last executing test programs: 30.645238582s ago: executing program 4 (id=1517): add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) recvfrom$inet6(r0, &(0x7f0000000000)=""/31, 0x1f, 0x10000, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000000)="48050000150019", 0x7}], 0x1) r1 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 30.556204401s ago: executing program 4 (id=1518): syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$igmp(0x2, 0x3, 0x2) syz_clone3(&(0x7f00000004c0)={0x100801000, &(0x7f0000000180), 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x14) socket$kcm(0x2, 0x3, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet6(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r0}, &(0x7f00000002c0), &(0x7f0000000340)=r1}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0, 0xffffffffffffffff}, 0x4) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0x1c, &(0x7f0000000440)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xf1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 30.520254621s ago: executing program 4 (id=1519): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x7f, 0x0, 0x9, 0xffffffffffffffff, 0xfffffe0000000005, 0xfa11, 0xffffffff}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) r2 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03) ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000000)={0x3, 0x9a090a, 0x1}) r3 = socket$tipc(0x1e, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000440)={0x42, 0x3, 0x3}, 0x10) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r4, &(0x7f0000000000)={0x1d, r5}, 0x10) setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f00000000c0), 0xf00) bind$can_raw(r4, &(0x7f0000000080), 0x10) syz_io_uring_setup(0x18d6, &(0x7f0000000040)={0x0, 0x3, 0x1}, &(0x7f0000ffe000), &(0x7f0000ffe000), &(0x7f0000000000)) 5.158093301s ago: executing program 4 (id=1521): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000000000), 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") r0 = open(&(0x7f0000000280)='./file1\x00', 0x1cd142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x0, 0x0, 0x8ffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0x10c6b) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x9, 0x20}, 0xc) sendfile(r0, r0, 0x0, 0x800000020) 4.086397412s ago: executing program 4 (id=1719): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_clone(0x60218000, 0x0, 0x0, &(0x7f0000001440), &(0x7f0000001480), &(0x7f00000014c0)) sched_setattr(r3, &(0x7f0000000280)={0x38, 0x5, 0x9, 0x10008001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0d, 0x203}, 0x0) fsetxattr$security_capability(r0, 0x0, 0x0, 0x0, 0x2) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000240), 0x2) r5 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2) ftruncate(r5, 0x10000) fcntl$addseals(r5, 0x409, 0x7) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000440)=0x2) r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) ioctl$DMA_BUF_IOCTL_SYNC(r7, 0x40086200, &(0x7f0000000180)=0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000001c0)={'netdevsim0\x00', &(0x7f0000002fc0)=@ethtool_wolinfo={0x3, 0x8, 0xfffffffd, "050000009582"}}) ioctl$int_in(0xffffffffffffffff, 0x5421, 0x0) r9 = add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000340)={0x0, "ccb9490a299cd16d4bb6b1878b185d761fe6ef51f2fd0b4230da9e08134e22912f729cdb1b6f015a62c8ed3d596854d654201d7909d8f3933c1e69c07d17b758", 0x1a}, 0x48, 0xfffffffffffffffa) keyctl$instantiate(0xc, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="6c6f6164205f235a66756c742074727573747175656e636572320020303030edb11a5f324d303030300500000030303620663365370e626600"], 0x43, r9) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xc3, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0) 3.435897956s ago: executing program 2 (id=1725): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000300)={0x28, r1, 0x831b97362602f4f3, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xfe}]}, 0x28}, 0x1, 0x0, 0x0, 0x841}, 0x20000090) 3.14971859s ago: executing program 2 (id=1728): syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$igmp(0x2, 0x3, 0x2) syz_clone3(&(0x7f00000004c0)={0x100801000, &(0x7f0000000180), 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x14) socket$kcm(0x2, 0x3, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0x1c, &(0x7f0000000440)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xf1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.612055602s ago: executing program 0 (id=1729): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0x8ffff) pwrite64(r0, &(0x7f0000000380)="2341d489be", 0x5, 0xa431) 2.444140916s ago: executing program 2 (id=1730): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000005c0), 0x10) recvmmsg(r0, &(0x7f00000019c0)=[{{0x0, 0x0, 0x0}, 0x8000}, {{0x0, 0x0, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000340)=""/135, 0x87}], 0x2}, 0x7}], 0x2, 0x10002, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x48}}, 0x0) 2.28881889s ago: executing program 3 (id=1732): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00'}) r0 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82d00af00416375f3", 0x18) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYBLOB="00020401"], 0x18) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, 0x0, 0x4008054) sendmsg$sock(0xffffffffffffffff, 0x0, 0x4000) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001840), 0x3b, 0x0) 2.099587286s ago: executing program 3 (id=1734): set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x3) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ip6tnl0\x00'}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x2000400c) 2.019305629s ago: executing program 1 (id=1735): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000800)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_DELSET={0x2c, 0xb, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x90}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 2.01877471s ago: executing program 0 (id=1736): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller1\x00', @multicast}) write$tun(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000033"], 0xfdef) 1.816400759s ago: executing program 3 (id=1737): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000600)="87fc5d85da21530562070095c108", 0x0, 0x8011, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x40}, 0x50) 1.730095758s ago: executing program 1 (id=1738): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000170000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r1, 0x25, 0x4, @void}, 0x10) syz_emit_ethernet(0x1e, &(0x7f0000000200)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @val={@val={0x88a8, 0x6, 0x1, 0x4}, {0x8100, 0x4, 0x0, 0x2}}, {@mpls_uc={0x8847, {[], @llc={@snap={0x1, 0xaa, 'S', "26ea17", 0x1b4c}}}}}}, 0x0) 1.558934183s ago: executing program 3 (id=1739): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000001980)}, 0x40) 1.536213081s ago: executing program 1 (id=1740): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nobarrier}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x10}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r0}, &(0x7f0000000780), &(0x7f0000000940)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x81ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x38) 1.355976561s ago: executing program 2 (id=1741): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 1.355730973s ago: executing program 0 (id=1742): r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x0) recvfrom$inet6(r0, &(0x7f0000000000)=""/31, 0x1f, 0x10000, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000000)="48050000150019", 0x7}], 0x1) r1 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 1.300932457s ago: executing program 3 (id=1743): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller0\x00', @broadcast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x5, 0x5, 0x4, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2e, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {0x3, 0xb}, {0xffe0, 0x2}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x200c840) 1.08186263s ago: executing program 2 (id=1744): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000000), 0x8) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000040)={0x7}, 0x4) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) fcntl$setsig(r3, 0xa, 0x12) ppoll(&(0x7f0000000100)=[{r4}], 0x1, 0x0, &(0x7f0000000080), 0x8) dup2(r3, r4) fcntl$setown(r4, 0x8, r2) tkill(r2, 0x13) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000300)={0x0, 0xa01a, 0x6}) r5 = open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) connect$unix(r7, &(0x7f0000000080)=@abs={0x0, 0x0, 0x4e22}, 0x6e) connect$unix(r6, &(0x7f0000000800)=@file={0x0, './file0\x00'}, 0x6e) pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x11, 0x5000, 0x0, 0x3) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a88000000060a010400000000000000000a0000060900010073797a31000000005c000480340001800c0001007061796c6f616400240002800800014000000008080003400000004f08000440000000380800024000000001240001800a0001007265646972000000140002800800024000080000080001400000000e0900020073797a32"], 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x24000800) 677.558776ms ago: executing program 1 (id=1745): r0 = socket(0x2, 0x80805, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{0x0, 0x30}], 0x1}, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0xdd02}], 0xc, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0) 528.20097ms ago: executing program 1 (id=1746): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r4, r1, 0x25, 0x0, @val=@tcx={@void, @value=r4}}, 0x1c) syz_emit_ethernet(0xd81, &(0x7f0000001980)=ANY=[@ANYBLOB="0000000000000f22f07b8a0288a83800810028000805000500f31975c71d245dd6a3d6c3756ed80cc977391bbd86579033122a93bc4c5543646d60c10d0f759d90c014a29dbc1d45dabfc4da17e2c39edcfe7a0359d5d27ade090965cd3e3a1c3324cb5bcaf81300703dc3b9d93dc66aa78b26d3b7f6b930c81799e5184198aee9feb8484e4a5423a97feaa4d2cc98804afc1be436dc0992aabb7ede9b26ba9c000b3d74a4cdea490b1f0ffb66d51384aceb1b0d5bd2efe9bb85300ce2e49b6d61c64aa37f7ff97ff3804b9977eb03b25d3674d74857a4ea8761a25d9b9ac0895678c937b733dbd3de2e1308f2b9956a26871a1629b97cac583340f798f904765d2d8a846474838a5f1dbd2dc34305f57a2c07a43a379e67d7562d34d7283504083999b55479ad8bed4b8ac1cb39cf61d32abb81eb17fbf14234c4176a9b6cd143d6f9a508f866c32c04ae71f4fee4b8ce32f290641c8b0a8d038d80577305cb7040d9a0ad9d8077e33fa463460c7fc604f3b647690e2f3b743b9c43892080c3730b695131853e863117fe3f619bdf98cf82662aa0cf0df5bb964b39cc8fc73f802cdfaaccae7987032504b93a11bb7f9ab107aa3c5a589389d166f5c0a7a05caf050485096a58d5dbe7572ae8ed5582650698e368320ba316583026dfa95fb600fddacd65316a165d8f67917331448079886b7ea6fcbf141f3046dc97e91c12101aefc82f403c7d25536887d17828f96f148d58d2c53779d12201b12cc4a6e53f9b4a122248c9cbaef6253310827bb7e9749e9b381fe904ded493f050c6f38870f51b370ced3408307f40b4b8135974efb983c6dbeeb5891a5729340eb1a8c5b25a35297848231f491b2c21ed5bff76d6c3f46599e2188e6afdb56b806b6a556adbb72bb5421af8b3ae5659cae0b0b3d69e9e259e87c9a2f391d90c4fd7397059e32503e6bd15e7b48071621c8f2ea33efa2f397f9e2957900d8ad2f7752deea4650cd1a24f5bc9d14c8a4033861247e7d5d8bc7cc39a20ec75cc6f6c809c3f811e4fe62dbc56b4a300fc02f27829a9b31be210aa6ec314d1dc6d02b82ecd458bb7fc104c9146cb342e2badb1ab6dc8fd2b284b9a1f29f70256604b6c6ce689bfbab70cd7cb442bf91dbb789c2f76041cb373936ac732512c5153c1ced10bd12fb2ab55cf14f3c832f2dc86a9e6311a0f8a0c45f0889a8c3c7077d8adbc89b6a1793de73b5f7915a7d785ed7813a622f2b9fe6f6116b0fb7677500349235f07b06f7848de466d06d9f5bf81a44fcc3e80255da243b1335d2d78c5c1f437b1f48acf43a71e044af6a6a202cd0a338f08a24c74892072c8a2ea4200c8d6215b9ee4179addd6ff150c973570d0df773b32e25aac76e0d28bcf046d901461b34a865351270a41ba49cc38ebb52e0b4b196bc1e749efb63ab2114b6e39c992b9b8aad692c5aebf23f6c73ad695a81373ad67f69261396aa424cf9c9b23ec5551071dcd02b132b5f3f404de59814939c2ef4b90589d1f3ee26f5b832a439b21fbe67702f681d8c4d4dd8fe193e2c7f2125185599b3052518e2812f879ce746fc5f84134ff533b852c05c0e0a4f84850d5b5f9cb2ed210ad72d84a37a888b1b11ff9e6be3ccc21b82ae15ef19baa6086c4db487c4e0bb168c84a4cdb6de5104798d83c339b5c699077ba64dd6d2c7dd44eaba0ae0d961f95d38e654dd0d6107eb3f94162d876ecd2449211be1763ee24d5983162d97c34bfef8d80094ca1f13b49cda60d998562b8fbca3f7d5bc75bf512672024f276c5910b5d3d5d11f8040545bc734fe6eb30adcb216791bcd15558c05df6a406cc444ce87b87d5c4a98d1d416252cd03640489c56ef51c27db56736899eff2a6be2df55013e17aabc8edcad501706adf3ecadc9497925b7f2c35144ba59992e4072b4788e9af6b4f959bf5c057dd3c56ab7ce398595d402327801fdd8ef66d5c4aed5aae24071741f065b4365f75b3833ba9dbf19dd268f22125e12823159a31d036e9ea7c0eaf455d783292960afa28a4dac55b907d3eb8f38ff678b3e7c73fe14cf12b04f6d55546d93a5e054d1aebf5d17e0ee9353dd2bd4e2425d5ebfb6147d703823f08880e1aad1283dd49a1da215b7a2cf66776c9cd464108874dcb6b3cc814ec59f8b7421dbc92a606f2f0679994cadc0104df60df0238944d5ec0c3700ca2766e0ca99285a777b45f410d3fe3a34462f412bd46958805597444ac797945d714947363ad3b3c0abdeeed4019b000e83f1c4bcd2fd9d439e440c258b3cef5058ea6e2019549beefccf67b2c5892c64f3e50238601f7a90ea3274e6f9e9015210868f5f863107cd227fa5cf81f8e00e14fb30360988a2927a482efcd50a3798c4b4c20fcab8e4321c79f250b1b09950ac67a5da2920c508b8317f0a62b7af668ee6d88f60c2c6355efbae8e71a7b6679f7ebe59bcd9d97aff057d07cecfca243575920dec6846e6e1d0b9328c7830002e5e030a4336fa072edcc5998ac8c8a23c579d1d55bd915df1945bbe927d4cd40ce513665e3bff10a3e47b40086872f6858414ed4b6715db531d6af3636b0425035872c230c80a97d0fe5c11b8a73a392d2e3fe5e5e37d1d1d20082de32dc3240a15311cf2a09304f71de12dfb7df410b457c7a5cc534de19f5578fa944e37cc127f5379fd2eba27f4cc29a82f89ddfaecac525e82f8f15eb70f5f451d4a319db8ffd851cd4ba83e46c16ed02b64c8450f4302dae298555fe2914edce0c1b7f0e23dea8a029e1a28fc660320a1347511df476e6ac382d0210e361544651a75e8ec24badac1d8d4c40e3e527443108d5149dfe02268b3352ce0