacity change from 0 to 1024 [ 350.346308][ T6505] bond0: (slave dummy0): Releasing backup interface [ 350.387714][ T1885] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 350.404603][ T1885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 350.412962][ T1885] usb 4-1: SerialNumber: syz [ 350.417020][ T6505] team0: Port device dummy0 added [ 350.758967][ T1885] usb 4-1: 0:2 : does not exist [ 351.008789][ T1885] usb 4-1: USB disconnect, device number 2 [ 351.657045][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 351.982820][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 352.419921][ T6511] syz.1.205 (6511): drop_caches: 2 [ 352.627616][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 352.634808][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 354.384272][ T6528] netlink: 'syz.1.211': attribute type 4 has an invalid length. [ 354.646148][ T6530] netlink: 20 bytes leftover after parsing attributes in process `syz.1.211'. [ 354.886797][ T6528] netlink: 'syz.1.211': attribute type 4 has an invalid length. [ 354.961075][ T3526] hfsplus: b-tree write err: -5, ino 4 [ 357.448493][ T6562] loop2: detected capacity change from 0 to 1024 [ 358.467430][ T6555] syz.1.221 (6555): drop_caches: 2 [ 362.553714][ T1310] hfsplus: b-tree write err: -5, ino 4 [ 363.253815][ T6600] syz_tun: entered allmulticast mode [ 363.451129][ T6599] syz_tun: left allmulticast mode [ 365.362995][ T6617] loop1: detected capacity change from 0 to 1024 [ 366.797760][ T6632] netlink: 'syz.3.255': attribute type 10 has an invalid length. [ 368.092859][ T6629] syz.2.253 (6629): drop_caches: 2 [ 370.172507][ T1310] hfsplus: b-tree write err: -5, ino 4 [ 371.196310][ T6657] loop0: detected capacity change from 0 to 512 [ 371.228480][ T6665] input: syz1 as /devices/virtual/input/input11 [ 371.242668][ T6657] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 371.312223][ T6657] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 371.357373][ T6657] System zones: 0-2, 18-18, 34-34 [ 371.546401][ T6657] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 371.559828][ T6657] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 372.675136][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 373.632332][ T6689] loop2: detected capacity change from 0 to 1024 [ 373.681151][ T6691] netlink: 'syz.4.278': attribute type 4 has an invalid length. [ 376.621375][ T6712] input: syz1 as /devices/virtual/input/input12 [ 377.415826][ T3526] hfsplus: b-tree write err: -5, ino 4 [ 377.964826][ T6724] netlink: 'syz.1.292': attribute type 4 has an invalid length. [ 380.229997][ T6749] loop1: detected capacity change from 0 to 1024 [ 381.955076][ T6761] syz_tun: entered allmulticast mode [ 382.048259][ T6760] syz_tun: left allmulticast mode [ 382.248885][ T6763] overlayfs: missing 'lowerdir' [ 384.359724][ T1310] hfsplus: b-tree write err: -5, ino 4 [ 386.348351][ T6781] syz.4.318 (6781): drop_caches: 2 [ 389.224671][ T6825] loop2: detected capacity change from 0 to 1024 [ 389.291858][ T6825] EXT4-fs: Ignoring removed nobh option [ 389.299362][ T6825] EXT4-fs: Ignoring removed oldalloc option [ 389.305900][ T6825] EXT4-fs: Ignoring removed bh option [ 389.467244][ T6825] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 389.853652][ T1885] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 390.048917][ T1885] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 390.059836][ T1885] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 390.108978][ T1885] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 390.119178][ T1885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 390.131480][ T1885] usb 3-1: SerialNumber: syz [ 390.446878][ T1885] usb 3-1: 0:2 : does not exist [ 390.488293][ T5811] Bluetooth: hci0: command 0x0406 tx timeout [ 390.495820][ T5811] Bluetooth: hci1: command 0x0406 tx timeout [ 390.507077][ T5811] Bluetooth: hci2: command 0x0406 tx timeout [ 390.508558][ T5091] Bluetooth: hci3: command 0x0406 tx timeout [ 390.567722][ T1885] usb 3-1: USB disconnect, device number 2 [ 390.943332][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 391.280401][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 393.538131][ T6869] netlink: 'syz.4.353': attribute type 4 has an invalid length. [ 394.450295][ T6879] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 394.460095][ T6879] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 394.495825][ T6875] loop3: detected capacity change from 0 to 1024 [ 394.586040][ T6875] EXT4-fs: Ignoring removed nobh option [ 394.592294][ T6875] EXT4-fs: Ignoring removed oldalloc option [ 394.599020][ T6875] EXT4-fs: Ignoring removed bh option [ 394.706636][ T6875] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 395.104918][ T5854] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 395.318146][ T5854] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 395.329081][ T5854] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 395.408283][ T5854] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 395.419273][ T5854] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 395.428756][ T5854] usb 4-1: SerialNumber: syz [ 395.689764][ T5854] usb 4-1: 0:2 : does not exist [ 395.845289][ T5854] usb 4-1: USB disconnect, device number 3 [ 396.078223][ T6895] process 'syz.0.363' launched './file0' with NULL argv: empty string added [ 396.158425][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 396.606988][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 397.494416][ T6907] netlink: 'syz.0.367': attribute type 4 has an invalid length. [ 398.396825][ T6915] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 398.407302][ T6915] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 398.636183][ T6919] overlayfs: missing 'lowerdir' [ 398.726028][ T6918] syz.0.372 (6918): drop_caches: 2 [ 398.817616][ T6914] syz.3.370 (6914): drop_caches: 2 [ 398.867235][ T6914] syz.3.370 (6914): drop_caches: 2 [ 398.875176][ T6918] syz.0.372 (6918): drop_caches: 2 [ 399.807195][ T6926] loop4: detected capacity change from 0 to 1024 [ 399.870731][ T6926] EXT4-fs: Ignoring removed nobh option [ 399.877290][ T6926] EXT4-fs: Ignoring removed oldalloc option [ 399.885385][ T6926] EXT4-fs: Ignoring removed bh option [ 400.108731][ T6926] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 400.486211][ T1885] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 400.792526][ T1885] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 400.803634][ T1885] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 400.869650][ T1885] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 400.885077][ T1885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 400.893585][ T1885] usb 5-1: SerialNumber: syz [ 401.296363][ T1885] usb 5-1: 0:2 : does not exist [ 401.329172][ T6947] netlink: 'syz.0.382': attribute type 4 has an invalid length. [ 401.486011][ T1885] usb 5-1: USB disconnect, device number 4 [ 401.884991][ T6949] syz.2.383 (6949): drop_caches: 2 [ 402.063535][ T6949] syz.2.383 (6949): drop_caches: 2 [ 402.161971][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 402.229216][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 402.424768][ T6953] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 402.434136][ T6953] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 403.270394][ T6962] syz.2.389 (6962): drop_caches: 2 [ 403.405793][ T6962] syz.2.389 (6962): drop_caches: 2 [ 404.015857][ T6971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.394'. [ 404.432091][ T6968] syz.1.392 (6968): drop_caches: 2 [ 404.461865][ T6968] syz.1.392 (6968): drop_caches: 2 [ 404.559739][ T6976] netlink: 'syz.3.395': attribute type 4 has an invalid length. [ 405.542153][ T6985] loop4: detected capacity change from 0 to 1024 [ 405.566801][ T6985] EXT4-fs: Ignoring removed nobh option [ 405.573057][ T6985] EXT4-fs: Ignoring removed oldalloc option [ 405.579709][ T6985] EXT4-fs: Ignoring removed bh option [ 405.616247][ T6988] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 405.625510][ T6988] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 405.689413][ T6990] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 405.703474][ T6990] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 405.712864][ T6990] overlayfs: missing 'lowerdir' [ 405.831891][ T6985] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 406.384878][ T5854] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 406.389418][ T7000] warning: `syz.1.403' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 406.647632][ T5854] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 406.658594][ T5854] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 406.756881][ T5854] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 406.766915][ T5854] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 406.775946][ T5854] usb 5-1: SerialNumber: syz [ 407.126111][ T5854] usb 5-1: 0:2 : does not exist [ 407.360086][ T5854] usb 5-1: USB disconnect, device number 5 [ 408.030043][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 408.133007][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 409.199653][ T7026] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 409.210451][ T7026] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 409.383768][ T7028] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 409.397554][ T7028] overlayfs: missing 'lowerdir' [ 409.973057][ T7032] overlayfs: missing 'lowerdir' [ 410.571761][ T7039] loop0: detected capacity change from 0 to 1024 [ 410.670772][ T7039] EXT4-fs: Ignoring removed nobh option [ 410.677320][ T7039] EXT4-fs: Ignoring removed oldalloc option [ 410.683893][ T7039] EXT4-fs: Ignoring removed bh option [ 410.860605][ T7039] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 411.364618][ T5854] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 411.580852][ T5854] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 411.591673][ T5854] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 411.698197][ T5854] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 411.708171][ T5854] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 411.718280][ T5854] usb 1-1: SerialNumber: syz [ 412.082556][ T5854] usb 1-1: 0:2 : does not exist [ 412.434904][ T7058] syzkaller0: entered promiscuous mode [ 412.440712][ T7058] syzkaller0: entered allmulticast mode [ 412.467717][ T5854] usb 1-1: USB disconnect, device number 2 [ 412.710152][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 413.113888][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 413.434228][ T7065] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 413.444227][ T7065] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 413.829462][ T7070] netlink: 'syz.0.432': attribute type 10 has an invalid length. [ 413.879708][ T7071] netlink: 8 bytes leftover after parsing attributes in process `syz.3.433'. [ 414.047499][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 414.054665][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 414.465376][ T7076] overlayfs: missing 'lowerdir' [ 414.554660][ T7078] syz_tun: entered allmulticast mode [ 414.592627][ T7077] syz_tun: left allmulticast mode [ 415.171270][ T7083] syz.3.437 (7083): drop_caches: 2 [ 415.338819][ T7083] syz.3.437 (7083): drop_caches: 2 [ 416.262730][ T7094] loop1: detected capacity change from 0 to 1024 [ 416.361519][ T7094] EXT4-fs: Ignoring removed nobh option [ 416.367952][ T7094] EXT4-fs: Ignoring removed oldalloc option [ 416.374695][ T7094] EXT4-fs: Ignoring removed bh option [ 416.390799][ T7100] loop3: detected capacity change from 0 to 512 [ 416.505691][ T7100] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 416.644982][ T7100] EXT4-fs (loop3): orphan cleanup on readonly fs [ 416.683303][ T7094] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 416.732212][ T7100] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 416.760484][ T7100] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 416.811741][ T7100] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #16: comm syz.3.444: invalid fast symlink length 9000 [ 416.847701][ T7100] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.444: couldn't read orphan inode 16 (err -117) [ 416.880515][ T7100] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 416.934408][ T5854] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 417.017210][ T7108] overlayfs: missing 'lowerdir' [ 417.093505][ T1885] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 417.158738][ T5854] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 417.173629][ T5854] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 417.188694][ T5854] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 417.198308][ T5854] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.237354][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 417.328961][ T1885] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 417.339720][ T1885] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 417.435266][ T1885] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 417.448721][ T1885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 417.457259][ T1885] usb 2-1: SerialNumber: syz [ 417.498932][ T5854] usb 1-1: usb_control_msg returned -32 [ 417.505343][ T5854] usbtmc 1-1:16.0: can't read capabilities [ 417.911772][ T1885] usb 2-1: 0:2 : does not exist [ 418.103891][ T7120] netlink: 'syz.3.448': attribute type 10 has an invalid length. [ 418.179616][ T1885] usb 2-1: USB disconnect, device number 3 [ 418.431992][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 418.875891][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 419.686078][ T7132] netlink: 'syz.2.453': attribute type 10 has an invalid length. [ 419.717605][ T7132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.739257][ T7132] team0: Port device bond0 added [ 420.034162][ T1885] usb 1-1: USB disconnect, device number 3 [ 420.260492][ T7137] syz.4.454 (7137): drop_caches: 2 [ 420.312087][ T7137] syz.4.454 (7137): drop_caches: 2 [ 420.974959][ T7144] overlayfs: missing 'lowerdir' [ 421.551884][ T7150] loop1: detected capacity change from 0 to 1024 [ 422.307901][ T7156] loop2: detected capacity change from 0 to 1024 [ 422.376629][ T7156] EXT4-fs: Ignoring removed nobh option [ 422.387572][ T7156] EXT4-fs: Ignoring removed oldalloc option [ 422.395435][ T7156] EXT4-fs: Ignoring removed bh option [ 422.599328][ T7156] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 423.091670][ T5854] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 423.384023][ T5854] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 423.394925][ T5854] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 423.548647][ T5854] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 423.559784][ T5854] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 423.568684][ T5854] usb 3-1: SerialNumber: syz [ 424.083372][ T5854] usb 3-1: 0:2 : does not exist [ 424.316536][ T5854] usb 3-1: USB disconnect, device number 3 [ 425.165011][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 425.307273][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 425.604412][ T7178] netlink: 'syz.3.469': attribute type 4 has an invalid length. [ 425.971979][ T4455] hfsplus: b-tree write err: -5, ino 4 [ 426.027635][ T7181] loop4: detected capacity change from 0 to 512 [ 426.194918][ T7181] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 426.315239][ T7181] EXT4-fs (loop4): orphan cleanup on readonly fs [ 426.340629][ T7181] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 426.387710][ T7181] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 426.464608][ T7181] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #16: comm syz.4.470: invalid fast symlink length 9000 [ 426.526845][ T7181] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.470: couldn't read orphan inode 16 (err -117) [ 426.559830][ T7188] overlayfs: missing 'lowerdir' [ 426.632689][ T7181] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 426.887678][ T7190] overlayfs: missing 'lowerdir' [ 427.223408][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 428.434064][ T7208] syz.2.480 (7208): drop_caches: 2 [ 428.509287][ T7208] syz.2.480 (7208): drop_caches: 2 [ 428.656212][ T7210] syz.0.481 (7210): drop_caches: 2 [ 428.685599][ T7210] syz.0.481 (7210): drop_caches: 2 [ 429.324447][ T7215] netlink: 'syz.4.484': attribute type 4 has an invalid length. [ 430.173633][ T7223] netlink: 'syz.1.487': attribute type 10 has an invalid length. [ 430.347349][ T7225] 9pnet_fd: Insufficient options for proto=fd [ 431.728210][ T7238] overlayfs: missing 'workdir' [ 432.336016][ T1885] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 432.571042][ T1885] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 432.581654][ T1885] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 432.596860][ T1885] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 432.606723][ T1885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.718804][ T7248] netlink: 'syz.4.499': attribute type 4 has an invalid length. [ 432.894339][ T1885] usb 3-1: usb_control_msg returned -32 [ 432.900515][ T1885] usbtmc 3-1:16.0: can't read capabilities [ 433.225541][ T7255] 9pnet_fd: Insufficient options for proto=fd [ 433.562927][ T7258] netlink: 'syz.4.503': attribute type 10 has an invalid length. [ 434.955651][ T7272] overlayfs: missing 'workdir' [ 435.335392][ T1885] usb 3-1: USB disconnect, device number 4 [ 435.964685][ T7284] netlink: 'syz.2.513': attribute type 4 has an invalid length. [ 436.674978][ T7291] netlink: 'syz.1.516': attribute type 10 has an invalid length. [ 436.741807][ T7291] bond0: (slave dummy0): Releasing backup interface [ 436.932213][ T7291] team0: Failed to send options change via netlink (err -105) [ 436.940575][ T7291] team0: Port device dummy0 added [ 438.009011][ T7304] loop0: detected capacity change from 0 to 1024 [ 438.086607][ T7304] EXT4-fs: Ignoring removed nobh option [ 438.092944][ T7304] EXT4-fs: Ignoring removed oldalloc option [ 438.099609][ T7304] EXT4-fs: Ignoring removed bh option [ 438.252781][ T7304] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 438.703845][ T1885] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 438.935145][ T1885] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 438.946268][ T1885] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 439.086452][ T1885] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 439.096928][ T1885] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 439.105417][ T1885] usb 1-1: SerialNumber: syz [ 439.424638][ T1885] usb 1-1: 0:2 : does not exist [ 439.578890][ T1885] usb 1-1: USB disconnect, device number 4 [ 439.866261][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 439.875951][ T7330] netlink: 'syz.1.530': attribute type 4 has an invalid length. [ 440.248020][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 440.902942][ T7337] netlink: 'syz.1.534': attribute type 10 has an invalid length. [ 442.942719][ T7362] netlink: 'syz.3.544': attribute type 4 has an invalid length. [ 443.310739][ T7361] loop4: detected capacity change from 0 to 1024 [ 443.362699][ T7361] EXT4-fs: Ignoring removed nobh option [ 443.369349][ T7361] EXT4-fs: Ignoring removed oldalloc option [ 443.381891][ T7361] EXT4-fs: Ignoring removed bh option [ 443.635113][ T7361] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 444.004816][ T5854] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 444.043355][ T7368] loop2: detected capacity change from 0 to 512 [ 444.132593][ T7368] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 444.134021][ T7373] netlink: 'syz.0.548': attribute type 10 has an invalid length. [ 444.215714][ T5854] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 444.217031][ T7368] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 444.226457][ T5854] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 444.251416][ T7373] bond0: (slave dummy0): Releasing backup interface [ 444.281103][ T5854] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 444.291756][ T5854] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 444.305156][ T5854] usb 5-1: SerialNumber: syz [ 444.334933][ T7368] System zones: 0-2, 18-18, 34-34 [ 444.375602][ T7373] team0: Failed to send options change via netlink (err -105) [ 444.383915][ T7373] team0: Port device dummy0 added [ 444.439128][ T7368] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 444.453037][ T7368] ext4 filesystem being mounted at /111/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 444.592953][ T5854] usb 5-1: 0:2 : does not exist [ 444.767730][ T5854] usb 5-1: USB disconnect, device number 6 [ 445.068675][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 445.539425][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 445.550543][ T7384] capability: warning: `syz.0.551' uses deprecated v2 capabilities in a way that may be insecure [ 445.601475][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 445.620136][ T7385] overlayfs: missing 'lowerdir' [ 446.231675][ T7382] syz.1.550 (7382) used greatest stack depth: 2376 bytes left [ 446.604905][ T5854] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 446.791994][ T7395] netlink: 'syz.1.556': attribute type 4 has an invalid length. [ 446.823986][ T5854] usb 3-1: Using ep0 maxpacket: 32 [ 446.885283][ T5854] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 446.896166][ T5854] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 447.020926][ T5854] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 447.030824][ T5854] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 447.039980][ T5854] usb 3-1: Product: syz [ 447.044749][ T5854] usb 3-1: Manufacturer: syz [ 447.049665][ T5854] usb 3-1: SerialNumber: syz [ 447.395801][ T5854] usb 3-1: USB disconnect, device number 5 [ 448.910466][ T7412] loop1: detected capacity change from 0 to 1024 [ 448.952101][ T7412] EXT4-fs: Ignoring removed nobh option [ 448.959296][ T7412] EXT4-fs: Ignoring removed oldalloc option [ 448.966097][ T7412] EXT4-fs: Ignoring removed bh option [ 448.971054][ T7417] overlayfs: missing 'lowerdir' [ 449.156406][ T7412] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 449.494452][ T5854] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 449.718571][ T5854] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 449.733963][ T5854] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 449.894516][ T5854] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 449.904143][ T5854] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 449.912472][ T5854] usb 2-1: SerialNumber: syz [ 450.177700][ T5854] usb 2-1: 0:2 : does not exist [ 450.321856][ T5854] usb 2-1: USB disconnect, device number 4 [ 450.671236][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 450.924773][ T7432] netlink: 'syz.0.570': attribute type 4 has an invalid length. [ 451.063412][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 452.545083][ T7442] loop0: detected capacity change from 0 to 2048 [ 452.609832][ T7442] EXT4-fs (loop0): invalid inodes per group: 1 [ 452.609832][ T7442] [ 452.763472][ T7451] overlayfs: missing 'lowerdir' [ 454.413864][ T7466] loop3: detected capacity change from 0 to 1024 [ 454.432376][ T7466] EXT4-fs: Ignoring removed nobh option [ 454.444213][ T7466] EXT4-fs: Ignoring removed oldalloc option [ 454.450560][ T7466] EXT4-fs: Ignoring removed bh option [ 454.678463][ T7466] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 455.156896][ T5854] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 455.424091][ T5854] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 455.435279][ T5854] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 455.516307][ T5854] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 455.528355][ T5854] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 455.536982][ T5854] usb 4-1: SerialNumber: syz [ 455.864340][ T5854] usb 4-1: 0:2 : does not exist [ 456.119965][ T5854] usb 4-1: USB disconnect, device number 4 [ 456.163886][ T49] Bluetooth: hci4: command 0x0406 tx timeout [ 456.598770][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 456.762053][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 458.732365][ T49] Bluetooth: to_multiplier 0 < 10 [ 459.743559][ T7524] loop3: detected capacity change from 0 to 1024 [ 459.805897][ T7524] EXT4-fs: Ignoring removed nobh option [ 459.812506][ T7524] EXT4-fs: Ignoring removed oldalloc option [ 459.819420][ T7524] EXT4-fs: Ignoring removed bh option [ 460.030469][ T7524] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 460.453837][ T5854] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 460.557650][ T7539] fuse: Bad value for 'rootmode' [ 460.687096][ T5854] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 460.697778][ T5854] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 460.767053][ T5854] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 460.778333][ T5854] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 460.791427][ T5854] usb 4-1: SerialNumber: syz [ 460.804001][ T49] Bluetooth: hci2: command 0x0406 tx timeout [ 461.202606][ T5854] usb 4-1: 0:2 : does not exist [ 461.210360][ T5854] usb 4-1: unit 5 not found! [ 461.440944][ T49] Bluetooth: to_multiplier 0 < 10 [ 461.454740][ T5854] usb 4-1: USB disconnect, device number 5 [ 462.074741][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 462.241239][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 462.451931][ T7555] loop4: detected capacity change from 0 to 2048 [ 462.573646][ T7555] EXT4-fs (loop4): invalid inodes per group: 1 [ 462.573646][ T7555] [ 463.523841][ T49] Bluetooth: hci1: command 0x0406 tx timeout [ 463.888313][ T7572] netlink: 'syz.4.621': attribute type 10 has an invalid length. [ 463.926425][ T7572] bond0: (slave dummy0): Releasing backup interface [ 464.086221][ T7572] team0: Failed to send options change via netlink (err -105) [ 464.094369][ T7572] team0: Port device dummy0 added [ 465.364729][ T7584] loop1: detected capacity change from 0 to 1024 [ 465.407572][ T7584] EXT4-fs: Ignoring removed nobh option [ 465.414511][ T7584] EXT4-fs: Ignoring removed oldalloc option [ 465.421004][ T7584] EXT4-fs: Ignoring removed bh option [ 465.570875][ T7584] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 465.929917][ T5854] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 466.169621][ T5854] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 