e650b53b796d894e029c113ffeb65969132a5c4f8fe6cea7ef4907602aca13208f8c7813c8751e5b442b78ac9ebcf8d92010cfbca74c6f844c4268bacbdfa500f8b62a0f557053d528e7f21910595838b1dd1107e0db4c58f3d103b3eb9932d5a58879b3ce5edcf883a59c72ca478d95920cbed1afbf01f999a0b54ece69cd75563ce7a794ba91d0d495cda3bc86c73665317531a5086f22f339eca24796256de8ed0d9659be242a2dc826b7db8956f5fb5a16ecb197a2e700261325811c541d3595607b2b634c36d3ffd5d87febe393eeb6da19d01200eb406df3ee9e8d06e85428c8b9cd9978f6e18fce8a4e13ca53731d1f2d767c866f6b84411bd9a5f733b3fdd46d331e924c7a05f9bb1b45bf651fe335cf6312323e101266ca1430d2d36b73ec1ce8e083365db9622835237254af89ef2fc32f040533d38c4b62c40be487ae8277631eebde4295ff429436ceaa8df074f9c989b5d96726c45a60073b28e1f4599947e0f9aa5c0e244aade2b80f9b3f03427c709b2485a0fb5a04184921e1409f3c1e83bbe70d0ffee13def1da1f09635501a8b4025f5b1d124b997d9d49168a4e035ca0bb7a5c57ab4acef7723c9fa95b4c082eb426a13be1a34e89676fe193d44bfd5a1c8281d18c3c8960361fe5390ee6f4c27a40e79cc3926617b491cd95b18519c24803eca6b2298b671d301fc485287c87615493002c78b9cdad9a2c83a596f04258647bd518cc407ecb8a284294935882de54f54f882006b2840a3ecd4077763f460289a14f4e43d2d38e68c151091facfda94b88ce4f85621a869e3fef995ac0b28c01e95651036d23a470bf19304b458cbce750ea277b117b50b433bee6742d7c8658856c310b9705e534e43e9700698d8e3536e4f04c113478c0352dbb79adbdf500e4d8a070cf17932b10d46888e08083965cabac0e2f006682aa59ac07e50690de7daf17e11c09bb1b27095bb82130f98b989565defb51cac33be6403ad8b7ee7f6867861b27e3873acfaecf3c1df4b68dd5be72d961b599ee5fb25a9012cfc39cc2d88bfed97e08a821af010b0cf27ba2b6ca2c8ce145ac01f92a200abe2a3ed7ff7de40d282d623c9b4ebf101fb25ac5ae2d2991825125e02ff54bc81bef1d5253d787df3ff07078df6a429884f44de1c78a371fb158161bf35e2aa0af1a15a6332cb08b2b9a4b5791165762c0b76ad013a7f0b177a86381b7934b1a6f0d2d1b82019e8372627a84102aef09980e7dadc427af3e39cdbd24f6b2cca033ce692458ba3627715b2c17b3325facb900fa2ec49b05e02f17917b5386055646c5aae28a85ef19f8d7e06ed147f148647c79fd2423af8b93ab2800b4bb886b52c7f0dbcf4274915ef405bbf862ad4aed2112fe3509a80aae46f7912e90970bfa8dc4b67ce99c64b480bffd43605a0e92712be1af0d71099c239492f6250ba2c7864fd34e019823fe1ee5565c45324fbfe4cb79b8a2cc6e74970ff611e74c192da1342c51ebb689c8a2375eef15e90d425bd7ba16e53d9e93d0be0529648405e088e1f393f1169f3ce278dba01cdab20204ae16d3abe57d38c5c7cefd270799ba25323fe8dfe86f7c01d1a6154aebcef8c4027ca4a20850077da047c487a02f509a981efc126a8212c7367e7500d2789ddd1af1f3a83f9942f8f96c064c8d205f4502e484169f7204d387519583d14ae202acfbccb2010094488b132cb7bb1fc4ebd4ff69552f479079e00c3f4cbcf2f8e0fd27bfbf8e85c5d7b53be8b3dc5b08e221f6d7d57a7821417108659619788c7e23216229f7cb641a026956f06840152350a990c7ee8e12573fbc9c52dd2dd3c011e769b3e09475c8e1203d9d7f0b06ae6434e13ebef351fcd2dea5e023690de32f0aebc4c4183e6290961049a6fcdc05f89992a1e4171d9b79dfb42b7090f75c2a98bec07df7e4e9e37105c12799dc40dbad93b8b80eab9b02631dbd38264c15eae16d11716ac1a1e2009b601307be161756532c82484178f580b1061f24249d7c60a934311cda28e22adda0"], 0x0) 480.766123ms ago: executing program 2 (id=1747): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, 0x0, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="05", @ANYRES64=0x0], 0x48}, 0x1, 0x0, 0x0, 0x2000c800}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000000)={0x79}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x40000071, 0x0, 0xff00000000000000}]}) socket(0x80000000000000a, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$IPT_SO_GET_INFO(r4, 0x0, 0x40, &(0x7f0000000080)={'mangle\x00', 0x0, [0x3ff, 0x7, 0x3, 0x8001, 0x9]}, &(0x7f0000000140)=0x54) socket$nl_generic(0x10, 0x3, 0x10) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002240), 0x20000) syz_usb_connect(0x0, 0x371, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000057ec0020c215dcff30bd0102030109025f03019b000000090400"], 0x0) close(0x3) 414.308411ms ago: executing program 0 (id=1748): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES16=r0], 0x20}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000000000000000a000000000000030000000008001e0001"], 0x24}}, 0x0) socket$unix(0x1, 0x1, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x24}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000100001000100"/20, @ANYRES32=0x0, @ANYBLOB="20f5b5f67500000008001b00"], 0x28}}, 0x0) 287.810929ms ago: executing program 1 (id=1749): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000600)={0xa0000013}) ppoll(&(0x7f0000000140)=[{r0, 0x40}, {r2, 0x110}], 0x2, 0x0, 0x0, 0x0) close_range(r0, r1, 0x0) 210.676226ms ago: executing program 0 (id=1750): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r2 = fcntl$dupfd(r1, 0x0, r0) connect$unix(r2, &(0x7f0000000540)=@abs={0x27, 0x0, 0x8}, 0x6e) 160.40475ms ago: executing program 3 (id=1751): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) recvmmsg(r0, &(0x7f00000025c0)=[{{&(0x7f0000000100)=@ieee802154, 0x80, &(0x7f0000000440)=[{&(0x7f0000000180)=""/202, 0xca}, {&(0x7f0000000340)=""/194, 0xc2}], 0x2, &(0x7f0000000480)=""/163, 0xa3}, 0x3}, {{&(0x7f0000000540)=@pppol2tpin6, 0x80, &(0x7f0000000640)=[{&(0x7f00000005c0)=""/68, 0x44}], 0x1}, 0xfffffffd}, {{&(0x7f0000000680)=@generic, 0x80, &(0x7f0000001940)=[{&(0x7f0000000700)=""/119, 0x77}, {&(0x7f0000000780)=""/33, 0x21}, {&(0x7f00000007c0)=""/179, 0xb3}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/79, 0x4f}, {&(0x7f0000001900)=""/32, 0x20}], 0x6}, 0x8}, {{&(0x7f00000019c0)=@hci, 0x80, &(0x7f0000001c40)=[{&(0x7f0000001a40)=""/53, 0x35}, {&(0x7f0000001a80)=""/233, 0xe9}, {&(0x7f0000001b80)=""/192, 0xc0}], 0x3, &(0x7f0000001c80)=""/75, 0x4b}, 0x80}, {{&(0x7f0000001d00)=@ieee802154, 0x80, &(0x7f0000002000)=[{&(0x7f0000001d80)=""/78, 0x4e}, {&(0x7f0000001e00)=""/222, 0xde}, {&(0x7f0000001f00)=""/236, 0xec}], 0x3, &(0x7f0000002040)=""/94, 0x5e}, 0x5}, {{&(0x7f00000020c0)=@nfc, 0x80, &(0x7f0000002500)=[{&(0x7f0000002140)=""/99, 0x63}, {&(0x7f00000021c0)=""/139, 0x8b}, {&(0x7f0000002280)=""/69, 0x45}, {&(0x7f0000002300)=""/79, 0x4f}, {&(0x7f0000002380)=""/83, 0x53}, {&(0x7f0000002400)=""/192, 0xc0}], 0x6, &(0x7f0000002580)=""/29, 0x1d}, 0x9}], 0x6, 0x0, &(0x7f0000002740)={0x77359400}) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x50001, 0x0) ioctl$RTC_WIE_ON(r1, 0x700f) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timerfd_settime(0xffffffffffffffff, 0x3, 0x0, 0x0) connect$inet6(r2, 0x0, 0x0) syz_usb_connect(0x3, 0x24, 0x0, 0x0) sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, 0x0, 0x80) r3 = socket(0x2b, 0x80801, 0x1) bind$l2tp6(r3, &(0x7f0000000180)={0xa, 0x0, 0x81, @loopback, 0xa1d, 0x3}, 0x20) 95.742151ms ago: executing program 4 (id=1752): socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x2, 0x0) syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x4400, &(0x7f0000000100)=ANY=[@ANYBLOB='check=strict,session=0x0000000000000024,iocharset=ascii,overriderockperm,overriderockperm,gid=', @ANYRESOCT=0x0, @ANYRES16=0x0, @ANYBLOB="f144ef566aaa2604da071bbeb6f430dfed6346ac280ad0be1430acfe313e69a2fa6cfe678c61c9f409a06bfd99bec80be2031abda528aae93700000000fbf0cf85b7fb437e3447f576f632761291515cb5463d90d1bb7568142a060494f630902b3ef5334efb547f8cf0b2458c7979b0db9ca4f520c1f1b85f556cf01d", @ANYBLOB="e18d8e322868343b38d9db095899a1945e4a12ea0f3ebe5067157346e5624f6d506a1c219ece53b17b14f64e7fa1124f331eb2d46b4e89a95ce23ee44d7d"], 0xf6, 0xa2a, &(0x7f0000000240)="$eJzs3c1vXOdeB/DvmdiJ41vl5vaGEqLeZpIqvb69xrEdmijqgpvY48QXvyDbkRoBaqomQVEsilqQ2opFKiFWVFQIIQEb1CWrSmVBNyg7WLJigQT9D1DFhrCAQXNmJh7H8xK7UzuEz2c0Pm+/5+2cM+fRjGfOE/4vq9fr5XOPyzf+Zj8ry7Pn6vzXn3/xaeP5yYMczqG8UfxdMpakmoz8d3mujM7Nr60uD8jofnIrycOkSHIkzWkPR7ct3UrxJ3lha/lhir/KyS7JxnbZOAaq8//aQZ9/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwTJqbn56eKbK0uHLjrWpv5RDgfba3s/uqHPW7+GpQsUVSNJ4ZG2sP9X3yxNbmlxp/zubl5tLLzZG/x/Lx9146/uYPRyrt9H0qtC8++Ojj++9sbt55f2vVaNfAkVa7GvNHtlY/aK06cIf3luxabWVxfXVx+cq1WnVxfbV6+eLF6fPXF9arC4uprd9c36gtV+fWalc2VteqE3M/qc5cvnyhWqvcXL2xcm1+aqnWXnnpl2enpy9Wfz7167Ura+urK+d/PrU+d31xaWlx5VoZ09jciLnUOBF/bXGjulG7slyt3r23eefCoEo2gma6bim2B80Oyml2enZ2ZmZ2dubiG5ffuDQ9PbJjxfQTsiPi4E9aDs7fDvXaDd9SpdX/ZymLWcmNvJVq18dc5rOW1Sz32N7S7v/Pna/1Lbez/2/38ie3Np9K2f+/0lx6pVf/36Mugx/1ejPnvaZvPz7IR/k49/NONrOZO3n/W+e4Y7/+15Byqn771u58XEstK1nMelazmOVcKddUW2uquZyLuZjpvJ3rWch6qlnIYpZSy3puZj0bqZVn1FzWUsuVbGQ1a6lmInP5SaqZyeVczoVUU8tUbmY1N7KSa5nPlTKXu7lX7vcL/fZgO2jmaYJm+wQNuf+vHznQvoiDMfRrOOxVvdX/H+4ZUG/PTcztW60AAACAYfqlf8yxEy/+w78mo/lR+bn8wuJSbfqgqwUAAAAMUfl1vZcbk9HG3I9SeP8PAAAAz5ui/I1dkWQ8p5tzzV9CHYoPAQAAAOA5Uf7//5XGZLwxdzrF4zuh3DrougEAAADDMfge+wMjisn27X+rt5vT262I1n1+xxcWl2pTc6tLb87ktfIuA+UvDXbkdigpRsufH7yeM82oM+PN6fj2HMcaUTNTb87k9ZxtNWTi1cbk1YkukbPNyB83I3/cJ/JCIxIAnndn+/THT9v/v57JZsTkqZHDSUZOdelZp/WsAPCs6DbGTtmHd/T/A0bhKX5l6/3/aCvbbf3/i7n7n82vFEzl3byXzdzOZE4n98tvHGzL9Tc/a31m8PhrCNOZHPBpQDv2ny5VMjng84DxjoFeJgd8ItCMzW8lF/blWADAfjlb/upvZz+8m/5/suP9f3a+/388tNAdPykEgGfC4xHshzrz/W05H3QbAYDt9NIAAAAAAAAAAAAAAAAAAAAAAAAAAAAwfEO97f/YHpP/W2tcv2EPQzBg5mhrH+w9nz9Nsn91LoZcVmUI+dST7Nfx2r+ZHE/2vFe7nsaHkxx8uwbOjLReEvff2TyoKxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7qUgOdVtfSY4kmU5yfv9r9d15cNAV2H+/2rlQPMqjfJhjB1cdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDnU+v+/5U0p99rrspIJTmX5FaS3zjoOg7To4OuwJAc3WO6jvv/N4556kVGmoc9xejc/NrqcuPwl2M/VL7+/ItPG8+O5EeetpwysPLE4BKtEp6M/esX2nM/KFONz9/54P7vvfe71fmrqeRwrm4sLM0vX1v72VaSl4ovk2qaz7Z2ff/g3N9/1qXlXzZa2t2T5S6UO2d+Z7m/2C11/3L7ubd5Z7ZR0kbtrY3f/517H3ZsejFnklcnkontJf1249mjpDMZ7Vda8U3xR8Wx/Hlulce/sTeKetE4RN8v23/07r3NO1Pvvrd5u0edjud0ktvJWP86fdKx+XR5PemqPOsqo41Sp8ugxp8TA9rYV0eOMz3a8IPylBlvteFwzzZ0qnZpw//U6/X2fMd+r3SrVrNGF3rU6Id5rcuRrh9Jetfotf5Hurvim+Jfiuv55/xhx/gflcbxP5fer87tWZSRHWdKz8hKM7Js+WznhrefjPz3v3iq2ncdpobd+uNtL95Kx/W/dayGdD2qF32vRx0l7u510VFiZedZ0ed1UfZIJ55I0br69ErTqueJZlSPev5CfpqMnOp3VdzRW/+091Vxe/qfdd+819f/XxYT+Y88MP4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw7CuSQ93WV5JzSY63l6tJfRfZHum1oTJe7LaKQ/Xg8Z/nQmW3CYpHeZQPc+y7qQ4AAAAAAAAA++3q/Neff/Fp41kcba1q/X+/mowkOV782dHMr60uD8hoNLmV5GFjfqzL9j7/7m+kywtbyw8bSyd32xIA4Gn9bwAAAP//vGtjCg==") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f00000000c0)) socket$inet(0x2, 0x2, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, 0xffffffffffffffff, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000140)='\x00', 0x1, 0xfecc) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40408c1}, 0x40) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x8a2b81) write$char_usb(r1, &(0x7f0000000040)="e2", 0x12d8) 0s ago: executing program 0 (id=1753): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000007a00)=@delchain={0x618, 0x65, 0x400, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x8, 0x2}, {0x0, 0x1}, {0x5}}, [@filter_kind_options=@f_bpf={{0x8}, {0x5ec, 0x2, [@TCA_BPF_ACT={0x5e8, 0x1, [@m_xt={0x120, 0x5, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8}]}, {0xed, 0x6, "a5fd64840366fd7ad44f3f053221ded9ced495590e2bc8690a2765e56ded8425cb3eb0e04bbcfec50e639bf373167e617b24eccd260f28bb850873b1e2154b158987d6e585e10ffeaba32641bae47de041e1169d8e4a65b8ce3633a4469c93c5228320c572237d92a9ae6bbc2d2bd3a2d1e27de283017ecf9fca6b2cd8a119dee59702830717b694625f60f5c81f688775c5e292f76a0ffa39e1d2cabd639d1c111c01e0d2f9faa220154db33399242bca9f4fac65c74cb6264c28ac7a50037564c7b417fb61d617d212ab3243c30e0e82d9a12651b74553d539b991a302489af94626e5aac41c53b2"}, {0xc, 0x7, {0x1, 0xeb0757422c733451}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_simple={0xcc, 0xa, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x9b6, 0x7, 0x4, 0x1b}}, @TCA_DEF_DATA={0xa, 0x3, '%{^):\x00'}]}, {0x79, 0x6, "f2687c5aa78339e616deb3f19827c994141f940d92a804637d54cb155e6be27b3c2ad1ec52a0a08ca0fb9f17a3ef6ce3652e6f0136028c9b46b33e74015138ea6ba9c60c29dd78378bb28567c803e2a63a94c5fba4bb4bb2adcab7d81ccda8c5f8e000b81344003a049b8353b716e0d9c0c6c5fbd0"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_bpf={0x120, 0x8, 0x0, 0x0, {{0x8}, {0x14, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x3}]}, {0xe5, 0x6, "5d3aee85a6264cff4a2163adaec321e008985cfa435b8922eeb16f1932265618158a3fe72c442a68b182e8f673f9251a03dc831c5947be17ca906c3dcb99adb55bc5f0ad8886f235f45d7e29bb727715f2e7a3200ac63eb79f7a023835874514b60b0177c40370157c0c21b37875e7e4a2e75b3cc54be7d719fa695469336b975cb56bf3667e66922c0cf263fb2e4901e74673ec3bf8e140cb438b8aae24d0722b0ea76c66d09a9ae2578f669067fc7f4e7e11e7d6206ac703d98c3cd3b5372b60c63437cedd6c47eeb235ad519ca418c057a0c2e2efdad1db459ffde7207d4b45"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_nat={0x1d8, 0x6, 0x0, 0x0, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xab7, 0x4c1adacc, 0x5, 0x99, 0x6}, @remote, @local, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0xee, 0x7, 0x6, 0x5}, @rand_addr=0x64010102, @rand_addr=0x64010102, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x5, 0x5, 0x0, 0xd}, @private=0xa010100, @empty, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4ef0, 0x1, 0x4, 0x10000, 0xc0e}, @dev={0xac, 0x14, 0x14, 0x12}, @rand_addr=0x64010100, 0xff000000, 0x3}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xe21, 0x1, 0x3, 0xfd30, 0x1}, @multicast1, @local, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0x9, 0x5, 0x3, 0x1}, @multicast1, @empty, 0xff000000}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0xffffff7f, 0x5, 0x79, 0x74e69dde}, @broadcast, @empty, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xffff000, 0x2cf, 0xffffffffffffffff, 0x7, 0xfffffffb}, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x10, 0x8, 0x10000000, 0x1ff, 0x3}, @loopback, @rand_addr=0x64010100, 0xffffff00}}]}, {0x45, 0x6, "72c2816ab98a21c440078477977f213e81d0d0ff724f9d0109cdd14889252206b3196663ec1f74e5725f9c0ecf9c39784a71c0f063e45546f47be19f4cc6f84d49"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_connmark={0x100, 0x9, 0x0, 0x0, {{0xd}, {0xac, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1ff, 0x5, 0x7, 0x1, 0x1e1c}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xd788, 0x7ff, 0x20000000, 0x9, 0x4}, 0x2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x4, 0x5, 0x8, 0x1}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x3ff, 0x0, 0xb, 0xd}, 0xf40f}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x7, 0x5, 0x6, 0x7}, 0x700}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x59, 0x5b32, 0x4, 0x7fff, 0x7}, 0x8000}}]}, {0x25, 0x6, "b243cf248ea5504cf7e5a67f45c10cd2a166afa2d80373ea83920403cb721db30d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x618}, 0x1, 0x0, 0x0, 0x2404c080}, 0x20000080) sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)={0x28, 0x0, 0x109, 0x0, 0x0, {0x7}, [@L2TP_ATTR_IFNAME={0x14}]}, 0x28}, 0x1, 0x0, 0x0, 0x804}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) kernel console output (not intermixed with test programs): ci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(3) [ 154.162925][ T6843] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 154.209752][ T6844] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(6) [ 154.209777][ T6844] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 154.223410][ T6840] loop1: detected capacity change from 0 to 1024 [ 154.239530][ T5873] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 154.243004][ T6840] ======================================================= [ 154.243004][ T6840] WARNING: The mand mount option has been deprecated and [ 154.243004][ T6840] and is ignored by this kernel. Remove the mand [ 154.243004][ T6840] option from the mount to silence this warning. [ 154.243004][ T6840] ======================================================= [ 154.243467][ T6843] vhci_hcd vhci_hcd.0: Device attached [ 154.264268][ T6840] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 154.334014][ T6844] vhci_hcd vhci_hcd.0: Device attached [ 154.544056][ T6854] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 154.594945][ T32] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 154.740267][ T32] usb 3-1: Using ep0 maxpacket: 32 [ 154.748643][ T32] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 154.748668][ T32] usb 3-1: config 0 has no interface number 0 [ 154.748708][ T32] usb 3-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 154.761443][ T32] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 154.761469][ T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.761487][ T32] usb 3-1: Product: syz [ 154.761499][ T32] usb 3-1: Manufacturer: syz [ 154.761511][ T32] usb 3-1: SerialNumber: syz [ 154.802040][ T32] usb 3-1: config 0 descriptor?? [ 154.886787][ T6840] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.364: Invalid block bitmap block 0 in block_group 0 [ 154.889118][ T32] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 154.907738][ T6840] loop1: lost filesystem error report for type 5 error -117 [ 154.920298][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 154.920322][ C0] EXT4-fs (loop1): initial error at time 1779338086: ext4_read_block_bitmap_nowait:483 [ 154.920344][ C0] EXT4-fs (loop1): last error at time 1779338086: ext4_read_block_bitmap_nowait:483 [ 154.963372][ T6840] Quota error (device loop1): write_blk: dquota write failed [ 154.963430][ T6840] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 154.963507][ T6840] EXT4-fs error (device loop1): ext4_acquire_dquot:7034: comm syz.1.364: Failed to acquire dquot type 0 [ 154.963528][ T6840] loop1: lost filesystem error report for type 5 error -117 [ 155.003356][ T6840] EXT4-fs error (device loop1): ext4_free_blocks:6718: comm syz.1.364: Freeing blocks not in datazone - block = 0, count = 4096 [ 155.003389][ T6840] loop1: lost filesystem error report for type 5 error -117 [ 155.087325][ T6840] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.364: Invalid inode bitmap blk 0 in block_group 0 [ 155.087358][ T6840] loop1: lost filesystem error report for type 5 error -117 [ 155.130659][ T6840] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem [ 155.130684][ T6840] loop1: lost filesystem error report for type 5 error -117 [ 155.132772][ T6840] EXT4-fs (loop1): 1 orphan inode deleted [ 155.150458][ T6840] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 155.287842][ T6840] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 155.340657][ T123] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-7 [ 155.340860][ T123] EXT4-fs error (device loop1): ext4_release_dquot:7070: comm kworker/u8:5: Failed to release dquot type 0 [ 155.351756][ T6840] netlink: 'syz.1.364': attribute type 10 has an invalid length. [ 155.352395][ T6840] veth1_vlan: left promiscuous mode [ 155.369346][ T6840] team0: Device veth1_vlan failed to register rx_handler [ 155.430283][ T5626] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 155.477385][ T6856] vhci_hcd: connection closed [ 155.480573][ T6855] vhci_hcd: connection closed [ 155.556326][ T4245] vhci_hcd vhci_hcd.1: stop threads [ 155.560067][ T4245] vhci_hcd vhci_hcd.1: release socket [ 155.581466][ T5626] usb 4-1: Using ep0 maxpacket: 32 [ 155.602482][ T5626] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 155.602498][ T5626] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.602509][ T5626] usb 4-1: Product: syz [ 155.602515][ T5626] usb 4-1: Manufacturer: syz [ 155.602522][ T5626] usb 4-1: SerialNumber: syz [ 155.663259][ T4245] vhci_hcd vhci_hcd.1: disconnect device [ 155.666609][ T5626] usb 4-1: config 0 descriptor?? [ 155.666714][ T4245] vhci_hcd vhci_hcd.1: stop threads [ 155.666727][ T4245] vhci_hcd vhci_hcd.1: release socket [ 155.666767][ T4245] vhci_hcd vhci_hcd.1: disconnect device [ 155.950179][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 155.978794][ T6877] netlink: 'syz.0.374': attribute type 10 has an invalid length. [ 155.979121][ T6877] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.979334][ T6877] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.088640][ T6841] vhci_hcd: connection reset by peer [ 156.092449][ T123] vhci_hcd vhci_hcd.1: stop threads [ 156.092471][ T123] vhci_hcd vhci_hcd.1: release socket [ 156.113234][ T5626] airspy 4-1:0.0: usb_control_msg() failed -32 request 0a [ 156.113256][ T5626] airspy 4-1:0.0: Could not detect board [ 156.113412][ T5626] airspy 4-1:0.0: probe with driver airspy failed with error -32 [ 156.121050][ T123] vhci_hcd vhci_hcd.1: disconnect device [ 156.180941][ T5626] usb 4-1: USB disconnect, device number 8 [ 156.249472][ T32] usb 3-1: qt2_attach - failed to power on unit: -71 [ 156.249641][ T32] quatech2 3-1:0.51: probe with driver quatech2 failed with error -71 [ 156.291954][ T5869] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 156.368252][ T32] usb 3-1: USB disconnect, device number 6 [ 156.446069][ T6881] loop0: detected capacity change from 0 to 1024 [ 156.453157][ T5614] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.484034][ T6881] EXT4-fs: Ignoring removed bh option [ 156.515667][ T5869] usb 5-1: config index 0 descriptor too short (expected 8192, got 36) [ 156.515684][ T5869] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 156.515694][ T5869] usb 5-1: config 0 has no interfaces? [ 156.515710][ T5869] usb 5-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 156.515722][ T5869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.575052][ T6881] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.577412][ T5869] usb 5-1: config 0 descriptor?? [ 157.052413][ T5617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.318915][ T6896] netlink: 12 bytes leftover after parsing attributes in process `syz.0.379'. [ 157.794347][ T6907] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 157.997170][ T6911] netlink: 'syz.0.386': attribute type 10 has an invalid length. [ 158.334646][ T6920] netlink: 20 bytes leftover after parsing attributes in process `syz.1.390'. [ 158.672308][ T5869] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 158.830417][ T5869] usb 1-1: Using ep0 maxpacket: 32 [ 158.838797][ T5869] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 158.838814][ T5869] usb 1-1: config 0 has no interface number 0 [ 158.838837][ T5869] usb 1-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 158.857078][ T5869] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 158.857096][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.857106][ T5869] usb 1-1: Product: syz [ 158.857112][ T5869] usb 1-1: Manufacturer: syz [ 158.857119][ T5869] usb 1-1: SerialNumber: syz [ 158.918000][ T5869] usb 1-1: config 0 descriptor?? [ 158.938257][ T5869] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 159.069320][ T5626] usb 5-1: USB disconnect, device number 4 [ 159.560502][ T5873] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 159.694288][ T5869] usb 1-1: qt2_attach - failed to power on unit: -71 [ 159.694438][ T5869] quatech2 1-1:0.51: probe with driver quatech2 failed with error -71 [ 159.758842][ T5869] usb 1-1: USB disconnect, device number 8 [ 159.780576][ T6946] netlink: 'syz.1.399': attribute type 10 has an invalid length. [ 159.973173][ T6950] netlink: 20 bytes leftover after parsing attributes in process `syz.2.402'. [ 159.973979][ T6950] netlink: 20 bytes leftover after parsing attributes in process `syz.2.402'. [ 160.046169][ T6955] netlink: 28 bytes leftover after parsing attributes in process `syz.2.403'. [ 160.046290][ T6955] netlink: 28 bytes leftover after parsing attributes in process `syz.2.403'. [ 160.096546][ T6955] gretap0: entered promiscuous mode [ 160.130275][ T6955] gretap0: left promiscuous mode [ 160.152068][ T6957] netlink: 20 bytes leftover after parsing attributes in process `syz.4.404'. [ 160.571416][ T6961] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 160.614642][ T6968] loop3: detected capacity change from 0 to 1024 [ 160.646814][ T6968] EXT4-fs: Ignoring removed bh option [ 160.718469][ T6968] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.974145][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.224492][ T6982] netlink: 20 bytes leftover after parsing attributes in process `syz.3.413'. [ 161.225137][ T6982] netlink: 20 bytes leftover after parsing attributes in process `syz.3.413'. [ 161.317674][ T6985] netlink: 20 bytes leftover after parsing attributes in process `syz.3.415'. [ 161.399037][ T6987] netlink: 'syz.2.414': attribute type 10 has an invalid length. [ 162.438704][ T7014] netlink: 20 bytes leftover after parsing attributes in process `syz.3.425'. [ 162.439433][ T7014] netlink: 20 bytes leftover after parsing attributes in process `syz.3.425'. [ 162.673777][ T7025] netlink: 'syz.3.427': attribute type 10 has an invalid length. [ 163.552199][ T7049] netlink: 20 bytes leftover after parsing attributes in process `syz.0.437'. [ 163.697260][ T7053] netlink: 'syz.0.440': attribute type 10 has an invalid length. [ 163.793192][ T7051] netlink: 14 bytes leftover after parsing attributes in process `syz.2.436'. [ 164.233235][ T7051] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.353492][ T7066] binder: BINDER_SET_CONTEXT_MGR already set [ 164.353503][ T7066] binder: 7065:7066 ioctl 4018620d 200000000040 returned -16 [ 164.360955][ T7066] vivid-004: ================= START STATUS ================= [ 164.360972][ T7066] vivid-004: Radio HW Seek Mode: Bounded [ 164.360992][ T7066] vivid-004: Radio Programmable HW Seek: false [ 164.361009][ T7066] vivid-004: RDS Rx I/O Mode: Block I/O [ 164.361027][ T7066] vivid-004: Generate RBDS Instead of RDS: false [ 164.361042][ T7066] vivid-004: RDS Reception: true [ 164.361055][ T7066] vivid-004: RDS Program Type: 0 inactive [ 164.361080][ T7066] vivid-004: RDS PS Name: inactive [ 164.361098][ T7066] vivid-004: RDS Radio Text: inactive [ 164.361117][ T7066] vivid-004: RDS Traffic Announcement: false inactive [ 164.361138][ T7066] vivid-004: RDS Traffic Program: false inactive [ 164.361156][ T7066] vivid-004: RDS Music: false inactive [ 164.361175][ T7066] vivid-004: ================== END STATUS ================== [ 164.438025][ T7051] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.531587][ T7051] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 164.643895][ T7051] bond0 (unregistering): Released all slaves [ 164.774556][ T7072] loop1: detected capacity change from 0 to 1024 [ 164.775755][ T7072] EXT4-fs: Ignoring removed bh option [ 164.926146][ T7072] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.474947][ T5614] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.380243][ T5873] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 167.530409][ T5873] usb 1-1: Using ep0 maxpacket: 32 [ 167.532695][ T5873] usb 1-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 167.538607][ T5873] usb 1-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 167.538632][ T5873] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.538649][ T5873] usb 1-1: Product: syz [ 167.538662][ T5873] usb 1-1: Manufacturer: syz [ 167.538674][ T5873] usb 1-1: SerialNumber: syz [ 167.613988][ T5873] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 167.614081][ T5873] imon 1-1:155.0: unable to initialize intf0, err -19 [ 167.614094][ T5873] imon:imon_probe: failed to initialize context! [ 167.614104][ T5873] imon 1-1:155.0: unable to register, err -19 [ 167.865413][ T5785] usb 1-1: USB disconnect, device number 9 [ 169.562211][ T7206] syzkaller1: entered promiscuous mode [ 169.562236][ T7206] syzkaller1: entered allmulticast mode [ 169.767784][ T7215] syz.4.507 (7215) used greatest stack depth: 18672 bytes left [ 170.315363][ T7235] ALSA: mixer_oss: invalid OSS volume '/dev/ppp' [ 171.092347][ T7264] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 171.092371][ T7264] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 171.094609][ T7264] vhci_hcd vhci_hcd.0: Device attached [ 171.101026][ T7264] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(7) [ 171.101047][ T7264] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 