466.180413][ T5854] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 466.307515][ T5854] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 466.321668][ T5854] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 466.331502][ T5854] usb 2-1: SerialNumber: syz [ 466.708059][ T5854] usb 2-1: 0:2 : does not exist [ 466.713557][ T5854] usb 2-1: unit 5 not found! [ 466.904437][ T5854] usb 2-1: USB disconnect, device number 5 [ 467.218839][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 467.729196][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 467.885660][ T7613] 9pnet_fd: Insufficient options for proto=fd [ 467.982083][ T7615] netlink: 'syz.3.638': attribute type 10 has an invalid length. [ 468.026621][ T7615] bond0: (slave dummy0): Releasing backup interface [ 468.226189][ T7615] team0: Failed to send options change via netlink (err -105) [ 468.234412][ T7615] team0: Port device dummy0 added [ 468.256310][ T49] Bluetooth: hci4: command 0x0406 tx timeout [ 470.429388][ T7637] loop2: detected capacity change from 0 to 2048 [ 470.704131][ T7637] EXT4-fs (loop2): invalid inodes per group: 1 [ 470.704131][ T7637] [ 471.113013][ T7650] loop4: detected capacity change from 0 to 1024 [ 471.206812][ T7650] EXT4-fs: Ignoring removed nobh option [ 471.213698][ T7650] EXT4-fs: Ignoring removed oldalloc option [ 471.220028][ T7650] EXT4-fs: Ignoring removed bh option [ 471.418862][ T7650] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 471.823486][ T1885] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 471.942650][ T7658] loop2: detected capacity change from 0 to 1024 [ 471.958427][ T7660] netlink: 'syz.0.653': attribute type 10 has an invalid length. [ 472.112489][ T1885] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 472.114733][ T7663] netlink: 8 bytes leftover after parsing attributes in process `syz.3.655'. [ 472.123293][ T1885] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 472.235606][ T1885] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 472.245410][ T1885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 472.257815][ T1885] usb 5-1: SerialNumber: syz [ 472.516887][ T1885] usb 5-1: 0:2 : does not exist [ 472.522163][ T1885] usb 5-1: unit 5 not found! [ 472.806977][ T1885] usb 5-1: USB disconnect, device number 7 [ 473.442072][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 473.671070][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 473.792678][ T7677] loop2: detected capacity change from 0 to 512 [ 473.860737][ T7677] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 473.886884][ T7667] loop0: detected capacity change from 0 to 2048 [ 473.967487][ T7677] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 474.004132][ T7677] System zones: 0-2, 18-18, 34-34 [ 474.042454][ T7667] EXT4-fs (loop0): invalid inodes per group: 1 [ 474.042454][ T7667] [ 474.134184][ T7677] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 474.147645][ T7677] ext4 filesystem being mounted at /132/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 475.307942][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 475.491533][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 475.499334][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 476.128674][ T49] Bluetooth: min 0 < 6 [ 476.357099][ T7705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.668'. [ 478.164012][ T49] Bluetooth: hci3: command 0x0406 tx timeout [ 479.252796][ T49] Bluetooth: min 0 < 6 [ 479.639802][ T49] Bluetooth: min 12 > max 0 [ 480.016555][ T7745] loop2: detected capacity change from 0 to 1024 [ 480.039999][ T7745] EXT4-fs: Ignoring removed nobh option [ 480.047755][ T7745] EXT4-fs: Ignoring removed oldalloc option [ 480.054343][ T7745] EXT4-fs: Ignoring removed bh option [ 480.192682][ T7745] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 481.196067][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 481.330724][ T49] Bluetooth: hci2: command 0x0406 tx timeout [ 481.683759][ T49] Bluetooth: hci1: command 0x0406 tx timeout [ 481.792551][ T49] Bluetooth: to_multiplier 0 < 10 [ 482.070747][ T7773] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 482.081373][ T7773] batadv_slave_0: entered promiscuous mode [ 482.738523][ T7782] netlink: 'syz.2.696': attribute type 10 has an invalid length. [ 483.037403][ T7784] netlink: 4 bytes leftover after parsing attributes in process `syz.4.697'. [ 483.853405][ T49] Bluetooth: hci0: command 0x0406 tx timeout [ 484.449616][ T7794] loop1: detected capacity change from 0 to 1024 [ 484.488204][ T7794] EXT4-fs: Ignoring removed nobh option [ 484.495195][ T7794] EXT4-fs: Ignoring removed oldalloc option [ 484.501664][ T7794] EXT4-fs: Ignoring removed bh option [ 484.678147][ T7794] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 485.752710][ T7812] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 485.761695][ T7812] batadv_slave_0: entered promiscuous mode [ 485.882852][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 485.984907][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 486.754458][ T7823] netlink: 'syz.1.710': attribute type 10 has an invalid length. [ 487.239706][ T7828] netlink: 4 bytes leftover after parsing attributes in process `syz.0.713'. [ 488.375043][ T7837] loop4: detected capacity change from 0 to 1024 [ 488.981967][ T7844] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 488.990369][ T7844] batadv_slave_0: entered promiscuous mode [ 489.097814][ T7843] loop3: detected capacity change from 0 to 1024 [ 489.185642][ T7843] EXT4-fs: Ignoring removed nobh option [ 489.192056][ T7843] EXT4-fs: Ignoring removed oldalloc option [ 489.198967][ T7843] EXT4-fs: Ignoring removed bh option [ 489.358517][ T7843] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 489.869685][ T1885] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 490.076170][ T7857] netlink: 24 bytes leftover after parsing attributes in process `syz.4.723'. [ 490.093908][ T1885] usb 4-1: device descriptor read/64, error -71 [ 490.246930][ T7857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.723'. [ 490.394151][ T1885] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 490.573632][ T1885] usb 4-1: device descriptor read/64, error -71 [ 490.689955][ T1885] usb usb4-port1: attempt power cycle [ 490.695833][ T7863] loop2: detected capacity change from 0 to 16 [ 490.821832][ T7863] erofs (device loop2): mounted with root inode @ nid 36. [ 491.133755][ T1885] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 491.189892][ T1885] usb 4-1: device descriptor read/8, error -71 [ 491.493292][ T1885] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 491.584013][ T1885] usb 4-1: device descriptor read/8, error -71 [ 491.704941][ T1885] usb usb4-port1: unable to enumerate USB device [ 492.415889][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 492.682979][ T7875] loop2: detected capacity change from 0 to 2048 [ 493.002621][ T7875] EXT4-fs (loop2): invalid inodes per group: 1 [ 493.002621][ T7875] [ 493.844818][ T7883] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 493.852918][ T7883] batadv_slave_0: entered promiscuous mode [ 493.992863][ T7886] netlink: 'syz.4.736': attribute type 10 has an invalid length. [ 494.066969][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 494.227057][ T7889] loop0: detected capacity change from 0 to 1024 [ 494.989912][ T7895] loop3: detected capacity change from 0 to 2048 [ 495.145815][ T7895] EXT4-fs (loop3): invalid inodes per group: 1 [ 495.145815][ T7895] [ 495.547878][ T7898] loop1: detected capacity change from 0 to 4096 [ 495.896754][ T7898] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 496.682033][ T7909] loop4: detected capacity change from 0 to 1024 [ 496.804240][ T7909] EXT4-fs: Ignoring removed nobh option [ 496.810578][ T7909] EXT4-fs: Ignoring removed oldalloc option [ 496.817532][ T7909] EXT4-fs: Ignoring removed bh option [ 497.682855][ T7909] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 498.013828][ T49] Bluetooth: hci4: command 0x0406 tx timeout [ 498.147995][ T5854] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 498.225858][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 498.373777][ T5854] usb 5-1: device descriptor read/64, error -71 [ 498.644034][ T5854] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 498.834979][ T5854] usb 5-1: device descriptor read/64, error -71 [ 498.962016][ T5854] usb usb5-port1: attempt power cycle [ 498.970169][ T7930] netlink: 44 bytes leftover after parsing attributes in process `syz.1.747'. [ 499.051536][ T7932] netlink: 'syz.2.750': attribute type 10 has an invalid length. [ 499.122411][ T7928] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 499.131007][ T7928] batadv_slave_0: entered promiscuous mode [ 499.342627][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 500.144187][ T7940] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 500.430898][ T7937] loop1: detected capacity change from 0 to 2048 [ 500.464393][ T7937] EXT4-fs (loop1): invalid inodes per group: 1 [ 500.464393][ T7937] [ 501.522051][ T7950] loop4: detected capacity change from 0 to 2048 [ 501.600148][ T7950] EXT4-fs (loop4): invalid inodes per group: 1 [ 501.600148][ T7950] [ 501.786772][ T7949] loop3: detected capacity change from 0 to 4096 [ 501.941129][ T7949] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 502.512711][ T7954] loop2: detected capacity change from 0 to 4096 [ 502.806011][ T7954] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 504.328169][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 504.412840][ T7963] netlink: 12 bytes leftover after parsing attributes in process `syz.1.761'. [ 504.964897][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 505.103680][ T7970] loop0: detected capacity change from 0 to 1024 [ 505.135171][ T7970] EXT4-fs: Ignoring removed nobh option [ 505.141389][ T7970] EXT4-fs: Ignoring removed oldalloc option [ 505.147983][ T7970] EXT4-fs: Ignoring removed bh option [ 505.386845][ T7970] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 505.592937][ T7969] loop4: detected capacity change from 0 to 2048 [ 505.710561][ T7969] EXT4-fs (loop4): invalid inodes per group: 1 [ 505.710561][ T7969] [ 505.823613][ T5857] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 505.971059][ T7977] netlink: 'syz.3.763': attribute type 10 has an invalid length. [ 506.017994][ T5857] usb 1-1: device descriptor read/64, error -71 [ 506.169622][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 506.314055][ T5857] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 506.543519][ T5857] usb 1-1: device descriptor read/64, error -71 [ 506.714329][ T5857] usb usb1-port1: attempt power cycle [ 507.134991][ T5857] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 507.224560][ T5857] usb 1-1: device descriptor read/8, error -71 [ 507.513658][ T5857] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 507.615022][ T5857] usb 1-1: device descriptor read/8, error -71 [ 507.740020][ T5857] usb usb1-port1: unable to enumerate USB device [ 507.926615][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 507.931008][ T7989] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 508.345654][ T7995] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 508.948189][ T7997] loop1: detected capacity change from 0 to 2048 [ 508.979221][ T7996] loop4: detected capacity change from 0 to 2048 [ 509.048824][ T7997] EXT4-fs (loop1): invalid inodes per group: 1 [ 509.048824][ T7997] [ 509.062323][ T7996] EXT4-fs (loop4): invalid inodes per group: 1 [ 509.062323][ T7996] [ 509.631931][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 511.764723][ T8028] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 512.230186][ T8026] loop3: detected capacity change from 0 to 4096 [ 512.418011][ T8026] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 512.490448][ T8035] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 513.625086][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 513.727338][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 513.829753][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 514.034798][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 514.137223][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 514.444106][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 515.378040][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 515.972834][ T8041] loop4: detected capacity change from 0 to 2048 [ 516.329767][ T8041] EXT4-fs (loop4): invalid inodes per group: 1 [ 516.329767][ T8041] [ 517.471649][ T8066] 9pnet_fd: Insufficient options for proto=fd [ 518.386295][ T8076] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 520.434591][ T8097] 9pnet_fd: Insufficient options for proto=fd [ 524.639026][ T8122] 9pnet_fd: Insufficient options for proto=fd [ 525.288392][ T8127] netlink: 24 bytes leftover after parsing attributes in process `syz.2.824'. [ 525.341206][ T8130] 9pnet_fd: Insufficient options for proto=fd [ 525.390118][ T8131] netlink: 4 bytes leftover after parsing attributes in process `syz.2.824'. [ 527.246981][ T8148] loop3: detected capacity change from 0 to 1024 [ 527.314381][ T8148] EXT4-fs: Ignoring removed nobh option [ 