171.101089][ T7264] vhci_hcd vhci_hcd.0: Device attached [ 171.104453][ T7264] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(9) [ 171.104474][ T7264] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 171.106047][ T7264] vhci_hcd vhci_hcd.0: Device attached [ 171.125956][ T7264] loop1: detected capacity change from 0 to 1024 [ 171.140469][ T7264] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 171.244794][ T7264] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.527: Invalid block bitmap block 0 in block_group 0 [ 171.244828][ T7264] loop1: lost filesystem error report for type 5 error -117 [ 171.262997][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 171.263021][ C1] EXT4-fs (loop1): initial error at time 1779338102: ext4_read_block_bitmap_nowait:483 [ 171.263043][ C1] EXT4-fs (loop1): last error at time 1779338102: ext4_read_block_bitmap_nowait:483 [ 171.330326][ T1261] usb 35-1: new low-speed USB device number 3 using vhci_hcd [ 171.430367][ T7264] Quota error (device loop1): write_blk: dquota write failed [ 171.430421][ T7264] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 171.430498][ T7264] EXT4-fs error (device loop1): ext4_acquire_dquot:7034: comm syz.1.527: Failed to acquire dquot type 0 [ 171.430518][ T7264] loop1: lost filesystem error report for type 5 error -117 [ 171.431187][ T7264] EXT4-fs error (device loop1): ext4_free_blocks:6718: comm syz.1.527: Freeing blocks not in datazone - block = 0, count = 4096 [ 171.431214][ T7264] loop1: lost filesystem error report for type 5 error -117 [ 171.486870][ T7264] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.527: Invalid inode bitmap blk 0 in block_group 0 [ 171.486901][ T7264] loop1: lost filesystem error report for type 5 error -117 [ 171.487194][ T7264] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem [ 171.487211][ T7264] loop1: lost filesystem error report for type 5 error -117 [ 171.487447][ T7264] EXT4-fs (loop1): 1 orphan inode deleted [ 171.495109][ T7264] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.572888][ T7264] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 171.577119][ T7264] netlink: 'syz.1.527': attribute type 10 has an invalid length. [ 171.588981][ T7264] team0: Device veth1_vlan failed to register rx_handler [ 171.590519][ T1123] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-7 [ 171.590582][ T1123] EXT4-fs error (device loop1): ext4_release_dquot:7070: comm kworker/u8:9: Failed to release dquot type 0 [ 172.195777][ T7271] vhci_hcd: connection closed [ 172.196106][ T7273] vhci_hcd: connection closed [ 172.196436][ T7268] vhci_hcd: connection reset by peer [ 172.215910][ T4245] vhci_hcd vhci_hcd.1: stop threads [ 172.215934][ T4245] vhci_hcd vhci_hcd.1: release socket [ 172.216000][ T4245] vhci_hcd vhci_hcd.1: disconnect device [ 172.230302][ T4245] vhci_hcd vhci_hcd.1: stop threads [ 172.230323][ T4245] vhci_hcd vhci_hcd.1: release socket [ 172.230365][ T4245] vhci_hcd vhci_hcd.1: disconnect device [ 172.230659][ T4245] vhci_hcd vhci_hcd.1: stop threads [ 172.230672][ T4245] vhci_hcd vhci_hcd.1: release socket [ 172.230702][ T4245] vhci_hcd vhci_hcd.1: disconnect device [ 172.332977][ T5614] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.852095][ T7326] fuse: Bad value for 'fd' [ 172.930307][ T5873] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 173.080289][ T5873] usb 3-1: Using ep0 maxpacket: 32 [ 173.083117][ T5873] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 173.107290][ T5873] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 173.107322][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.107341][ T5873] usb 3-1: Product: syz [ 173.107353][ T5873] usb 3-1: Manufacturer: syz [ 173.107365][ T5873] usb 3-1: SerialNumber: syz [ 173.157479][ T5873] usb 3-1: config 0 descriptor?? [ 173.188258][ T5873] cdc_ether 3-1:0.0: missing cdc header descriptor [ 173.189700][ T5873] usb 3-1: unsupported MDLM descriptors [ 173.372533][ T5873] usb 3-1: USB disconnect, device number 7 [ 173.388408][ T7335] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 173.388431][ T7335] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 173.393752][ T7335] vhci_hcd vhci_hcd.0: Device attached [ 173.402115][ T7335] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(7) [ 173.402139][ T7335] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 173.402183][ T7335] vhci_hcd vhci_hcd.0: Device attached [ 173.406192][ T7335] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(9) [ 173.406212][ T7335] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 173.406252][ T7335] vhci_hcd vhci_hcd.0: Device attached [ 173.489297][ T7335] loop3: detected capacity change from 0 to 1024 [ 173.504728][ T7335] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 173.596668][ T7335] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.551: Invalid block bitmap block 0 in block_group 0 [ 173.596690][ T7335] loop3: lost filesystem error report for type 5 error -117 [ 173.597194][ T7335] Quota error (device loop3): write_blk: dquota write failed [ 173.597226][ T7335] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 173.597279][ T7335] EXT4-fs error (device loop3): ext4_acquire_dquot:7034: comm syz.3.551: Failed to acquire dquot type 0 [ 173.597292][ T7335] loop3: lost filesystem error report for type 5 error -117 [ 173.597796][ T7335] EXT4-fs error (device loop3): ext4_free_blocks:6718: comm syz.3.551: Freeing blocks not in datazone - block = 0, count = 4096 [ 173.597812][ T7335] loop3: lost filesystem error report for type 5 error -117 [ 173.602305][ C0] EXT4-fs (loop3): error count since last fsck: 3 [ 173.602324][ C0] EXT4-fs (loop3): initial error at time 1779338105: ext4_read_block_bitmap_nowait:483 [ 173.602394][ C0] EXT4-fs (loop3): last error at time 1779338105: ext4_free_blocks:6718 [ 173.630287][ T5793] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 173.719804][ T7335] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.551: Invalid inode bitmap blk 0 in block_group 0 [ 173.719825][ T7335] loop3: lost filesystem error report for type 5 error -117 [ 173.720054][ T7335] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 173.720067][ T7335] loop3: lost filesystem error report for type 5 error -117 [ 173.855571][ T68] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-7 [ 173.855627][ T68] EXT4-fs error (device loop3): ext4_release_dquot:7070: comm kworker/u8:4: Failed to release dquot type 0 [ 173.886932][ T7335] EXT4-fs (loop3): 1 orphan inode deleted [ 173.900928][ T7335] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.951590][ T7335] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 173.959158][ T7335] netlink: 'syz.3.551': attribute type 10 has an invalid length. [ 173.959606][ T7335] veth1_vlan: left promiscuous mode [ 173.984708][ T7335] team0: Device veth1_vlan failed to register rx_handler [ 174.541485][ T7336] vhci_hcd: connection reset by peer [ 174.541990][ T68] vhci_hcd vhci_hcd.3: stop threads [ 174.542010][ T68] vhci_hcd vhci_hcd.3: release socket [ 174.543325][ T68] vhci_hcd vhci_hcd.3: disconnect device [ 174.544502][ T7340] vhci_hcd: connection closed [ 174.545479][ T7338] vhci_hcd: connection closed [ 174.547361][ T123] vhci_hcd vhci_hcd.3: stop threads [ 174.547379][ T123] vhci_hcd vhci_hcd.3: release socket [ 174.606063][ T123] vhci_hcd vhci_hcd.3: disconnect device [ 174.606396][ T123] vhci_hcd vhci_hcd.3: stop threads [ 174.606416][ T123] vhci_hcd vhci_hcd.3: release socket [ 174.606477][ T123] vhci_hcd vhci_hcd.3: disconnect device [ 174.660324][ T5873] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 174.767852][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.810264][ T5873] usb 5-1: Using ep0 maxpacket: 32 [ 174.838028][ T5873] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 174.838056][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.838071][ T5873] usb 5-1: Product: syz [ 174.838081][ T5873] usb 5-1: Manufacturer: syz [ 174.838092][ T5873] usb 5-1: SerialNumber: syz [ 174.910848][ T5873] usb 5-1: config 0 descriptor?? [ 175.336864][ T5873] airspy 5-1:0.0: usb_control_msg() failed -32 request 0a [ 175.336887][ T5873] airspy 5-1:0.0: Could not detect board [ 175.336990][ T5873] airspy 5-1:0.0: probe with driver airspy failed with error -32 [ 175.382144][ T5873] usb 5-1: USB disconnect, device number 5 [ 175.496786][ T7373] loop2: detected capacity change from 0 to 512 [ 175.508115][ T7373] EXT4-fs: Ignoring removed orlov option [ 175.635227][ T7373] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.672829][ T7373] ext4 filesystem being mounted at /99/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 175.868475][ T7373] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #15: comm syz.2.560: corrupted xattr block 33: invalid ea_ino [ 176.007042][ T7373] EXT4-fs (loop2): Remounting filesystem read-only [ 176.313187][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.373445][ T68] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 176.373465][ T68] Quota error (device loop2): write_blk: dquota write failed [ 176.373472][ T68] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries [ 176.373480][ T68] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 176.373494][ T68] Quota error (device loop2): write_blk: dquota write failed [ 176.373515][ T68] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list [ 176.373577][ T68] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 176.481382][ T1261] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 176.608235][ T7389] vivid-002: ================= START STATUS ================= [ 176.608248][ T7389] vivid-002: Radio HW Seek Mode: Bounded [ 176.608260][ T7389] vivid-002: Radio Programmable HW Seek: false [ 176.608280][ T7389] vivid-002: RDS Rx I/O Mode: Block I/O [ 176.608290][ T7389] vivid-002: Generate RBDS Instead of RDS: false [ 176.608298][ T7389] vivid-002: RDS Reception: true [ 176.608307][ T7389] vivid-002: RDS Program Type: 0 inactive [ 176.608318][ T7389] vivid-002: RDS PS Name: inactive [ 176.608328][ T7389] vivid-002: RDS Radio Text: inactive [ 176.608339][ T7389] vivid-002: RDS Traffic Announcement: false inactive [ 176.608349][ T7389] vivid-002: RDS Traffic Program: false inactive [ 176.608359][ T7389] vivid-002: RDS Music: false inactive [ 176.608370][ T7389] vivid-002: ================== END STATUS ================== [ 177.051121][ T7400] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 177.051146][ T7400] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 177.051230][ T7400] vhci_hcd vhci_hcd.0: Device attached [ 177.089933][ T7400] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(7) [ 177.089958][ T7400] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 177.090003][ T7400] vhci_hcd vhci_hcd.0: Device attached [ 177.126639][ T7405] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(3) [ 177.126666][ T7405] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 177.126712][ T7405] vhci_hcd vhci_hcd.0: Device attached [ 177.243283][ T7400] loop0: detected capacity change from 0 to 1024 [ 177.270968][ T7400] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 177.295400][ T5873] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 177.334993][ T7400] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.568: Invalid block bitmap block 0 in block_group 0 [ 177.335023][ T7400] fserror_report: 1 callbacks suppressed [ 177.335034][ T7400] loop0: lost filesystem error report for type 5 error -117 [ 177.341961][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 177.341984][ C0] EXT4-fs (loop0): initial error at time 1779338108: ext4_read_block_bitmap_nowait:483 [ 177.342006][ C0] EXT4-fs (loop0): last error at time 1779338108: ext4_read_block_bitmap_nowait:483 [ 177.359175][ T7400] __quota_error: 1 callbacks suppressed [ 177.359191][ T7400] Quota error (device loop0): write_blk: dquota write failed [ 177.359235][ T7400] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 177.359304][ T7400] EXT4-fs error (device loop0): ext4_acquire_dquot:7034: comm syz.0.568: Failed to acquire dquot type 0 [ 177.359323][ T7400] loop0: lost filesystem error report for type 5 error -117 [ 177.393907][ T7400] EXT4-fs error (device loop0): ext4_free_blocks:6718: comm syz.0.568: Freeing blocks not in datazone - block = 0, count = 4096 [ 177.393939][ T7400] loop0: lost filesystem error report for type 5 error -117 [ 177.426579][ T7400] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.568: Invalid inode bitmap blk 0 in block_group 0 [ 177.426611][ T7400] loop0: lost filesystem error report for type 5 error -117 [ 177.429441][ T7400] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem [ 177.429463][ T7400] loop0: lost filesystem error report for type 5 error -117 [ 177.430793][ T7400] EXT4-fs (loop0): 1 orphan inode deleted [ 177.502448][ T4245] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-7 [ 177.502504][ T4245] EXT4-fs error (device loop0): ext4_release_dquot:7070: comm kworker/u8:12: Failed to release dquot type 0 [ 177.502530][ T4245] loop0: lost filesystem error report for type 5 error -117 [ 177.508982][ T7400] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.564154][ T7400] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. [ 177.584406][ T7400] netlink: 'syz.0.568': attribute type 10 has an invalid length. [ 177.607925][ T7416] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 177.626968][ T7400] team0: Device veth1_vlan failed to register rx_handler [ 177.663205][ T7406] vhci_hcd: connection closed [ 177.664671][ T1123] vhci_hcd vhci_hcd.0: stop threads [ 177.664694][ T1123] vhci_hcd vhci_hcd.0: release socket [ 177.664757][ T1123] vhci_hcd vhci_hcd.0: disconnect device [ 177.717846][ T7421] syz_tun: entered promiscuous mode [ 177.774394][ T7421] macvtap1: entered promiscuous mode [ 177.779242][ T7421] macvtap1: entered allmulticast mode [ 177.779260][ T7421] syz_tun: entered allmulticast mode [ 177.898661][ T7421] syz_tun: left allmulticast mode [ 177.898928][ T7421] syz_tun: left promiscuous mode [ 178.216673][ T7403] vhci_hcd: connection closed [ 178.216843][ T7401] vhci_hcd: connection reset by peer [ 178.218362][ T4245] vhci_hcd vhci_hcd.0: stop threads [ 178.218393][ T4245] vhci_hcd vhci_hcd.0: release socket [ 178.219156][ T4245] vhci_hcd vhci_hcd.0: disconnect device [ 178.221920][ T4245] vhci_hcd vhci_hcd.0: stop threads [ 178.221935][ T4245] vhci_hcd vhci_hcd.0: release socket [ 178.222466][ T4245] vhci_hcd vhci_hcd.0: disconnect device [ 178.304207][ T5617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.672809][ T7435] loop0: detected capacity change from 0 to 1024 [ 178.684934][ T7435] EXT4-fs: Ignoring removed nobh option [ 178.685045][ T7435] EXT4-fs: Ignoring removed bh option [ 178.712452][ T7435] EXT4-fs (loop0): stripe (17) is not aligned with cluster size (16), stripe is disabled [ 178.770715][ T5793] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 178.821459][ T7435] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.821784][ T7433] vivid-004: ================= START STATUS ================= [ 178.821796][ T7433] vivid-004: Radio HW Seek Mode: Bounded [ 178.821808][ T7433] vivid-004: Radio Programmable HW Seek: false [ 178.821818][ T7433] vivid-004: RDS Rx I/O Mode: Block I/O [ 178.821827][ T7433] vivid-004: Generate RBDS Instead of RDS: false [ 178.821836][ T7433] vivid-004: RDS Reception: true [ 178.821844][ T7433] vivid-004: RDS Program Type: 0 inactive [ 178.821855][ T7433] vivid-004: RDS PS Name: inactive [ 178.821865][ T7433] vivid-004: RDS Radio Text: inactive [ 178.821876][ T7433] vivid-004: RDS Traffic Announcement: false inactive [ 178.821886][ T7433] vivid-004: RDS Traffic Program: false inactive [ 178.821896][ T7433] vivid-004: RDS Music: false inactive [ 178.821907][ T7433] vivid-004: ================== END STATUS ================== [ 179.076321][ T7441] loop4: detected capacity change from 0 to 1764 [ 179.224051][ T5617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.610950][ T7447] netlink: 'syz.0.579': attribute type 10 has an invalid length. [ 180.059693][ T7425] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 180.203481][ T7425] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 180.519288][ T7461] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 180.519306][ T7461] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 180.521832][ T7461] vhci_hcd vhci_hcd.0: Device attached [ 180.548291][ T7461] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(7) [ 180.548317][ T7461] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 180.548372][ T7461] vhci_hcd vhci_hcd.0: Device attached [ 180.563461][ T7461] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(9) [ 180.563495][ T7461] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 180.563552][ T7461] vhci_hcd vhci_hcd.0: Device attached [ 180.754714][ T7461] loop4: detected capacity change from 0 to 1024 [ 180.803765][ T7461] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 180.863495][ T5626] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 180.919936][ T7461] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.585: Invalid block bitmap block 0 in block_group 0 [ 180.919958][ T7461] loop4: lost filesystem error report for type 5 error -117 [ 180.930193][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 180.930213][ C1] EXT4-fs (loop4): initial error at time 1779338112: ext4_read_block_bitmap_nowait:483 [ 180.930231][ C1] EXT4-fs (loop4): last error at time 1779338112: ext4_read_block_bitmap_nowait:483 [ 180.932337][ T7461] Quota error (device loop4): write_blk: dquota write failed [ 180.932388][ T7461] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 180.932470][ T7461] EXT4-fs error (device loop4): ext4_acquire_dquot:7034: comm syz.4.585: Failed to acquire dquot type 0 [ 180.932489][ T7461] loop4: lost filesystem error report for type 5 error -117 [ 180.932999][ T7461] EXT4-fs error (device loop4): ext4_free_blocks:6718: comm syz.4.585: Freeing blocks not in datazone - block = 0, count = 4096 [ 180.933025][ T7461] loop4: lost filesystem error report for type 5 error -117 [ 180.934120][ T7461] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.585: Invalid inode bitmap blk 0 in block_group 0 [ 180.934146][ T7461] loop4: lost filesystem error report for type 5 error -117 [ 180.938260][ T7461] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 180.938610][ T7461] EXT4-fs (loop4): 1 orphan inode deleted [ 180.945513][ T7461] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.990486][ T7461] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 180.991457][ T7461] netlink: 'syz.4.585': attribute type 10 has an invalid length. [ 181.104724][ T4245] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-7 [ 181.104764][ T4245] EXT4-fs error (device loop4): ext4_release_dquot:7070: comm kworker/u8:12: Failed to release dquot type 0 [ 181.658126][ T7480] vivid-002: ================= START STATUS ================= [ 181.658139][ T7480] vivid-002: Radio HW Seek Mode: Bounded [ 181.658151][ T7480] vivid-002: Radio Programmable HW Seek: false [ 181.658160][ T7480] vivid-002: RDS Rx I/O Mode: Block I/O [ 181.658168][ T7480] vivid-002: Generate RBDS Instead of RDS: false [ 181.658177][ T7480] vivid-002: RDS Reception: true [ 181.658185][ T7480] vivid-002: RDS Program Type: 0 inactive [ 181.658195][ T7480] vivid-002: RDS PS Name: inactive [ 181.658205][ T7480] vivid-002: RDS Radio Text: inactive [ 181.658215][ T7480] vivid-002: RDS Traffic Announcement: false inactive [ 181.658225][ T7480] vivid-002: RDS Traffic Program: false inactive [ 181.658236][ T7480] vivid-002: RDS Music: false inactive [ 181.658246][ T7480] vivid-002: ================== END STATUS ================== [ 182.107994][ T7461] team0: Device veth1_vlan failed to register rx_handler [ 182.112746][ T155] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.259593][ T7464] vhci_hcd: connection closed [ 182.262527][ T7466] vhci_hcd: connection closed [ 182.262618][ T7462] vhci_hcd: connection reset by peer [ 182.266497][ T4245] vhci_hcd vhci_hcd.4: stop threads [ 182.266521][ T4245] vhci_hcd vhci_hcd.4: release socket [ 182.266588][ T4245] vhci_hcd vhci_hcd.4: disconnect device [ 182.266903][ T4245] vhci_hcd vhci_hcd.4: stop threads [ 182.266917][ T4245] vhci_hcd vhci_hcd.4: release socket [ 182.266949][ T4245] vhci_hcd vhci_hcd.4: disconnect device [ 182.272289][ T4245] vhci_hcd vhci_hcd.4: stop threads [ 182.272307][ T4245] vhci_hcd vhci_hcd.4: release socket [ 182.272360][ T4245] vhci_hcd vhci_hcd.4: disconnect device [ 182.279904][ T155] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.374520][ T5619] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.384636][ T155] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.426253][ T155] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.450904][ T5873] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 182.491772][ T5869] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 182.640319][ T5869] usb 2-1: Using ep0 maxpacket: 32 [ 182.642390][ T5869] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 182.646004][ T5869] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 182.646031][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.646049][ T5869] usb 2-1: Product: syz [ 182.646063][ T5869] usb 2-1: Manufacturer: syz [ 182.646076][ T5869] usb 2-1: SerialNumber: syz [ 182.709002][ T5869] usb 2-1: config 0 descriptor?? [ 182.753987][ T5869] cdc_ether 2-1:0.0: missing cdc header descriptor [ 182.755214][ T5869] usb 2-1: unsupported MDLM descriptors [ 182.886457][ T7508] binder_alloc: 7507: pid 7507 spamming oneway? 1 buffers allocated for a total size of 4096 [ 182.887108][ T7508] binder_alloc: 7507: pid 7507 spamming oneway? 2 buffers allocated for a total size of 5120 [ 182.955866][ T5869] usb 2-1: USB disconnect, device number 5 [ 183.058120][ T7510] netlink: 'syz.4.600': attribute type 10 has an invalid length. [ 183.093940][ T7511] vivid-002: ================= START STATUS ================= [ 183.093954][ T7511] vivid-002: Radio HW Seek Mode: Bounded [ 183.093966][ T7511] vivid-002: Radio Programmable HW Seek: false [ 183.093974][ T7511] vivid-002: RDS Rx I/O Mode: Block I/O [ 183.093984][ T7511] vivid-002: Generate RBDS Instead of RDS: false [ 183.093992][ T7511] vivid-002: RDS Reception: true [ 183.094000][ T7511] vivid-002: RDS Program Type: 0 inactive [ 183.094011][ T7511] vivid-002: RDS PS Name: inactive [ 183.094021][ T7511] vivid-002: RDS Radio Text: inactive [ 183.094031][ T7511] vivid-002: RDS Traffic Announcement: false inactive [ 183.094042][ T7511] vivid-002: RDS Traffic Program: false inactive [ 183.094052][ T7511] vivid-002: RDS Music: false inactive [ 183.094062][ T7511] vivid-002: ================== END STATUS ================== [ 183.130453][ T7512] binder: 7509:7512 ioctl c0306201 0 returned -14 [ 183.404818][ T7510] team0: Port device vlan0 added [ 183.501679][ T7519] netlink: 'syz.2.603': attribute type 10 has an invalid length. [ 183.570290][ T5869] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 183.753938][ T5869] usb 5-1: Using ep0 maxpacket: 8 [ 183.755690][ T5869] usb 5-1: config 0 has an invalid interface number: 30 but max is 0 [ 183.755706][ T5869] usb 5-1: config 0 has no interface number 0 [ 183.755727][ T5869] usb 5-1: too many endpoints for config 0 interface 30 altsetting 222: 254, using maximum allowed: 30 [ 183.755761][ T5869] usb 5-1: config 0 interface 30 altsetting 222 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.755774][ T5869] usb 5-1: config 0 interface 30 altsetting 222 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.755785][ T5869] usb 5-1: config 0 interface 30 altsetting 222 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 183.755798][ T5869] usb 5-1: config 0 interface 30 has no altsetting 0 [ 183.755815][ T5869] usb 5-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00 [ 183.755827][ T5869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.775229][ T5869] usb 5-1: config 0 descriptor?? [ 184.212668][ T5869] usbhid 5-1:0.30: can't add hid device: -71 [ 184.212801][ T5869] usbhid 5-1:0.30: probe with driver usbhid failed with error -71 [ 184.258869][ T5869] usb 5-1: USB disconnect, device number 6 [ 184.720513][ T7541] binder_alloc: 7540: pid 7540 spamming oneway? 1 buffers allocated for a total size of 4096 [ 184.720950][ T7541] binder_alloc: 7540: pid 7540 spamming oneway? 2 buffers allocated for a total size of 5120 [ 184.770612][ T7541] vivid-002: ================= START STATUS ================= [ 184.770757][ T7541] vivid-002: Radio HW Seek Mode: Bounded [ 184.770777][ T7541] vivid-002: Radio Programmable HW Seek: false [ 184.770797][ T7541] vivid-002: RDS Rx I/O Mode: Block I/O [ 184.770813][ T7541] vivid-002: Generate RBDS Instead of RDS: false [ 184.770830][ T7541] vivid-002: RDS Reception: true [ 184.770844][ T7541] vivid-002: RDS Program Type: 0 inactive [ 184.770865][ T7541] vivid-002: RDS PS Name: inactive [ 184.770883][ T7541] vivid-002: RDS Radio Text: inactive [ 184.770900][ T7541] vivid-002: RDS Traffic Announcement: false inactive [ 184.770919][ T7541] vivid-002: RDS Traffic Program: false inactive [ 184.770938][ T7541] vivid-002: RDS Music: false inactive [ 184.770955][ T7541] vivid-002: ================== END STATUS ================== [ 185.213543][ T7556] fuse: Bad value for 'fd' [ 185.302046][ T5869] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 185.460277][ T5869] usb 5-1: Using ep0 maxpacket: 32 [ 185.462257][ T5869] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 185.465042][ T5869] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 185.465073][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.465091][ T5869] usb 5-1: Product: syz [ 185.465103][ T5869] usb 5-1: Manufacturer: syz [ 185.465116][ T5869] usb 5-1: SerialNumber: syz [ 185.518684][ T5869] usb 5-1: config 0 descriptor?? [ 185.533391][ T5869] cdc_ether 5-1:0.0: missing cdc header descriptor [ 185.535040][ T5869] usb 5-1: unsupported MDLM descriptors [ 185.748482][ T5869] usb 5-1: USB disconnect, device number 7 [ 185.985782][ T7570] binder_alloc: 7569: pid 7569 spamming oneway? 1 buffers allocated for a total size of 4096 [ 185.986175][ T7570] binder_alloc: 7569: pid 7569 spamming oneway? 