527.320864][ T8148] EXT4-fs: Ignoring removed oldalloc option [ 527.327535][ T8148] EXT4-fs: Ignoring removed bh option [ 527.566676][ T8148] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 527.631861][ T8146] loop4: detected capacity change from 0 to 4096 [ 527.848046][ T8146] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 527.977450][ T1885] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 530.556784][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 530.668178][ T8164] 9pnet_fd: Insufficient options for proto=fd [ 531.151067][ T1885] usb 4-1: device descriptor read/all, error -71 [ 531.281178][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 532.534958][ T8175] netlink: 4 bytes leftover after parsing attributes in process `syz.1.843'. [ 536.263868][ T8209] loop0: detected capacity change from 0 to 128 [ 536.302770][ T8209] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 536.325370][ T8209] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 536.917326][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 536.924303][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 537.226690][ T8214] loop0: detected capacity change from 0 to 256 [ 538.884372][ T8229] loop2: detected capacity change from 0 to 256 [ 539.348842][ T8233] loop1: detected capacity change from 0 to 128 [ 539.567188][ T8233] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 539.684692][ T8233] ext4 filesystem being mounted at /168/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 540.259508][ T8242] loop4: detected capacity change from 0 to 2048 [ 540.330265][ T8242] EXT4-fs (loop4): invalid inodes per group: 1 [ 540.330265][ T8242] [ 540.533683][ T5805] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 540.586155][ T8247] netlink: 4 bytes leftover after parsing attributes in process `syz.0.870'. [ 540.687109][ T8249] netlink: 24 bytes leftover after parsing attributes in process `syz.0.870'. [ 542.532415][ T8260] loop3: detected capacity change from 0 to 64 [ 542.936563][ T8265] loop0: detected capacity change from 0 to 128 [ 542.949575][ T8265] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 542.975983][ T8265] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 543.076103][ T8260] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 544.311746][ T8275] loop3: detected capacity change from 0 to 128 [ 544.476494][ T8275] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 544.555215][ T8275] ext4 filesystem being mounted at /179/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 545.786593][ T8289] loop0: detected capacity change from 0 to 128 [ 545.814333][ T8289] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 545.864672][ T5803] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 545.891826][ T8289] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 548.435976][ T8315] netlink: 24 bytes leftover after parsing attributes in process `syz.0.895'. [ 549.323684][ T8327] loop1: detected capacity change from 0 to 128 [ 550.099419][ T8327] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 550.204163][ T8327] ext4 filesystem being mounted at /175/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 550.619650][ T8336] loop2: detected capacity change from 0 to 128 [ 550.662349][ T8336] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 550.857695][ T8336] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 551.016369][ T8337] loop3: detected capacity change from 0 to 128 [ 551.145580][ T8337] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 551.300767][ T8337] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 551.358281][ T5805] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 551.932009][ T8346] netlink: 4 bytes leftover after parsing attributes in process `syz.1.906'. [ 552.004769][ T8346] netlink: 24 bytes leftover after parsing attributes in process `syz.1.906'. [ 554.999327][ T5854] libceph: connect (1)[c::]:6789 error -101 [ 555.005990][ T5854] libceph: mon0 (1)[c::]:6789 connect error [ 555.045455][ T8370] ceph: No mds server is up or the cluster is laggy [ 555.625833][ T5854] libceph: connect (1)[c::]:6789 error -101 [ 555.632308][ T5854] libceph: mon0 (1)[c::]:6789 connect error [ 556.182540][ T8377] loop3: detected capacity change from 0 to 128 [ 556.536617][ T8377] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 556.674862][ T8377] ext4 filesystem being mounted at /184/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 557.626843][ T8383] netlink: 24 bytes leftover after parsing attributes in process `syz.4.918'. [ 557.676433][ T5803] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 557.975507][ T8386] loop2: detected capacity change from 0 to 128 [ 558.037980][ T8386] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 558.075441][ T8386] ext4 filesystem being mounted at /190/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 558.186765][ T8389] loop4: detected capacity change from 0 to 256 [ 558.754555][ T5795] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 561.590615][ T5854] libceph: connect (1)[c::]:6789 error -101 [ 561.597606][ T5854] libceph: mon0 (1)[c::]:6789 connect error [ 561.630983][ T8418] ceph: No mds server is up or the cluster is laggy [ 563.450134][ T8426] loop1: detected capacity change from 0 to 64 [ 563.611135][ T8426] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 563.861556][ T8431] loop0: detected capacity change from 0 to 64 [ 564.018642][ T8431] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing [ 564.975506][ T8437] fuse: Bad value for 'fd' [ 565.917418][ T8449] random: crng reseeded on system resumption [ 565.940372][ T8445] netlink: 4 bytes leftover after parsing attributes in process `syz.2.944'. [ 565.966991][ T8448] loop1: detected capacity change from 0 to 128 [ 566.029881][ T8450] netlink: 24 bytes leftover after parsing attributes in process `syz.2.944'. [ 566.175766][ T8448] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 566.260825][ T8448] ext4 filesystem being mounted at /185/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 567.099906][ T5805] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 568.441708][ T8462] loop0: detected capacity change from 0 to 64 [ 568.683768][ T8462] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing [ 570.373516][ T8466] ceph: No mds server is up or the cluster is laggy [ 570.382157][ T5854] libceph: connect (1)[c::]:6789 error -101 [ 570.388861][ T5854] libceph: mon0 (1)[c::]:6789 connect error [ 571.447176][ T8476] fuse: Bad value for 'fd' [ 573.160064][ T8489] loop1: detected capacity change from 0 to 256 [ 574.408982][ T8500] loop4: detected capacity change from 0 to 64 [ 574.505233][ T8500] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 575.997105][ T8510] ceph: No mds server is up or the cluster is laggy [ 576.009578][ T1885] libceph: connect (1)[c::]:6789 error -101 [ 576.016222][ T1885] libceph: mon0 (1)[c::]:6789 connect error [ 579.193781][ T8528] netlink: 28 bytes leftover after parsing attributes in process `syz.1.976'. [ 579.553745][ T8534] loop4: detected capacity change from 0 to 16 [ 579.594232][ T8534] erofs (device loop4): mounted with root inode @ nid 36. [ 579.663521][ T8534] erofs (device loop4): readahead error at folio 2 @ nid 89 [ 579.685800][ T5802] erofs (device loop4): failed to decompress 6887 in[4096, 0] out[8192] [ 579.714474][ T8534] erofs (device loop4): failed to decompress 6887 in[4096, 0] out[8192] [ 579.723408][ T8534] erofs (device loop4): read error -117 @ 0 of nid 89 [ 579.735549][ T30] audit: type=1800 audit(1750880205.769:2): pid=8534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.978" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 579.957942][ T8538] netlink: 76 bytes leftover after parsing attributes in process `syz.3.979'. [ 580.332616][ T8545] netlink: 28 bytes leftover after parsing attributes in process `syz.1.981'. [ 583.653300][ T8569] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 584.205401][ T8578] netlink: 28 bytes leftover after parsing attributes in process `syz.2.993'. [ 584.887499][ T8581] loop1: detected capacity change from 0 to 128 [ 585.052958][ T8581] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 585.126244][ T8581] ext4 filesystem being mounted at /195/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 585.801161][ T5805] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 587.054708][ T8592] loop2: detected capacity change from 0 to 7 [ 587.097601][ T8592] Dev loop2: unable to read RDB block 7 [ 587.103823][ T8592] loop2: AHDI p1 p2 p3 [ 587.108299][ T8592] loop2: partition table partially beyond EOD, truncated [ 587.117277][ T8592] loop2: p1 start 1601398130 is beyond EOD, truncated [ 587.124590][ T8592] loop2: p2 start 1702059890 is beyond EOD, truncated [ 593.019270][ T8628] loop2: detected capacity change from 0 to 7 [ 593.107856][ T8628] Dev loop2: unable to read RDB block 7 [ 593.114221][ T8628] loop2: AHDI p1 p2 p3 [ 593.118702][ T8628] loop2: partition table partially beyond EOD, truncated [ 593.127942][ T8628] loop2: p1 start 1601398130 is beyond EOD, truncated [ 593.135322][ T8628] loop2: p2 start 1702059890 is beyond EOD, truncated [ 593.481313][ T8632] loop2: detected capacity change from 0 to 7 [ 593.601006][ T8632] Dev loop2: unable to read RDB block 7 [ 593.607754][ T8632] loop2: unable to read partition table [ 593.690893][ T8632] loop2: partition table beyond EOD, truncated [ 593.703763][ T8632] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 594.259713][ T8640] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 594.831377][ T8648] netlink: 'syz.2.1023': attribute type 4 has an invalid length. [ 596.403487][ T8665] netlink: 'syz.0.1029': attribute type 4 has an invalid length. [ 597.975216][ T8682] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1036'. [ 598.354761][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 598.361981][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 599.083581][ T8698] loop2: detected capacity change from 0 to 7 [ 599.105148][ T8698] Dev loop2: unable to read RDB block 7 [ 599.111142][ T8698] loop2: unable to read partition table [ 599.164588][ T8698] loop2: partition table beyond EOD, truncated [ 599.171353][ T8698] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 602.236358][ T8730] loop3: detected capacity change from 0 to 1024 [ 602.340734][ T8732] loop2: detected capacity change from 0 to 7 [ 602.364063][ T8730] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 602.454773][ T8732] Dev loop2: unable to read RDB block 7 [ 602.460953][ T8732] loop2: unable to read partition table [ 602.526482][ T8730] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 602.530822][ T8732] loop2: partition table beyond EOD, truncated [ 602.547291][ T8732] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 603.000344][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 604.480938][ T8758] loop2: detected capacity change from 0 to 64 [ 604.572391][ T8758] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing [ 607.239255][ T8789] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1083'. [ 608.458506][ T8799] loop4: detected capacity change from 0 to 2048 [ 608.745573][ T8799] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 608.943723][ T30] audit: type=1800 audit(1750880234.949:3): pid=8799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1088" name="file1" dev="loop4" ino=1415 res=0 errno=0 [ 609.422536][ T8805] loop1: detected capacity change from 0 to 4096 [ 609.496726][ T8805] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512). [ 611.511324][ T8833] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1099'. [ 612.408728][ T8841] loop3: detected capacity change from 0 to 2048 [ 612.563663][ T8841] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 612.814164][ T30] audit: type=1800 audit(1750880238.839:4): pid=8841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1105" name="file1" dev="loop3" ino=1415 res=0 errno=0 [ 613.673454][ T8857] loop2: detected capacity change from 0 to 128 [ 613.853617][ T8857] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 614.044623][ T8857] ext4 filesystem being mounted at /229/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 614.091698][ T8862] loop3: detected capacity change from 0 to 64 [ 614.220121][ T8862] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 614.684865][ T5795] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 614.889886][ T8870] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1116'. [ 615.521375][ T8872] loop3: detected capacity change from 0 to 1024 [ 615.587553][ T8872] EXT4-fs: Ignoring removed nobh option [ 615.593988][ T8872] EXT4-fs: Ignoring removed oldalloc option [ 615.600449][ T8872] EXT4-fs: Ignoring removed bh option [ 615.776117][ T8872] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 616.094168][ T1885] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 616.333359][ T1885] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 616.344201][ T1885] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 616.353707][ T1885] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 616.364933][ T1885] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 