2 buffers allocated for a total size of 5120 [ 185.990449][ T5626] vhci_hcd vhci_hcd.4: vhci_device speed not set [ 186.099197][ T7575] vivid-002: ================= START STATUS ================= [ 186.099217][ T7575] vivid-002: Radio HW Seek Mode: Bounded [ 186.099238][ T7575] vivid-002: Radio Programmable HW Seek: false [ 186.099268][ T7575] vivid-002: RDS Rx I/O Mode: Block I/O [ 186.099286][ T7575] vivid-002: Generate RBDS Instead of RDS: false [ 186.099302][ T7575] vivid-002: RDS Reception: true [ 186.099318][ T7575] vivid-002: RDS Program Type: 0 inactive [ 186.099338][ T7575] vivid-002: RDS PS Name: inactive [ 186.099357][ T7575] vivid-002: RDS Radio Text: inactive [ 186.099376][ T7575] vivid-002: RDS Traffic Announcement: false inactive [ 186.099396][ T7575] vivid-002: RDS Traffic Program: false inactive [ 186.099414][ T7575] vivid-002: RDS Music: false inactive [ 186.099434][ T7575] vivid-002: ================== END STATUS ================== [ 186.316797][ T7581] netlink: 'syz.2.626': attribute type 10 has an invalid length. [ 186.340539][ T7581] binder: 7580:7581 ioctl c0306201 0 returned -14 [ 186.633787][ T1261] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 186.811456][ T1261] usb 3-1: Using ep0 maxpacket: 8 [ 186.815009][ T1261] usb 3-1: config 0 has an invalid interface number: 30 but max is 0 [ 186.815035][ T1261] usb 3-1: config 0 has no interface number 0 [ 186.815061][ T1261] usb 3-1: too many endpoints for config 0 interface 30 altsetting 222: 254, using maximum allowed: 30 [ 186.815095][ T1261] usb 3-1: config 0 interface 30 altsetting 222 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.815118][ T1261] usb 3-1: config 0 interface 30 altsetting 222 endpoint 0x81 has invalid wMaxPacketSize 0 [ 186.815138][ T1261] usb 3-1: config 0 interface 30 altsetting 222 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 186.815161][ T1261] usb 3-1: config 0 interface 30 has no altsetting 0 [ 186.815189][ T1261] usb 3-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00 [ 186.815207][ T1261] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.945618][ T1261] usb 3-1: config 0 descriptor?? [ 187.257218][ T7587] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.351324][ T7587] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.365705][ T1261] usbhid 3-1:0.30: can't add hid device: -71 [ 187.365821][ T1261] usbhid 3-1:0.30: probe with driver usbhid failed with error -71 [ 187.444223][ T1261] usb 3-1: USB disconnect, device number 8 [ 187.917785][ T7587] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 187.927643][ T7606] netlink: 'syz.0.636': attribute type 10 has an invalid length. [ 187.928740][ T7587] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.041843][ T7608] loop2: detected capacity change from 0 to 1024 [ 188.046099][ T7608] EXT4-fs: Ignoring removed bh option [ 188.103809][ T7608] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.229254][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.443202][ T7613] loop2: detected capacity change from 0 to 128 [ 188.897194][ T7622] fuse: Bad value for 'fd' [ 189.422014][ T13] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.512808][ T13] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.512914][ T13] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.513013][ T13] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.153304][ T822] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 191.276692][ T7670] loop0: detected capacity change from 0 to 128 [ 191.302590][ T822] usb 4-1: Using ep0 maxpacket: 32 [ 191.306861][ T822] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 191.306931][ T822] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 191.306946][ T822] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 191.306963][ T822] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 191.306976][ T822] usb 4-1: config 1 interface 1 has no altsetting 0 [ 191.314426][ T822] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 191.314455][ T822] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.314473][ T822] usb 4-1: Product: syz [ 191.314486][ T822] usb 4-1: Manufacturer: syz [ 191.314498][ T822] usb 4-1: SerialNumber: syz [ 191.825398][ T7656] netlink: 12 bytes leftover after parsing attributes in process `syz.3.655'. [ 191.825427][ T7656] netlink: 12 bytes leftover after parsing attributes in process `syz.3.655'. [ 192.056728][ T822] usb 4-1: USB disconnect, device number 9 [ 193.051399][ T7716] netlink: 'syz.0.681': attribute type 10 has an invalid length. [ 193.107668][ T7718] binder: 7715:7718 ioctl c0306201 0 returned -14 [ 193.137317][ T7716] team0: Port device vlan0 added [ 193.192751][ T7714] netlink: 14 bytes leftover after parsing attributes in process `syz.1.678'. [ 193.442443][ T5793] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 193.530027][ T7714] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 193.589483][ T7714] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 193.600294][ T5793] usb 1-1: Using ep0 maxpacket: 8 [ 193.602463][ T5793] usb 1-1: config 0 has an invalid interface number: 30 but max is 0 [ 193.602493][ T5793] usb 1-1: config 0 has no interface number 0 [ 193.602519][ T5793] usb 1-1: too many endpoints for config 0 interface 30 altsetting 222: 254, using maximum allowed: 30 [ 193.602554][ T5793] usb 1-1: config 0 interface 30 altsetting 222 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.602577][ T5793] usb 1-1: config 0 interface 30 altsetting 222 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.602597][ T5793] usb 1-1: config 0 interface 30 altsetting 222 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 193.602619][ T5793] usb 1-1: config 0 interface 30 has no altsetting 0 [ 193.602655][ T5793] usb 1-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00 [ 193.602675][ T5793] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.623185][ T5793] usb 1-1: config 0 descriptor?? [ 194.081050][ T5793] usbhid 1-1:0.30: can't add hid device: -71 [ 194.081168][ T5793] usbhid 1-1:0.30: probe with driver usbhid failed with error -71 [ 194.119065][ T5793] usb 1-1: USB disconnect, device number 10 [ 194.229371][ T7742] netlink: 40 bytes leftover after parsing attributes in process `syz.3.693'. [ 194.293269][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.293364][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.476895][ T7714] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 195.089930][ T7714] bond0 (unregistering): Released all slaves [ 195.543904][ T7790] netlink: 44 bytes leftover after parsing attributes in process `syz.3.716'. [ 196.154508][ T7806] capability: warning: `syz.0.722' uses deprecated v2 capabilities in a way that may be insecure [ 196.752487][ T7826] netlink: 'syz.0.731': attribute type 10 has an invalid length. [ 196.833152][ T7829] ip6erspan0: left allmulticast mode [ 197.172092][ T5869] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 197.341277][ T5869] usb 1-1: Using ep0 maxpacket: 32 [ 197.343756][ T5869] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 197.343831][ T5869] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 197.343854][ T5869] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 197.343892][ T5869] usb 1-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 197.343915][ T5869] usb 1-1: config 1 interface 1 has no altsetting 0 [ 197.346934][ T5869] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 197.347257][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.347277][ T5869] usb 1-1: Product: syz [ 197.347290][ T5869] usb 1-1: Manufacturer: syz [ 197.347303][ T5869] usb 1-1: SerialNumber: syz [ 197.788192][ T7866] netlink: 12 bytes leftover after parsing attributes in process `syz.2.751'. [ 197.887647][ T7870] netlink: 'syz.3.752': attribute type 2 has an invalid length. [ 197.899539][ T7833] netlink: 12 bytes leftover after parsing attributes in process `syz.0.735'. [ 197.899555][ T7833] netlink: 12 bytes leftover after parsing attributes in process `syz.0.735'. [ 197.990825][ T5793] usb 1-1: USB disconnect, device number 11 [ 198.139505][ T7876] ALSA: mixer_oss: invalid OSS volume '/dev/ppp' [ 198.328300][ T7882] netlink: 76 bytes leftover after parsing attributes in process `syz.2.756'. [ 199.440306][ T1261] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 199.512704][ T7928] binder_alloc: 7927: pid 7927 spamming oneway? 1 buffers allocated for a total size of 4096 [ 199.513909][ T7928] binder_alloc: 7927: pid 7927 spamming oneway? 2 buffers allocated for a total size of 5120 [ 199.543054][ T7928] vivid-001: ================= START STATUS ================= [ 199.543072][ T7928] vivid-001: Radio HW Seek Mode: Bounded [ 199.543108][ T7928] vivid-001: Radio Programmable HW Seek: false [ 199.543125][ T7928] vivid-001: RDS Rx I/O Mode: Block I/O [ 199.543140][ T7928] vivid-001: Generate RBDS Instead of RDS: false [ 199.543157][ T7928] vivid-001: RDS Reception: true [ 199.543171][ T7928] vivid-001: RDS Program Type: 0 inactive [ 199.543192][ T7928] vivid-001: RDS PS Name: inactive [ 199.543211][ T7928] vivid-001: RDS Radio Text: inactive [ 199.543230][ T7928] vivid-001: RDS Traffic Announcement: false inactive [ 199.543251][ T7928] vivid-001: RDS Traffic Program: false inactive [ 199.543271][ T7928] vivid-001: RDS Music: false inactive [ 199.543291][ T7928] vivid-001: ================== END STATUS ================== [ 199.600309][ T1261] usb 2-1: Using ep0 maxpacket: 32 [ 199.602748][ T1261] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 199.602821][ T1261] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 199.602845][ T1261] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 199.602876][ T1261] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 199.602900][ T1261] usb 2-1: config 1 interface 1 has no altsetting 0 [ 199.671355][ T1261] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 199.671382][ T1261] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.671400][ T1261] usb 2-1: Product: syz [ 199.671412][ T1261] usb 2-1: Manufacturer: syz [ 199.671425][ T1261] usb 2-1: SerialNumber: syz [ 200.185542][ T7915] netlink: 12 bytes leftover after parsing attributes in process `syz.1.775'. [ 200.185578][ T7915] netlink: 12 bytes leftover after parsing attributes in process `syz.1.775'. [ 200.372007][ T1261] usb 2-1: USB disconnect, device number 6 [ 200.803292][ T6138] udevd[6138]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 201.033178][ T7957] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 201.268047][ T7975] netlink: 8 bytes leftover after parsing attributes in process `syz.2.800'. [ 203.136548][ T8050] process 'syz.2.832' launched '/dev/fd/4' with NULL argv: empty string added [ 203.160575][ T1261] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 203.345160][ T1261] usb 2-1: config index 0 descriptor too short (expected 8192, got 36) [ 203.345179][ T1261] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 203.345188][ T1261] usb 2-1: config 0 has no interfaces? [ 203.345204][ T1261] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 203.345216][ T1261] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.353670][ T1261] usb 2-1: config 0 descriptor?? [ 203.636942][ T1261] usb 2-1: USB disconnect, device number 7 [ 204.245887][ T8077] netlink: 20 bytes leftover after parsing attributes in process `syz.0.845'. [ 204.945532][ T8098] qrtr: Invalid version 0 [ 205.207470][ T8109] loop1: detected capacity change from 0 to 1024 [ 205.285862][ T8109] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 205.831452][ T8135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.872'. [ 205.879304][ T8133] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 205.910033][ T5614] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.372355][ T8154] binder_alloc: 8153: pid 8153 spamming oneway? 1 buffers allocated for a total size of 4096 [ 206.373328][ T8154] binder_alloc: 8153: pid 8153 spamming oneway? 2 buffers allocated for a total size of 5120 [ 206.380630][ T8154] vivid-002: ================= START STATUS ================= [ 206.380646][ T8154] vivid-002: Radio HW Seek Mode: Bounded [ 206.380664][ T8154] vivid-002: Radio Programmable HW Seek: false [ 206.380682][ T8154] vivid-002: RDS Rx I/O Mode: Block I/O [ 206.380699][ T8154] vivid-002: Generate RBDS Instead of RDS: false [ 206.380732][ T8154] vivid-002: RDS Reception: true [ 206.380749][ T8154] vivid-002: RDS Program Type: 0 inactive [ 206.380771][ T8154] vivid-002: RDS PS Name: inactive [ 206.380793][ T8154] vivid-002: RDS Radio Text: inactive [ 206.380815][ T8154] vivid-002: RDS Traffic Announcement: false inactive [ 206.380837][ T8154] vivid-002: RDS Traffic Program: false inactive [ 206.380858][ T8154] vivid-002: RDS Music: false inactive [ 206.380878][ T8154] vivid-002: ================== END STATUS ================== [ 206.611688][ T5628] Bluetooth: hci3: command 0x0406 tx timeout [ 206.611959][ T5628] Bluetooth: hci2: command 0x0406 tx timeout [ 206.612121][ T5628] Bluetooth: hci4: command 0x0406 tx timeout [ 206.612214][ T5628] Bluetooth: hci1: command 0x0406 tx timeout [ 206.612305][ T5628] Bluetooth: hci0: command 0x0406 tx timeout [ 207.164238][ T8182] netlink: 20 bytes leftover after parsing attributes in process `syz.3.892'. [ 207.374907][ T8190] binder_alloc: 8189: pid 8189 spamming oneway? 1 buffers allocated for a total size of 4096 [ 207.375219][ T8190] binder_alloc: 8189: pid 8189 spamming oneway? 2 buffers allocated for a total size of 5120 [ 207.378697][ T8190] vivid-003: ================= START STATUS ================= [ 207.378715][ T8190] vivid-003: Radio HW Seek Mode: Bounded [ 207.378736][ T8190] vivid-003: Radio Programmable HW Seek: false [ 207.378753][ T8190] vivid-003: RDS Rx I/O Mode: Block I/O [ 207.378770][ T8190] vivid-003: Generate RBDS Instead of RDS: false [ 207.378787][ T8190] vivid-003: RDS Reception: true [ 207.378817][ T8190] vivid-003: RDS Program Type: 0 inactive [ 207.379610][ T8190] vivid-003: RDS PS Name: inactive [ 207.379634][ T8190] vivid-003: RDS Radio Text: inactive [ 207.379653][ T8190] vivid-003: RDS Traffic Announcement: false inactive [ 207.379673][ T8190] vivid-003: RDS Traffic Program: false inactive [ 207.379694][ T8190] vivid-003: RDS Music: false inactive [ 207.379715][ T8190] vivid-003: ================== END STATUS ================== [ 207.390770][ T1261] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 207.542844][ T1261] usb 1-1: config index 0 descriptor too short (expected 8192, got 36) [ 207.542873][ T1261] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.542891][ T1261] usb 1-1: config 0 has no interfaces? [ 207.542920][ T1261] usb 1-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 207.542941][ T1261] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.567849][ T1261] usb 1-1: config 0 descriptor?? [ 207.676952][ T8203] netlink: 'syz.3.901': attribute type 10 has an invalid length. [ 208.919711][ T8220] binder_alloc: 8219: pid 8219 spamming oneway? 