616.568655][ T1885] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 616.579858][ T1885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 616.588596][ T1885] usb 4-1: SerialNumber: syz [ 616.899740][ T1885] usb 4-1: 0:2 : does not exist [ 616.907426][ T1885] usb 4-1: unit 5 not found! [ 617.081261][ T1885] usb 4-1: USB disconnect, device number 12 [ 617.807579][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 617.811985][ T8908] loop4: detected capacity change from 0 to 128 [ 618.036330][ T8908] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 618.074400][ T8908] ext4 filesystem being mounted at /220/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 618.118689][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 619.047556][ T5808] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 619.124980][ T8917] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1131'. [ 621.785464][ T8941] loop3: detected capacity change from 0 to 1024 [ 621.816310][ T8941] EXT4-fs: Ignoring removed nobh option [ 621.822557][ T8941] EXT4-fs: Ignoring removed oldalloc option [ 621.829354][ T8941] EXT4-fs: Ignoring removed bh option [ 621.968422][ T8941] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 622.334316][ T1885] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 622.393846][ T8954] loop0: detected capacity change from 0 to 128 [ 622.552126][ T8954] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 622.587862][ T8954] ext4 filesystem being mounted at /233/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 622.621675][ T1885] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 622.632396][ T1885] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 622.642043][ T1885] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 622.653386][ T1885] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 622.728500][ T1885] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 622.738191][ T1885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 622.746865][ T1885] usb 4-1: SerialNumber: syz [ 623.016824][ T1885] usb 4-1: 0:2 : does not exist [ 623.022089][ T1885] usb 4-1: unit 5 not found! [ 623.312175][ T1885] usb 4-1: USB disconnect, device number 13 [ 623.378438][ T5799] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 623.862520][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 624.062179][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 626.222035][ T8986] tipc: Started in network mode [ 626.227587][ T8986] tipc: Node identity 4, cluster identity 4711 [ 626.234455][ T8986] tipc: Node number set to 4 [ 626.263871][ T8990] loop0: detected capacity change from 0 to 128 [ 626.466676][ T8990] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 626.540199][ T8990] ext4 filesystem being mounted at /236/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 626.829466][ T8998] loop2: detected capacity change from 0 to 1024 [ 626.925496][ T8998] EXT4-fs: Ignoring removed nobh option [ 626.931864][ T8998] EXT4-fs: Ignoring removed oldalloc option [ 626.938550][ T8998] EXT4-fs: Ignoring removed bh option [ 627.138616][ T8998] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 627.210816][ T5799] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 627.735090][ T5857] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 627.968189][ T5857] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 627.978888][ T5857] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 628.145336][ T5857] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 628.155703][ T5857] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 628.164261][ T5857] usb 3-1: SerialNumber: syz [ 628.557788][ T5857] usb 3-1: 0:2 : does not exist [ 628.563911][ T5857] usb 3-1: unit 5 not found! [ 629.064182][ T5857] usb 3-1: USB disconnect, device number 6 [ 629.359385][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 629.528499][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 630.963884][ T9027] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1171'. [ 631.032471][ T9029] loop4: detected capacity change from 0 to 128 [ 631.043457][ T9027] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1171'. [ 631.254900][ T9029] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 631.378519][ T9029] ext4 filesystem being mounted at /231/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 631.893773][ T5808] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 633.450087][ T9046] loop4: detected capacity change from 0 to 1024 [ 633.482601][ T9046] EXT4-fs: Ignoring removed nobh option [ 633.489899][ T9046] EXT4-fs: Ignoring removed oldalloc option [ 633.496821][ T9046] EXT4-fs: Ignoring removed bh option [ 633.643462][ T9046] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 634.053930][ T5857] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 634.288220][ T5857] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 634.298887][ T5857] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 634.406828][ T5857] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 634.416543][ T5857] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 634.425400][ T5857] usb 5-1: SerialNumber: syz [ 634.745928][ T5857] usb 5-1: 0:2 : does not exist [ 634.751160][ T5857] usb 5-1: unit 5 not found! [ 634.977094][ T5857] usb 5-1: USB disconnect, device number 11 [ 635.180440][ T6672] udevd[6672]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 635.724413][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 635.792606][ T9064] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1184'. [ 638.313800][ T9089] loop2: detected capacity change from 0 to 64 [ 638.396115][ T9089] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing [ 640.644659][ T9113] tipc: Started in network mode [ 640.649838][ T9113] tipc: Node identity 4, cluster identity 4711 [ 640.656701][ T9113] tipc: Node number set to 4 [ 641.531420][ C1] Illegal XDP return value 16128 on prog (id 95) dev bond_slave_1, expect packet loss! [ 644.085227][ T9151] tipc: Started in network mode [ 644.090398][ T9151] tipc: Node identity 4, cluster identity 4711 [ 644.097362][ T9151] tipc: Node number set to 4 [ 647.111432][ T9179] loop4: detected capacity change from 0 to 512 [ 647.220361][ T9179] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 647.234230][ T9179] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 647.489180][ T9179] EXT4-fs (loop4): 1 truncate cleaned up [ 647.497799][ T9179] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 647.694641][ T9187] tipc: Started in network mode [ 647.699931][ T9187] tipc: Node identity 4, cluster identity 4711 [ 647.706842][ T9187] tipc: Node number set to 4 [ 648.977427][ T9200] loop2: detected capacity change from 0 to 1024 [ 649.007738][ T9200] hfsplus: creator requires a 4 character value [ 656.944301][ T9246] loop0: detected capacity change from 0 to 512 [ 657.143709][ T9246] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 657.438983][ T9246] EXT4-fs (loop0): 1 truncate cleaned up [ 657.447994][ T9246] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 657.984742][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 659.589781][ T9266] loop2: detected capacity change from 0 to 1024 [ 659.667186][ T9266] hfsplus: creator requires a 4 character value [ 659.811734][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 659.818836][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 666.899854][ T9311] loop2: detected capacity change from 0 to 1024 [ 666.937459][ T9311] hfsplus: creator requires a 4 character value [ 667.124739][ T9315] binder: 9314:9315 ioctl c0306201 0 returned -14 [ 670.132476][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 671.398184][ T9329] fuse: Unknown parameter 'grou00000000000000000000' [ 672.570231][ T5802] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 672.621632][ T5802] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 672.646463][ T5802] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 672.670687][ T5802] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 672.685611][ T5802] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 673.976046][ T9356] 9pnet_fd: Insufficient options for proto=fd [ 674.804022][ T5802] Bluetooth: hci5: command tx timeout [ 674.946406][ T9342] chnl_net:caif_netlink_parms(): no params data found [ 676.448068][ T4455] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.678902][ T4455] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.879428][ T4455] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.883965][ T5802] Bluetooth: hci5: command tx timeout [ 677.179185][ T4455] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.702690][ T9342] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.710592][ T9342] bridge0: port 1(bridge_slave_0) entered disabled state [ 677.718654][ T9342] bridge_slave_0: entered allmulticast mode [ 677.728862][ T9342] bridge_slave_0: entered promiscuous mode [ 677.984332][ T9342] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.992037][ T9342] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.000232][ T9342] bridge_slave_1: entered allmulticast mode [ 678.010883][ T9342] bridge_slave_1: entered promiscuous mode [ 678.278541][ T9402] loop3: detected capacity change from 0 to 1024 [ 678.374668][ T9402] hfsplus: creator requires a 4 character value [ 678.445205][ T4455] bridge_slave_1: left allmulticast mode [ 678.451257][ T4455] bridge_slave_1: left promiscuous mode [ 678.459541][ T4455] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.559141][ T4455] bridge_slave_0: left allmulticast mode [ 678.565369][ T4455] bridge_slave_0: left promiscuous mode [ 678.572253][ T4455] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.870321][ T9409] loop2: detected capacity change from 0 to 1024 [ 678.922292][ T9409] hfsplus: creator requires a 4 character value [ 678.993641][ T5802] Bluetooth: hci5: command tx timeout [ 680.701443][ T9420] loop2: detected capacity change from 0 to 256 [ 680.757117][ T9420] exfat: Deprecated parameter 'utf8' [ 680.815908][ T4455] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 680.904040][ T9420] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011e3e, chksum : 0x38c882e6, utbl_chksum : 0xe619d30d) [ 680.913906][ T4455] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 680.998975][ T4455] bond0 (unregistering): Released all slaves [ 681.064363][ T5802] Bluetooth: hci5: command tx timeout [ 681.248880][ T9342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 681.445274][ T9342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 681.465555][ T4455] tipc: Left network mode [ 682.516848][ T9342] team0: Port device team_slave_0 added [ 682.695901][ T4455] hsr_slave_0: left promiscuous mode [ 682.763893][ T4455] hsr_slave_1: left promiscuous mode [ 682.772583][ T4455] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 682.858136][ T4455] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 682.866140][ T4455] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 683.010523][ T4455] veth1_vlan: left promiscuous mode [ 683.016587][ T4455] veth0_vlan: left promiscuous mode [ 684.825927][ T4455] team0 (unregistering): Port device team_slave_1 removed [ 684.877135][ T9459] loop2: detected capacity change from 0 to 1024 [ 684.949478][ T9459] hfsplus: creator requires a 4 character value [ 685.001170][ T4455] team0 (unregistering): Port device team_slave_0 removed [ 685.167684][ T9460] loop1: detected capacity change from 0 to 1024 [ 685.231943][ T9460] hfsplus: creator requires a 4 character value [ 687.599240][ T4455] team0 (unregistering): Port device dummy0 removed [ 688.404828][ T9342] team0: Port device team_slave_1 added [ 689.264918][ T9342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 689.272274][ T9342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 689.299385][ T9342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 689.803996][ T9342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 689.811229][ T9342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 689.837898][ T9342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 690.889707][ T9342] hsr_slave_0: entered promiscuous mode [ 690.901066][ T9342] hsr_slave_1: entered promiscuous mode [ 690.910693][ T9342] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 690.918838][ T9342] Cannot create hsr debugfs directory [ 692.323512][ T9502] loop4: detected capacity change from 0 to 1024 [ 692.437045][ T9502] hfsplus: creator requires a 4 character value [ 693.410598][ T9511] loop1: detected capacity change from 0 to 256 [ 693.528110][ T9511] exfat: Deprecated parameter 'utf8' [ 693.550320][ T9342] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 693.684709][ T9342] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 694.036935][ T9511] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011e3e, chksum : 0x38c882e6, utbl_chksum : 0xe619d30d) [ 694.144951][ T9513] loop2: detected capacity change from 0 to 1024 [ 694.244793][ T9513] hfsplus: creator requires a 4 character value [ 694.411724][ T9342] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 694.437273][ T9342] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 695.091608][ T9524] loop4: detected