1 buffers allocated for a total size of 4096 [ 208.920085][ T8220] binder_alloc: 8219: pid 8219 spamming oneway? 2 buffers allocated for a total size of 5120 [ 208.936689][ T8220] vivid-003: ================= START STATUS ================= [ 208.936708][ T8220] vivid-003: Radio HW Seek Mode: Bounded [ 208.936729][ T8220] vivid-003: Radio Programmable HW Seek: false [ 208.936747][ T8220] vivid-003: RDS Rx I/O Mode: Block I/O [ 208.936772][ T8220] vivid-003: Generate RBDS Instead of RDS: false [ 208.936788][ T8220] vivid-003: RDS Reception: true [ 208.936804][ T8220] vivid-003: RDS Program Type: 0 inactive [ 208.936824][ T8220] vivid-003: RDS PS Name: inactive [ 208.936844][ T8220] vivid-003: RDS Radio Text: inactive [ 208.936863][ T8220] vivid-003: RDS Traffic Announcement: false inactive [ 208.936882][ T8220] vivid-003: RDS Traffic Program: false inactive [ 208.936900][ T8220] vivid-003: RDS Music: false inactive [ 208.936919][ T8220] vivid-003: ================== END STATUS ================== [ 209.521999][ T8236] netlink: 76 bytes leftover after parsing attributes in process `syz.1.913'. [ 209.546302][ T8248] binder_alloc: 8245: pid 8245 spamming oneway? 1 buffers allocated for a total size of 4096 [ 209.546614][ T8248] binder_alloc: 8245: pid 8245 spamming oneway? 2 buffers allocated for a total size of 5120 [ 209.551135][ T8248] vivid-000: ================= START STATUS ================= [ 209.551152][ T8248] vivid-000: Radio HW Seek Mode: Bounded [ 209.551172][ T8248] vivid-000: Radio Programmable HW Seek: false [ 209.551188][ T8248] vivid-000: RDS Rx I/O Mode: Block I/O [ 209.551204][ T8248] vivid-000: Generate RBDS Instead of RDS: false [ 209.551219][ T8248] vivid-000: RDS Reception: true [ 209.551235][ T8248] vivid-000: RDS Program Type: 0 inactive [ 209.551255][ T8248] vivid-000: RDS PS Name: inactive [ 209.551274][ T8248] vivid-000: RDS Radio Text: inactive [ 209.551292][ T8248] vivid-000: RDS Traffic Announcement: false inactive [ 209.551312][ T8248] vivid-000: RDS Traffic Program: false inactive [ 209.551330][ T8248] vivid-000: RDS Music: false inactive [ 209.551350][ T8248] vivid-000: ================== END STATUS ================== [ 209.669808][ T1261] usb 1-1: USB disconnect, device number 12 [ 212.135343][ T8285] loop0: detected capacity change from 0 to 128 [ 213.295062][ T8332] loop0: detected capacity change from 0 to 128 [ 214.520083][ T8349] netlink: 40 bytes leftover after parsing attributes in process `syz.3.964'. [ 215.107562][ T8361] loop3: detected capacity change from 0 to 512 [ 215.391997][ T5869] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 215.394399][ T8361] EXT4-fs error (device loop3): ext4_ext_check_inode:521: inode #4: comm syz.3.964: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 215.394441][ T8361] loop3: lost file I/O error report for ino 4 type 5 pos 0x0 len 0x0 error -117 [ 215.402912][ C0] EXT4-fs (loop3): initial error at time 1779338147: ext4_ext_check_inode:521: inode 4 [ 215.402950][ C0] EXT4-fs (loop3): last error at time 1779338147: ext4_ext_check_inode:521: inode 4 [ 215.427071][ T8361] EXT4-fs error (device loop3): ext4_quota_enable:7228: comm syz.3.964: Bad quota inode: 4, type: 1 [ 215.427104][ T8361] fserror_report: 1 callbacks suppressed [ 215.427114][ T8361] loop3: lost filesystem error report for type 5 error -117 [ 215.428150][ T8361] EXT4-fs warning (device loop3): ext4_enable_quotas:7269: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 215.543252][ T5869] usb 1-1: Using ep0 maxpacket: 32 [ 215.545962][ T5869] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 215.546036][ T5869] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 215.546059][ T5869] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 215.546092][ T5869] usb 1-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 215.546124][ T5869] usb 1-1: config 1 interface 1 has no altsetting 0 [ 215.549348][ T5869] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 215.549375][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.549393][ T5869] usb 1-1: Product: syz [ 215.549406][ T5869] usb 1-1: Manufacturer: syz [ 215.549418][ T5869] usb 1-1: SerialNumber: syz [ 215.674725][ T8361] EXT4-fs (loop3): mount failed [ 215.697844][ T155] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.708634][ T155] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.712772][ T155] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.712821][ T155] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.081720][ T8365] netlink: 12 bytes leftover after parsing attributes in process `syz.0.970'. [ 216.081746][ T8365] netlink: 12 bytes leftover after parsing attributes in process `syz.0.970'. [ 216.218743][ T5869] usb 1-1: USB disconnect, device number 13 [ 216.698994][ T8393] macsec1: entered promiscuous mode [ 216.699014][ T8393] batadv0: entered promiscuous mode [ 216.699258][ T8393] macsec1: entered allmulticast mode [ 216.699270][ T8393] batadv0: entered allmulticast mode [ 216.719924][ T6138] udevd[6138]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 216.761962][ T8393] 8021q: adding VLAN 0 to HW filter on device macsec1 [ 216.821987][ T8393] batadv0: left allmulticast mode [ 216.822018][ T8393] batadv0: left promiscuous mode [ 217.438938][ T8415] loop1: detected capacity change from 0 to 1024 [ 217.563003][ T8415] EXT4-fs: Ignoring removed bh option [ 217.835526][ T8415] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 217.854389][ T8426] tipc: Enabling of bearer rejected, failed to enable media [ 217.986856][ T37] audit: type=1800 audit(1779338149.549:7): pid=8415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.991" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 218.567591][ T5614] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.210723][ T8487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.355008][ T8487] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.631412][ T8487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.839363][ T8534] loop0: detected capacity change from 0 to 1024 [ 221.911768][ T8534] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.511013][ T8549] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1048'. [ 222.777662][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.805592][ T5617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.863672][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.946921][ T8487] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 222.946944][ T8487] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.505664][ T8487] veth0_vlan: left promiscuous mode [ 224.521246][ T8487] veth0_vlan: entered promiscuous mode [ 224.596480][ T8487] veth1_vlan: entered promiscuous mode [ 224.771011][ T8487] veth1_macvtap: left promiscuous mode [ 224.811180][ T8487] veth0_macvtap: left promiscuous mode [ 224.813757][ T8487] veth0_macvtap: entered promiscuous mode [ 224.864460][ T8487] veth1_macvtap: entered promiscuous mode [ 224.888723][ T8487] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 224.925873][ T8487] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 224.967117][ T8487] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 225.022407][ T8487] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 225.189511][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.205121][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.315001][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.315091][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.707864][ T8622] loop3: detected capacity change from 0 to 1024 [ 225.843872][ T8622] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 226.055551][ T8635] loop1: detected capacity change from 0 to 128 [ 226.077599][ T5793] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 226.247466][ T37] audit: type=1800 audit(1779338157.899:8): pid=8638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1087" name="bus" dev="loop1" ino=1048607 res=0 errno=0 [ 226.348663][ T8638] Trying to write to read-only block-device loop1 [ 226.349030][ T8638] syz.1.1087: attempt to access beyond end of device [ 226.349030][ T8638] loop1: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 226.389182][ T8638] syz.1.1087: attempt to access beyond end of device [ 226.389182][ T8638] loop1: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 226.389318][ T8638] syz.1.1087: attempt to access beyond end of device [ 226.389318][ T8638] loop1: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 226.422696][ T8638] syz.1.1087: attempt to access beyond end of device [ 226.422696][ T8638] loop1: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 226.422811][ T8638] syz.1.1087: attempt to access beyond end of device [ 226.422811][ T8638] loop1: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 226.422913][ T8638] syz.1.1087: attempt to access beyond end of device [ 226.422913][ T8638] loop1: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 226.423018][ T8638] syz.1.1087: attempt to access beyond end of device [ 226.423018][ T8638] loop1: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 226.423146][ T8638] syz.1.1087: attempt to access beyond end of device [ 226.423146][ T8638] loop1: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 226.423256][ T8638] syz.1.1087: attempt to access beyond end of device [ 226.423256][ T8638] loop1: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 226.423361][ T8638] syz.1.1087: attempt to access beyond end of device [ 226.423361][ T8638] loop1: rw=2049, sector=289, nr_sectors = 8 limit=128 [ 226.440000][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.545352][ T5793] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 226.991611][ T5888] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 227.235926][ T5888] usb 3-1: config index 0 descriptor too short (expected 8192, got 36) [ 227.235944][ T5888] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 227.235954][ T5888] usb 3-1: config 0 has no interfaces? [ 227.235972][ T5888] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 227.235984][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.250742][ T5888] usb 3-1: config 0 descriptor?? [ 227.397132][ T5614] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 227.397153][ T5614] FAT-fs (loop1): Filesystem has been set read-only [ 227.775213][ T8632] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 227.799116][ T8632] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 227.958886][ T5888] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 228.170841][ T5888] usb 2-1: Using ep0 maxpacket: 32 [ 228.182385][ T5888] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 228.182525][ T5888] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 228.182548][ T5888] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 228.182579][ T5888] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 228.182603][ T5888] usb 2-1: config 1 interface 1 has no altsetting 0 [ 228.185533][ T5888] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 228.185570][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.185588][ T5888] usb 2-1: Product: syz [ 228.185600][ T5888] usb 2-1: Manufacturer: syz [ 228.185613][ T5888] usb 2-1: SerialNumber: syz [ 228.677121][ T8677] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1098'. [ 228.677148][ T8677] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1098'. [ 228.764456][ T1261] usb 2-1: USB disconnect, device number 8 [ 229.455834][ T5888] usb 3-1: USB disconnect, device number 9 [ 229.695779][ T13] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.714325][ T13] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.716201][ T13] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.716427][ T13] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.788776][ T8696] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 229.788901][ T8696] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 229.919041][ T12] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 229.964374][ T8758] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 229.964409][ T8758] bridge0: entered allmulticast mode [ 230.193550][ T8696] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 230.193646][ T8696] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 230.295233][ T8696] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 230.295329][ T8696] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 230.451775][ T8696] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 230.451897][ T8696] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 230.557352][ T8696] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 230.558672][ T8696] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 230.797340][ T37] audit: type=1326 audit(1779338162.449:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 230.799170][ T37] audit: type=1326 audit(1779338162.449:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 230.799552][ T37] audit: type=1326 audit(1779338162.449:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 230.800219][ T37] audit: type=1326 audit(1779338162.449:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 230.800263][ T37] audit: type=1326 audit(1779338162.449:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 230.800298][ T37] audit: type=1326 audit(1779338162.449:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 230.801167][ T37] audit: type=1326 audit(1779338162.449:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 230.846197][ T37] audit: type=1326 audit(1779338162.499:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 230.846951][ T37] audit: type=1326 audit(1779338162.499:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 230.891104][ T5785] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 