capacity change from 0 to 16 [ 695.146290][ T9524] erofs (device loop4): mounted with root inode @ nid 36. [ 695.217961][ T5802] erofs (device loop4): failed to decompress -26 in[46, 0] out[9000] [ 695.284042][ T9524] erofs (device loop4): failed to decompress -26 in[46, 4050] out[8192] [ 695.284208][ T9524] erofs (device loop4): read error -117 @ 0 of nid 89 [ 695.294141][ T30] audit: type=1800 audit(1750880321.329:5): pid=9524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1354" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 696.158565][ T9342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 696.378660][ T9342] 8021q: adding VLAN 0 to HW filter on device team0 [ 696.484048][ T4138] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.484459][ T4138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 696.545691][ T1323] bridge0: port 2(bridge_slave_1) entered blocking state [ 696.546116][ T1323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 698.274572][ T9551] loop2: detected capacity change from 0 to 1024 [ 698.365153][ T9551] hfsplus: creator requires a 4 character value [ 698.639166][ T9556] loop3: detected capacity change from 0 to 1024 [ 698.697298][ T9556] hfsplus: creator requires a 4 character value [ 699.682267][ T9342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 699.748628][ T9569] loop4: detected capacity change from 0 to 256 [ 699.753643][ T9569] exfat: Deprecated parameter 'utf8' [ 700.039350][ T9569] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011e3e, chksum : 0x38c882e6, utbl_chksum : 0xe619d30d) [ 701.331242][ T9584] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1370'. [ 701.584031][ T9588] loop3: detected capacity change from 0 to 1024 [ 701.722034][ T9588] hfsplus: creator requires a 4 character value [ 703.336884][ T9342] veth0_vlan: entered promiscuous mode [ 703.503895][ T9342] veth1_vlan: entered promiscuous mode [ 703.954480][ T9342] veth0_macvtap: entered promiscuous mode [ 704.058483][ T9342] veth1_macvtap: entered promiscuous mode [ 704.101319][ T9611] loop2: detected capacity change from 0 to 1024 [ 704.169164][ T9611] hfsplus: creator requires a 4 character value [ 704.328482][ T9342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 704.487954][ T9342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 704.587559][ T9342] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 704.587797][ T9342] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 704.588010][ T9342] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 704.588223][ T9342] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.405445][ T9652] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1390'. [ 707.474089][ T9652] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1390'. [ 709.259290][ T9671] loop1: detected capacity change from 0 to 1024 [ 709.327001][ T9671] hfsplus: creator requires a 4 character value [ 710.919026][ T9691] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1402'. [ 710.922124][ T9691] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1402'. [ 712.950166][ T9716] loop3: detected capacity change from 0 to 512 [ 713.006940][ T9716] EXT4-fs: Ignoring removed nobh option [ 713.091276][ T9716] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 713.104316][ T9716] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 713.114926][ T9716] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.1408: Corrupt directory, running e2fsck is recommended [ 713.171605][ T9716] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 713.180710][ T9716] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.1408: corrupted in-inode xattr: invalid ea_ino [ 713.264791][ T9716] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1408: couldn't read orphan inode 15 (err -117) [ 713.336923][ T9716] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 713.556811][ T9716] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 713.570172][ T9716] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 713.581332][ T9716] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.1408: Corrupt directory, running e2fsck is recommended [ 713.795069][ T9716] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.1408: path /280/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 713.918526][ T9716] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 8: comm syz.3.1408: path /280/file0: bad entry in directory: inode out of bounds - offset=0, inode=16810477, rec_len=1024, size=1024 fake=0 [ 714.382233][ T1310] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 714.390537][ T1310] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 714.487777][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 714.748603][ T4138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 714.757796][ T4138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 715.782400][ T9742] loop1: detected capacity change from 0 to 2048 [ 715.945715][ T9742] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 717.417009][ T9742] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1416'. [ 718.473698][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 719.936467][ T9770] loop2: detected capacity change from 0 to 512 [ 719.988048][ T9770] EXT4-fs: Ignoring removed nobh option [ 720.183998][ T9770] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 720.196847][ T9770] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it [ 720.207523][ T9770] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.1424: Corrupt directory, running e2fsck is recommended [ 720.342387][ T9770] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 720.428377][ T9770] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.1424: corrupted in-inode xattr: invalid ea_ino [ 720.506732][ T9770] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1424: couldn't read orphan inode 15 (err -117) [ 720.586596][ T9770] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 720.796689][ T9770] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 720.809201][ T9770] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it [ 720.819836][ T9770] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.1424: Corrupt directory, running e2fsck is recommended [ 720.974004][ T9770] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 3: comm syz.2.1424: path /299/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 721.020928][ T9783] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 721.242120][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 721.249189][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 721.285009][ T9786] netlink: 'syz.1.1429': attribute type 5 has an invalid length. [ 721.747551][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 721.979194][ T5851] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 722.175960][ T5851] usb 6-1: Using ep0 maxpacket: 8 [ 722.243807][ T5851] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 722.251708][ T5851] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 722.263794][ T5851] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 722.276011][ T5851] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 722.287664][ T5851] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 722.497992][ T5851] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 722.498167][ T5851] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 722.498487][ T5851] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 722.498677][ T5851] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 722.498858][ T5851] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 722.507155][ T5851] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 722.507322][ T5851] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 722.507513][ T5851] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 722.507700][ T5851] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 722.507884][ T5851] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 722.527943][ T5851] usb 6-1: string descriptor 0 read error: -22 [ 722.528562][ T5851] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 722.528729][ T5851] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.645732][ T5851] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 722.891112][ T5851] usb 6-1: USB disconnect, device number 2 [ 725.094858][ T9821] netlink: 'syz.3.1442': attribute type 5 has an invalid length. [ 725.447192][ T9826] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 725.469871][ T9829] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1443'. [ 728.008601][ T5857] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 728.250570][ T5857] usb 6-1: Using ep0 maxpacket: 8 [ 728.313872][ T5857] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 728.321985][ T5857] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 728.334096][ T5857] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 728.346232][ T5857] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 728.359633][ T5857] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 728.502099][ T5857] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 728.510660][ T5857] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 728.522447][ T5857] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 728.535965][ T5857] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 728.557251][ T5857] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 728.806525][ T5857] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 728.815233][ T5857] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 728.827082][ T5857] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 728.839291][ T5857] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 728.850873][ T5857] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 728.972092][ T5857] usb 6-1: string descriptor 0 read error: -22 [ 728.979562][ T5857] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 728.989388][ T5857] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 729.115936][ T5857] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 729.250256][ T9872] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1460'. [ 729.451512][ T5851] usb 6-1: USB disconnect, device number 3 [ 731.205441][ T9887] loop1: detected capacity change from 0 to 1024 [ 731.286595][ T9887] hfsplus: creator requires a 4 character value [ 731.754762][ T9894] fuse: Unknown parameter 'use0x0000000000000000' [ 732.705040][ T9899] loop5: detected capacity change from 0 to 2048 [ 732.811520][ T9903] loop2: detected capacity change from 0 to 512 [ 732.873358][ T9899] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 732.875586][ T9903] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.1470: casefold flag without casefold feature [ 732.878440][ T9903] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1470: couldn't read orphan inode 15 (err -117) [ 732.947156][ T9903] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 733.299870][ T9899] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1468'. [ 733.912693][ T9342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 734.050375][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 734.159307][ T9921] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1472'. [ 735.944578][ T9941] fuse: Unknown parameter 'user_i0x0000000000000000' [ 737.060248][ T9952] loop1: detected capacity change from 0 to 512 [ 737.150049][ T9947] loop3: detected capacity change from 0 to 2048 [ 737.280033][ T9952] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.1485: casefold flag without casefold feature [ 737.352549][ T9956] loop5: detected capacity change from 0 to 1024 [ 737.374645][ T9952] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1485: couldn't read orphan inode 15 (err -117) [ 737.409499][ T9956] hfsplus: creator requires a 4 character value [ 737.450443][ T9947] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 737.508050][ T9952] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 737.560397][ T9957] loop4: detected capacity change from 0 to 2048 [ 737.748953][ T9957] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 738.297167][ T9947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1482'. [ 738.300068][ T9953] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1484'. [ 738.576536][ T9969] loop2: detected capacity change from 0 to 2048 [ 738.752141][ T9969] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 739.095900][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 739.254991][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 739.270179][ T9969] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 739.295014][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 739.314228][ T9969] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 88 with error 28 [ 739.314411][ T9969] EXT4-fs (loop2): This should not happen!! Data will be lost [ 739.314411][ T9969] [ 739.314518][ T9969] EXT4-fs (loop2): Total free blocks count 0 [ 739.314633][ T9969] EXT4-fs (loop2): Free/Dirty block details [ 739.314734][ T9969] EXT4-fs (loop2): free_blocks=2415919104 [ 739.314843][ T9969] EXT4-fs (loop2): dirty_blocks=96 [ 739.314939][ T9969] EXT4-fs (loop2): Block reservation details [ 739.315035][ T9969] EXT4-fs (loop2): i_reserved_data_blocks=6 [ 740.121713][ T3591] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 740.181008][ T9982] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1488'. [ 740.237231][ T9982] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1488'. [ 741.763338][ T9997] loop5: detected capacity change from 0 to 512 [ 741.935159][ T9997] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.1495: casefold flag without casefold feature [ 741.964948][ T9997] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.1495: couldn't read orphan inode 15 (err -117) [ 742.116649][ T9997] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 742.663831][ T5851] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 742.883671][ T5851] usb 3-1: Using ep0 maxpacket: 8 [ 742.984041][ T5851] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 742.995353][ T5851] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 743.009047][ T5851] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.034217][ T9342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 743.146935][ T5851] usb 3-1: config 0 descriptor?? [ 743.339591][T10014] loop1: detected capacity change from 0 to 2048 [ 743.575932][T10014] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 743.863890][T10007] team0: Port device dummy0 removed [ 744.037763][ T5851] usbhid 3-1:0.0: can't add hid device: -71 [ 744.044851][ T5851] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 744.129038][ T5851] usb 3-1: USB disconnect, device number 7 [ 744.175954][T10025] loop4: detected capacity change from 0 to 512 [ 744.256287][T10025] EXT4-fs: Ignoring removed nobh option [ 744.281196][T10030] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1504'. [ 744.331541][T10030] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1504'. [ 744.460250][T10025] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002] [ 744.512939][T10025] System zones: 0-2, 18-18, 34-34 [ 744.529166][T10025] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 744.546127][T10025] ext4 filesystem being mounted at /307/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 744.665224][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 745.137711][T10037] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1505'. [ 745.513788][ T5851] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 745.736551][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 745.743543][ T5851] usb 6-1: Using ep0 maxpacket: 16 [ 745.804271][ T5851] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 745.816176][ T5851] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 745.827082][ T5851] usb 6-1: config 0 interface 0 has no altsetting 0 [ 745.834245][ T5851] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 745.843938][ T5851] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 746.094362][ T5851] usb 6-1: config 0 descriptor?? [ 746.611593][ T5851] usbhid 6-1:0.0: can't add hid device: -71 [ 746.618664][ T5851] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 746.711171][ T5851] usb 6-1: USB disconnect, device number 4 [ 747.561908][T10054] loop2: detected capacity change from 0 to 2048 [ 747.854575][T10054] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 747.924044][T10061] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 748.597634][T10054] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 530 with error 28 [ 748.611432][T10054] EXT4-fs (loop2): This should not happen!! Data will be lost [ 748.611432][T10054] [ 748.621852][T10054] EXT4-fs (loop2): Total free blocks count 0 [ 748.628455][T10054] EXT4-fs (loop2): Free/Dirty block details [ 748.638614][T10054] EXT4-fs (loop2): free_blocks=2415919104 [ 748.644880][T10054] EXT4-fs (loop2): dirty_blocks=544 [ 748.650364][T10054] EXT4-fs (loop2): Block reservation details [ 748.656865][T10054] EXT4-fs (loop2): i_reserved_data_blocks=34 [ 748.756849][T10073] loop5: detected capacity change from 0 to 1024 [ 749.804221][T10085] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1518'. [ 749.899990][T10073] EXT4-fs (loop5): Test dummy encryption mode enabled [ 749.911827][T10085] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1518'. [ 750.045072][T10087] loop3: detected capacity change from 0 to 1024 [ 750.091634][T10087] hfsplus: creator requires a 4 character value [ 750.109282][T10073] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 750.128565][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 750.969733][ T5973] udevd[5973]: failed to send result of seq 14859 to main daemon: Connection refused [ 751.680987][T10100] loop2: detected capacity change from 0 to 2048 [ 751.726585][ T9342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 751.807231][T10100] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 752.156092][T10100] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 752.216939][T10100] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 92 with error 28 [ 752.229983][T10100] EXT4-fs (loop2): This should not happen!! Data will be lost [ 752.229983][T10100] [ 752.240268][T10100] EXT4-fs (loop2): Total free blocks count 0 [ 752.246762][T10100] EXT4-fs (loop2): Free/Dirty block details [ 752.253428][T10100] EXT4-fs (loop2): free_blocks=2415919104 [ 752.259520][T10100] EXT4-fs (loop2): dirty_blocks=96 [ 752.265095][T10100] EXT4-fs (loop2): Block reservation details [ 752.271379][T10100] EXT4-fs (loop2): i_reserved_data_blocks=6 [ 752.711047][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 752.838912][T10113] loop3: detected capacity change from 0 to 2048 [ 752.946403][T10113] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 752.954613][T10113] UDF-fs: Scanning with blocksize 512 failed [ 753.064129][T10113] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 753.164188][T10115] loop4: detected capacity change from 0 to 2048 [ 753.296589][T10121] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1530'. [ 753.308882][T10115] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 753.443886][T10119] loop5: detected capacity change from 0 to 2048 [ 753.591481][T10119] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 753.655071][T10115] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 753.672292][T10115] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 74 with error 28 [ 753.686295][T10115] EXT4-fs (loop4): This should not happen!! Data will be lost [ 753.686295][T10115] [ 753.696855][T10115] EXT4-fs (loop4): Total free blocks count 0 [ 753.703835][T10115] EXT4-fs (loop4): Free/Dirty block details [ 753.710175][T10115] EXT4-fs (loop4): free_blocks=2415919104 [ 753.716524][T10115] EXT4-fs (loop4): dirty_blocks=80 [ 753.721926][T10115] EXT4-fs (loop4): Block reservation details [ 753.728459][T10115] EXT4-fs (loop4): i_reserved_data_blocks=5 [ 753.787274][T10128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1533'. [ 753.868601][T10128] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1533'. [ 754.097345][T10130] loop2: detected capacity change from 0 to 2048 [ 754.100023][T10119] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1531'. [ 754.218726][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 754.264761][T10130] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 754.567664][ T9342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 754.617471][T10130] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 754.708869][T10130] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 146 with error 28 [ 754.722295][T10130] EXT4-fs (loop2): This should not happen!! Data will be lost [ 754.722295][T10130] [ 754.732768][T10130] EXT4-fs (loop2): Total free blocks count 0 [ 754.739625][T10130] EXT4-fs (loop2): Free/Dirty block details [ 754.746053][T10130] EXT4-fs (loop2): free_blocks=2415919104 [ 754.752084][T10130] EXT4-fs (loop2): dirty_blocks=160 [ 754.758032][T10130] EXT4-fs (loop2): Block reservation details [ 754.764631][T10130] EXT4-fs (loop2): i_reserved_data_blocks=10 [ 755.437817][ T4063] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 756.550090][T10160] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1545'. [ 756.629323][T10166] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1547'. [ 756.650085][T10166] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1547'. [ 758.018610][T10175] loop5: detected capacity change from 0 to 2048 [ 758.076558][T10175] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 758.294884][T10175] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 758.344865][T10175] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 114 with error 28 [ 758.361254][T10175] EXT4-fs (loop5): This should not happen!! Data will be lost [ 758.361254][T10175] [ 758.371839][T10175] EXT4-fs (loop5): Total free blocks count 0 [ 758.378401][T10175] EXT4-fs (loop5): Free/Dirty block details [ 758.384819][T10175] EXT4-fs (loop5): free_blocks=2415919104 [ 758.390827][T10175] EXT4-fs (loop5): dirty_blocks=128 [ 758.396581][T10175] EXT4-fs (loop5): Block reservation details [ 758.402829][T10175] EXT4-fs (loop5): i_reserved_data_blocks=8 [ 759.019656][ T4138] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 759.673472][ T1885] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 759.805699][T10203] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1559'. [ 759.913498][ T1885] usb 4-1: Using ep0 maxpacket: 8 [ 759.940381][ T1885] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 759.951418][ T1885] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 759.963337][ T1885] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 760.053768][ T1885] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 760.064951][ T1885] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 760.076762][ T1885] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 760.247986][ T1885] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 760.260360][ T1885] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 760.272379][ T1885] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 760.341098][ T1885] usb 4-1: string descriptor 0 read error: -22 [ 760.348414][ T1885] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 760.358993][ T1885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 760.397280][ T1885] adutux 4-1:168.0: interrupt endpoints not found [ 760.751267][ T1885] usb 4-1: USB disconnect, device number 14 [ 761.375159][T10221] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 761.389253][T10221] batadv_slave_0: entered promiscuous mode [ 762.747468][T10240] loop3: detected capacity change from 0 to 2048 [ 763.217252][T10240] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 764.007639][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 765.314633][T10255] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1574'. [ 767.730944][T10281] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1582'. [ 769.541048][T10312] loop4: detected capacity change from 0 to 2048 [ 769.812132][T10312] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 770.020806][T10324] bridge: RTM_NEWNEIGH with invalid ether address [ 770.070681][T10312] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1593'. [ 770.469496][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 776.041116][T10378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1614'. [ 776.640836][ T5802] Bluetooth: hci3: unexpected event 0x03 length: 17 > 11 [ 778.013612][T10399] bridge: RTM_NEWNEIGH with invalid ether address [ 782.665783][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 782.672552][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 783.152582][T10442] bridge: RTM_NEWNEIGH with invalid ether address [ 783.196246][T10440] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1641'. [ 788.226643][T10480] bridge: RTM_NEWNEIGH with invalid ether address [ 788.679617][T10483] loop4: detected capacity change from 0 to 2048 [ 788.843318][T10483] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 789.096598][T10483] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1658'. [ 789.975044][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 792.857182][ T5802] Bluetooth: hci0: unexpected cc 0x042d length: 63 > 7 [ 792.864934][ T5802] Bluetooth: hci0: unexpected event for opcode 0x042d [ 794.965796][ T5802] Bluetooth: hci5: command 0x0406 tx timeout [ 795.002577][T10539] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1678'. [ 796.980508][T10519] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 796.989503][T10519] Bluetooth: hci0: Injecting HCI hardware error event [ 796.998853][T10519] Bluetooth: hci0: hardware error 0x00 [ 799.048665][T10519] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 799.901043][T10593] overlayfs: failed to clone upperpath [ 800.040423][T10605] loop4: detected capacity change from 0 to 16 [ 800.068081][T10605] erofs (device loop4): too large lz4 pclusterblks 16832 [ 806.902028][T10689] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1744'. [ 807.083752][ T5851] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 807.292034][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 807.304161][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 807.316699][ T5851] usb 5-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 807.326388][ T5851] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 807.414314][ T5851] usb 5-1: config 0 descriptor?? [ 808.088001][T10694] loop4: detected capacity change from 0 to 16 [ 808.125651][T10694] erofs: Unknown parameter '' [ 808.161381][ T1885] usb 5-1: USB disconnect, device number 12 [ 810.060998][T10730] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1760'. [ 812.717977][T10769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1776'. [ 815.040832][T10797] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1789'. [ 818.160509][T10842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1808'. [ 820.732576][T10876] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1823'. [ 821.870695][T10894] sctp: [Deprecated]: syz.4.1826 (pid 10894) Use of struct sctp_assoc_value in delayed_ack socket option. [ 821.870695][T10894] Use struct sctp_sack_info instead [ 822.360580][T10519] Bluetooth: Wrong link type (-22) [ 822.471422][T10519] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 822.759153][ T5851] IPVS: starting estimator thread 0... [ 822.784741][T10909] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 822.873762][T10911] IPVS: using max 192 ests per chain, 9600 per kthread [ 826.622740][T10519] Bluetooth: hci3: unexpected event for opcode 0x1003 [ 829.680329][T10519] Bluetooth: hci5: unexpected event for opcode 0x080f [ 830.444121][T11014] sctp: [Deprecated]: syz.3.1870 (pid 11014) Use of struct sctp_assoc_value in delayed_ack socket option. [ 830.444121][T11014] Use struct sctp_sack_info instead [ 830.650412][T10519] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 830.661406][T10519] Bluetooth: hci3: Injecting HCI hardware error event [ 830.670936][T10519] Bluetooth: hci3: hardware error 0x00 [ 831.192201][T11022] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1874'. [ 831.305646][T11028] vivid-000: ================= START STATUS ================= [ 831.313821][T11028] vivid-000: Test Pattern: 75% Colorbar [ 831.319831][T11028] vivid-000: Fill Percentage of Frame: 100 [ 831.326297][T11028] vivid-000: Horizontal Movement: No Movement [ 831.332817][T11028] vivid-000: Vertical Movement: No Movement [ 831.339367][T11028] vivid-000: OSD Text Mode: All [ 831.344948][T11028] vivid-000: Show Border: false [ 831.350225][T11028] vivid-000: Show Square: false [ 831.355754][T11028] vivid-000: Sensor Flipped Horizontally: false [ 831.362449][T11028] vivid-000: Sensor Flipped Vertically: false [ 831.369871][T11028] vivid-000: Insert SAV Code in Image: false [ 831.376411][T11028] vivid-000: Insert EAV Code in Image: false [ 831.382822][T11028] vivid-000: Insert Video Guard Band: false [ 831.389345][T11028] vivid-000: Reduced Framerate: false [ 831.395267][T11028] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 831.403584][T11028] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 831.411910][T11028] vivid-000: Enable Capture Cropping: true grabbed [ 831.419130][T11028] vivid-000: Enable Capture Composing: true grabbed [ 831.426360][T11028] vivid-000: Enable Capture Scaler: true grabbed [ 831.433409][T11028] vivid-000: Timestamp Source: End of Frame [ 831.439715][T11028] vivid-000: Colorspace: sRGB [ 831.445038][T11028] vivid-000: Transfer Function: Default [ 831.451010][T11028] vivid-000: Y'CbCr Encoding: Default [ 831.457088][T11028] vivid-000: HSV Encoding: Hue 0-179 [ 831.462813][T11028] vivid-000: Quantization: Default [ 831.468746][T11028] vivid-000: Apply Alpha To Red Only: false [ 831.476412][T11028] vivid-000: Standard Aspect Ratio: 4x3 [ 831.482363][T11028] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 831.490727][T11028] vivid-000: DV Timings: 640x480p59 inactive [ 831.497406][T11028] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 831.505307][T11028] vivid-000: Maximum EDID Blocks: 2 [ 831.510955][T11028] vivid-000: Limited RGB Range (16-235): false [ 831.517707][T11028] vivid-000: Rx RGB Quantization Range: Automatic [ 831.524740][T11028] vivid-000: Power Present: 0x00000001 [ 831.530627][T11028] tpg source WxH: 320x240 (Y'CbCr) [ 831.536112][T11028] tpg field: 1 [ 831.539723][T11028] tpg crop: (0,0)/320x240 [ 831.544497][T11028] tpg compose: (0,0)/320x240 [ 831.549360][T11028] tpg colorspace: 8 [ 831.553527][T11028] tpg transfer function: 0/2 [ 831.558369][T11028] tpg Y'CbCr encoding: 0/1 [ 831.563206][T11028] tpg quantization: 0/2 [ 831.567610][T11028] tpg RGB range: 0/2 [ 831.571741][T11028] vivid-000: ================== END STATUS ================== [ 831.582454][ T1885] kernel read not supported for file /video7 (pid: 1885 comm: kworker/0:2) [ 831.842053][T11031] ===================================================== [ 831.849531][T11031] BUG: KMSAN: uninit-value in batadv_get_vid+0x2d0/0x3b0 [ 831.857144][T11031] batadv_get_vid+0x2d0/0x3b0 [ 831.862150][T11031] batadv_interface_tx+0x2e9/0x1e60 [ 831.867767][T11031] dev_hard_start_xmit+0x22f/0xa30 [ 831.873253][T11031] __dev_queue_xmit+0x3cb4/0x5e20 [ 831.878521][T11031] __bpf_redirect+0x162d/0x1760 [ 831.883860][T11031] bpf_clone_redirect+0x366/0x530 [ 831.889124][T11031] ___bpf_prog_run+0x1297/0xeba0 [ 831.894435][T11031] __bpf_prog_run512+0xc5/0x100 [ 831.899575][T11031] bpf_test_run+0x54a/0xd20 [ 831.904533][T11031] bpf_prog_test_run_skb+0x19f8/0x26c0 [ 831.910256][T11031] bpf_prog_test_run+0x5c2/0xa40 [ 831.915575][T11031] __sys_bpf+0x6ca/0xe60 [ 831.920048][T11031] __ia32_sys_bpf+0xa4/0xf0 [ 831.924981][T11031] ia32_sys_call+0x2544/0x42c0 [ 831.929980][T11031] __do_fast_syscall_32+0xb0/0x150 [ 831.935491][T11031] do_fast_syscall_32+0x38/0x80 [ 831.940600][T11031] do_SYSENTER_32+0x1f/0x30 [ 831.945523][T11031] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 831.952127][T11031] [ 831.954702][T11031] Uninit was created at: [ 831.959296][T11031] kmem_cache_alloc_node_noprof+0x818/0xf00 [ 831.965744][T11031] kmalloc_reserve+0x13c/0x4b0 [ 831.970854][T11031] pskb_expand_head+0x1fc/0x1610 [ 831.976222][T11031] skb_ensure_writable+0x44e/0x510 [ 831.981683][T11031] bpf_clone_redirect+0x1c1/0x530 [ 831.987204][T11031] ___bpf_prog_run+0x1297/0xeba0 [ 831.992400][T11031] __bpf_prog_run512+0xc5/0x100 [ 831.997638][T11031] bpf_test_run+0x54a/0xd20 [ 832.002394][T11031] bpf_prog_test_run_skb+0x19f8/0x26c0 [ 832.008323][T11031] bpf_prog_test_run+0x5c2/0xa40 [ 832.013604][T11031] __sys_bpf+0x6ca/0xe60 [ 832.018093][T11031] __ia32_sys_bpf+0xa4/0xf0 [ 832.022841][T11031] ia32_sys_call+0x2544/0x42c0 [ 832.028063][T11031] __do_fast_syscall_32+0xb0/0x150 [ 832.033553][T11031] do_fast_syscall_32+0x38/0x80 [ 832.038652][T11031] do_SYSENTER_32+0x1f/0x30 [ 832.043581][T11031] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 832.050214][T11031] [ 832.052729][T11031] CPU: 0 UID: 0 PID: 11031 Comm: syz.2.1878 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(undef) [ 832.065393][T11031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 832.075839][T11031] ===================================================== [ 832.083057][T11031] Disabling lock debugging due to kernel taint [ 832.089423][T11031] Kernel panic - not syncing: kmsan.panic set ... [ 832.096049][T11031] CPU: 0 UID: 0 PID: 11031 Comm: syz.2.1878 Tainted: G B 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(undef) [ 832.110061][T11031] Tainted: [B]=BAD_PAGE [ 832.114378][T11031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 832.124640][T11031] Call Trace: [ 832.128084][T11031] [ 832.131184][T11031] __dump_stack+0x26/0x30 [ 832.135788][T11031] dump_stack_lvl+0x53/0x270 [ 832.140653][T11031] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 832.146770][T11031] dump_stack+0x1e/0x25 [ 832.151194][T11031] panic+0x4bd/0xd50 [ 832.155404][T11031] kmsan_report+0x31c/0x320 [ 832.160192][T11031] ? __msan_warning+0x1b/0x30 [ 832.165122][T11031] ? batadv_get_vid+0x2d0/0x3b0 [ 832.170252][T11031] ? batadv_interface_tx+0x2e9/0x1e60 [ 832.175849][T11031] ? dev_hard_start_xmit+0x22f/0xa30 [ 832.181357][T11031] ? __dev_queue_xmit+0x3cb4/0x5e20 [ 832.186779][T11031] ? __bpf_redirect+0x162d/0x1760 [ 832.192036][T11031] ? bpf_clone_redirect+0x366/0x530 [ 832.197469][T11031] ? ___bpf_prog_run+0x1297/0xeba0 [ 832.202812][T11031] ? __bpf_prog_run512+0xc5/0x100 [ 832.208080][T11031] ? bpf_test_run+0x54a/0xd20 [ 832.212985][T11031] ? bpf_prog_test_run_skb+0x19f8/0x26c0 [ 832.218866][T11031] ? bpf_prog_test_run+0x5c2/0xa40 [ 832.224224][T11031] ? __sys_bpf+0x6ca/0xe60 [ 832.228860][T11031] ? __ia32_sys_bpf+0xa4/0xf0 [ 832.233754][T11031] ? ia32_sys_call+0x2544/0x42c0 [ 832.238905][T11031] ? __do_fast_syscall_32+0xb0/0x150 [ 832.244442][T11031] ? do_fast_syscall_32+0x38/0x80 [ 832.249703][T11031] ? do_SYSENTER_32+0x1f/0x30 [ 832.254614][T11031] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 832.261391][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.266791][T11031] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 832.272896][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.278313][T11031] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 832.284426][T11031] ? batadv_meshif_is_valid+0x71/0x90 [ 832.290031][T11031] ? filter_irq_stacks+0x49/0x190 [ 832.295331][T11031] ? stack_depot_save_flags+0x35/0x7b0 [ 832.301068][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.306494][T11031] __msan_warning+0x1b/0x30 [ 832.311277][T11031] batadv_get_vid+0x2d0/0x3b0 [ 832.316251][T11031] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 832.322368][T11031] batadv_interface_tx+0x2e9/0x1e60 [ 832.327812][T11031] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 832.334418][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.339816][T11031] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 832.345921][T11031] ? __pfx_batadv_interface_tx+0x10/0x10 [ 832.351783][T11031] dev_hard_start_xmit+0x22f/0xa30 [ 832.357179][T11031] __dev_queue_xmit+0x3cb4/0x5e20 [ 832.362443][T11031] ? skb_release_data+0xa12/0xac0 [ 832.367698][T11031] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 832.374227][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.379623][T11031] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 832.385726][T11031] ? __dev_queue_xmit+0x30c/0x5e20 [ 832.391116][T11031] __bpf_redirect+0x162d/0x1760 [ 832.396219][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.401625][T11031] bpf_clone_redirect+0x366/0x530 [ 832.406910][T11031] ___bpf_prog_run+0x1297/0xeba0 [ 832.412131][T11031] __bpf_prog_run512+0xc5/0x100 [ 832.417258][T11031] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 832.423877][T11031] ? kmsan_internal_poison_memory+0x7f/0xa0 [ 832.430034][T11031] ? kmsan_internal_poison_memory+0x4a/0xa0 [ 832.436208][T11031] ? kmsan_slab_alloc+0xde/0x160 [ 832.441409][T11031] ? kmem_cache_alloc_noprof+0x81b/0xec0 [ 832.447277][T11031] ? slab_build_skb+0x5c/0x590 [ 832.452315][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.457705][T11031] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 832.463814][T11031] ? bpf_test_run+0x71/0xd20 [ 832.468623][T11031] ? filter_irq_stacks+0x49/0x190 [ 832.473867][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.479256][T11031] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 832.485367][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.490757][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.496158][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.501563][T11031] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 832.508169][T11031] ? kmsan_get_metadata+0x150/0x160 [ 832.513648][T11031] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 832.519743][T11031] ? __pfx___bpf_prog_run512+0x10/0x10 [ 832.525462][T11031] ? __pfx___bpf_prog_run512+0x10/0x10 [ 832.531181][T11031] bpf_test_run+0x54a/0xd20 [ 832.535905][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.541322][T11031] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 832.547967][T11031] ? kmsan_get_metadata+0xfb/0x160 [ 832.553375][T11031] ? bpf_test_run+0x39e/0xd20 [ 832.558421][T11031] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 832.564536][T11031] bpf_prog_test_run_skb+0x19f8/0x26c0 [ 832.570306][T11031] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 832.576370][T11031] bpf_prog_test_run+0x5c2/0xa40 [ 832.581589][T11031] __sys_bpf+0x6ca/0xe60 [ 832.586114][T11031] __ia32_sys_bpf+0xa4/0xf0 [ 832.590853][T11031] ia32_sys_call+0x2544/0x42c0 [ 832.595835][T11031] __do_fast_syscall_32+0xb0/0x150 [ 832.601208][T11031] do_fast_syscall_32+0x38/0x80 [ 832.606303][T11031] do_SYSENTER_32+0x1f/0x30 [ 832.611040][T11031] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 832.617634][T11031] RIP: 0023:0xf710e539 [ 832.621891][T11031] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 832.641757][T11031] RSP: 002b:00000000f50fe55c EFLAGS: 00000206 ORIG_RAX: 0000000000000165 [ 832.650426][T11031] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000400 [ 832.658595][T11031] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 832.666749][T11031] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 832.674902][T11031] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 832.683060][T11031] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 832.691254][T11031] [ 832.694712][T11031] Kernel Offset: disabled [ 832.699223][T11031] Rebooting in 86400 seconds..