231.050242][ T5785] usb 3-1: Using ep0 maxpacket: 32 [ 231.066547][ T5785] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 231.066603][ T5785] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 231.066616][ T5785] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 231.066634][ T5785] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 231.066647][ T5785] usb 3-1: config 1 interface 1 has no altsetting 0 [ 231.086338][ T5785] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 231.086366][ T5785] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.086385][ T5785] usb 3-1: Product: syz [ 231.086397][ T5785] usb 3-1: Manufacturer: syz [ 231.086410][ T5785] usb 3-1: SerialNumber: syz [ 231.114558][ T13] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 231.124771][ T13] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 231.254633][ T37] kauditd_printk_skb: 65 callbacks suppressed [ 231.254702][ T37] audit: type=1326 audit(1779338162.909:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8e6c04d68e code=0x7ffc0000 [ 231.291669][ T37] audit: type=1326 audit(1779338162.949:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8e6c04d68e code=0x7ffc0000 [ 231.295843][ T37] audit: type=1326 audit(1779338162.949:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8e6c04d68e code=0x7ffc0000 [ 231.375346][ T37] audit: type=1326 audit(1779338163.029:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8e6c04d68e code=0x7ffc0000 [ 231.375627][ T37] audit: type=1326 audit(1779338163.029:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 231.375804][ T37] audit: type=1326 audit(1779338163.029:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e6c08ce59 code=0x7ffc0000 [ 231.413738][ T37] audit: type=1326 audit(1779338163.049:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8e6c04d68e code=0x7ffc0000 [ 231.413788][ T37] audit: type=1326 audit(1779338163.049:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8e6c04d68e code=0x7ffc0000 [ 231.413936][ T37] audit: type=1326 audit(1779338163.049:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8e6c04d68e code=0x7ffc0000 [ 231.413974][ T37] audit: type=1326 audit(1779338163.049:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.1.1163" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8e6c04d68e code=0x7ffc0000 [ 231.435721][ T8800] gtp0: entered allmulticast mode [ 231.469748][ T8800] team0: Device gtp0 is of different type [ 231.632847][ T8764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1145'. [ 231.632875][ T8764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1145'. [ 231.762002][ T8809] binder: 8807:8809 ioctl c0306201 0 returned -14 [ 231.785848][ T8813] ALSA: mixer_oss: invalid OSS volume '/dev/ppp' [ 231.810397][ T5621] Bluetooth: hci2: command 0x0406 tx timeout [ 231.858908][ T5785] usb 3-1: USB disconnect, device number 10 [ 231.880792][ T8809] vivid-001: ================= START STATUS ================= [ 231.880900][ T8809] vivid-001: Radio HW Seek Mode: Bounded [ 231.881036][ T8809] vivid-001: Radio Programmable HW Seek: false [ 231.881046][ T8809] vivid-001: RDS Rx I/O Mode: Block I/O [ 231.881055][ T8809] vivid-001: Generate RBDS Instead of RDS: false [ 231.881064][ T8809] vivid-001: RDS Reception: true [ 231.881553][ T8809] vivid-001: RDS Program Type: 0 inactive [ 231.881616][ T8809] vivid-001: RDS PS Name: inactive [ 231.881636][ T8809] vivid-001: RDS Radio Text: inactive [ 231.881655][ T8809] vivid-001: RDS Traffic Announcement: false inactive [ 231.881674][ T8809] vivid-001: RDS Traffic Program: false inactive [ 231.881692][ T8809] vivid-001: RDS Music: false inactive [ 231.881713][ T8809] vivid-001: ================== END STATUS ================== [ 231.991344][ T5888] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 232.223157][ T5621] Bluetooth: hci1: command 0x0406 tx timeout [ 232.337811][ T8828] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1177'. [ 232.373835][ T5621] Bluetooth: hci0: command 0x0406 tx timeout [ 232.450283][ T5621] Bluetooth: hci4: command 0x0406 tx timeout [ 232.610203][ T5621] Bluetooth: hci3: command 0x0406 tx timeout [ 232.726556][ T8848] binder: 8843:8848 ioctl c0306201 0 returned -14 [ 232.730523][ T8848] binder: BINDER_SET_CONTEXT_MGR already set [ 232.730537][ T8848] binder: 8843:8848 ioctl 4018620d 200000000040 returned -16 [ 232.764964][ T8848] vivid-001: ================= START STATUS ================= [ 232.764984][ T8848] vivid-001: Radio HW Seek Mode: Bounded [ 232.765004][ T8848] vivid-001: Radio Programmable HW Seek: false [ 232.765019][ T8848] vivid-001: RDS Rx I/O Mode: Block I/O [ 232.765036][ T8848] vivid-001: Generate RBDS Instead of RDS: false [ 232.767334][ T8848] vivid-001: RDS Reception: true [ 232.767352][ T8848] vivid-001: RDS Program Type: 0 inactive [ 232.767374][ T8848] vivid-001: RDS PS Name: inactive [ 232.767394][ T8848] vivid-001: RDS Radio Text: inactive [ 232.767413][ T8848] vivid-001: RDS Traffic Announcement: false inactive [ 232.767434][ T8848] vivid-001: RDS Traffic Program: false inactive [ 232.767455][ T8848] vivid-001: RDS Music: false inactive [ 232.767476][ T8848] vivid-001: ================== END STATUS ================== [ 233.123740][ T8864] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1195'. [ 233.890400][ T5621] Bluetooth: hci2: command 0x0406 tx timeout [ 234.292116][ T5621] Bluetooth: hci1: command 0x0406 tx timeout [ 234.458489][ T5621] Bluetooth: hci0: command 0x0406 tx timeout [ 234.530237][ T5621] Bluetooth: hci4: command 0x0406 tx timeout [ 234.691900][ T5621] Bluetooth: hci3: command 0x0406 tx timeout [ 235.262723][ C0] ip6_tunnel: ip6erspan0 xmit: Local address not yet configured! [ 235.577824][ T8940] ALSA: mixer_oss: invalid OSS volume '/dev/ppp' [ 235.944185][ T8950] loop2: detected capacity change from 0 to 2048 [ 235.981748][ T8950] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 235.981894][ T8950] ext4 filesystem being mounted at /189/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 236.251078][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.655503][ T8980] binder: 8979:8980 ioctl c0306201 0 returned -14 [ 236.875696][ T8978] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.918218][ T8978] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.940328][ T1261] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 237.100969][ T1261] usb 2-1: Using ep0 maxpacket: 8 [ 237.107173][ T1261] usb 2-1: config 0 has an invalid interface number: 30 but max is 0 [ 237.107200][ T1261] usb 2-1: config 0 has no interface number 0 [ 237.107231][ T1261] usb 2-1: too many endpoints for config 0 interface 30 altsetting 222: 254, using maximum allowed: 30 [ 237.107261][ T1261] usb 2-1: config 0 interface 30 altsetting 222 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.107274][ T1261] usb 2-1: config 0 interface 30 altsetting 222 endpoint 0x81 has invalid wMaxPacketSize 0 [ 237.107286][ T1261] usb 2-1: config 0 interface 30 altsetting 222 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 237.107304][ T1261] usb 2-1: config 0 interface 30 has no altsetting 0 [ 237.107323][ T1261] usb 2-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00 [ 237.107334][ T1261] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.216797][ T1261] usb 2-1: config 0 descriptor?? [ 237.469258][ T9006] loop0: detected capacity change from 0 to 256 [ 237.592652][ T8978] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 237.635923][ T1261] usbhid 2-1:0.30: can't add hid device: -71 [ 237.636050][ T1261] usbhid 2-1:0.30: probe with driver usbhid failed with error -71 [ 237.668062][ T1261] usb 2-1: USB disconnect, device number 9 [ 237.760476][ T8978] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 238.990175][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 240.604661][ T4245] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.604807][ T4245] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.604840][ T4245] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.604872][ T4245] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.791213][ T9097] ªªªªªª: renamed from vlan0 [ 240.897394][ T9105] binder: 9104:9105 ioctl c0306201 0 returned -14 [ 241.180460][ T5869] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 241.360267][ T5869] usb 1-1: Using ep0 maxpacket: 8 [ 241.362442][ T5869] usb 1-1: config 0 has an invalid interface number: 30 but max is 0 [ 241.362467][ T5869] usb 1-1: config 0 has no interface number 0 [ 241.362493][ T5869] usb 1-1: too many endpoints for config 0 interface 30 altsetting 222: 254, using maximum allowed: 30 [ 241.362527][ T5869] usb 1-1: config 0 interface 30 altsetting 222 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.362551][ T5869] usb 1-1: config 0 interface 30 altsetting 222 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.362569][ T5869] usb 1-1: config 0 interface 30 altsetting 222 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 241.362592][ T5869] usb 1-1: config 0 interface 30 has no altsetting 0 [ 241.362622][ T5869] usb 1-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00 [ 241.362640][ T5869] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.377446][ T5869] usb 1-1: config 0 descriptor?? [ 241.796185][ T5869] usbhid 1-1:0.30: can't add hid device: -71 [ 241.796299][ T5869] usbhid 1-1:0.30: probe with driver usbhid failed with error -71 [ 241.812579][ T5869] usb 1-1: USB disconnect, device number 14 [ 243.326311][ T9154] loop5: detected capacity change from 0 to 7 [ 243.528663][ T9154] Dev loop5: unable to read RDB block 7 [ 243.528707][ T9154] loop5: unable to read partition table [ 243.528912][ T9154] loop5: partition table beyond EOD, truncated [ 243.528946][ T9154] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 244.294075][ T9184] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1335'. [ 244.780897][ T9200] vivid-003: ================= START STATUS ================= [ 244.780913][ T9200] vivid-003: Radio HW Seek Mode: Bounded [ 244.781213][ T9200] vivid-003: Radio Programmable HW Seek: false [ 244.781231][ T9200] vivid-003: RDS Rx I/O Mode: Block I/O [ 244.781246][ T9200] vivid-003: Generate RBDS Instead of RDS: false [ 244.781259][ T9200] vivid-003: RDS Reception: true [ 244.781275][ T9200] vivid-003: RDS Program Type: 0 inactive [ 244.781818][ T9200] vivid-003: RDS PS Name: inactive [ 244.781838][ T9200] vivid-003: RDS Radio Text: inactive [ 244.781858][ T9200] vivid-003: RDS Traffic Announcement: false inactive [ 244.781877][ T9200] vivid-003: RDS Traffic Program: false inactive [ 244.781897][ T9200] vivid-003: RDS Music: false inactive [ 244.781915][ T9200] vivid-003: ================== END STATUS ================== [ 245.059542][ T9207] loop1: detected capacity change from 0 to 1024 [ 245.336983][ T9222] loop3: detected capacity change from 0 to 256 [ 245.753342][ T9242] binder: 9239:9242 ioctl c0306201 0 returned -14 [ 245.940326][ T5869] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 245.982626][ T822] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 246.010300][ T1261] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 246.082998][ T5869] usb 1-1: device descriptor read/64, error -71 [ 246.160770][ T1261] usb 4-1: Using ep0 maxpacket: 8 [ 246.183740][ T1261] usb 4-1: config 0 has an invalid interface number: 30 but max is 0 [ 246.183822][ T1261] usb 4-1: config 0 has no interface number 0 [ 246.183852][ T1261] usb 4-1: too many endpoints for config 0 interface 30 altsetting 222: 254, using maximum allowed: 30 [ 246.183890][ T1261] usb 4-1: config 0 interface 30 altsetting 222 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.183913][ T1261] usb 4-1: config 0 interface 30 altsetting 222 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.184057][ T1261] usb 4-1: config 0 interface 30 altsetting 222 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 246.184083][ T1261] usb 4-1: config 0 interface 30 has no altsetting 0 [ 246.184165][ T1261] usb 4-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00 [ 246.184186][ T1261] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.192865][ T822] usb 2-1: config index 0 descriptor too short (expected 8192, got 36) [ 246.192893][ T822] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.192911][ T822] usb 2-1: config 0 has no interfaces? [ 246.192937][ T822] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 246.192959][ T822] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.350439][ T1261] usb 4-1: config 0 descriptor?? [ 246.376608][ T5869] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 246.390617][ T822] usb 2-1: config 0 descriptor?? [ 246.530218][ T5869] usb 1-1: device descriptor read/64, error -71 [ 246.551056][ T9267] loop2: detected capacity change from 0 to 256 [ 246.654792][ T5869] usb usb1-port1: attempt power cycle [ 246.795984][ T1261] usbhid 4-1:0.30: can't add hid device: -71 [ 246.796106][ T1261] usbhid 4-1:0.30: probe with driver usbhid failed with error -71 [ 246.828347][ T1261] usb 4-1: USB disconnect, device number 10 [ 247.068116][ T5869] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 247.081045][ T5869] usb 1-1: device descriptor read/8, error -71 [ 247.332556][ T5869] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 247.354199][ T5869] usb 1-1: device descriptor read/8, error -71 [ 247.486905][ T5869] usb usb1-port1: unable to enumerate USB device [ 247.625201][ T9302] loop3: detected capacity change from 0 to 1764 [ 248.452769][ T5869] usb 2-1: USB disconnect, device number 10 [ 248.968006][ T9344] ucma_write: process 537 (syz.3.1392) changed security contexts after opening file descriptor, this is not allowed. [ 249.465513][ T9370] loop3: detected capacity change from 0 to 1024 [ 249.501863][ T9370] EXT4-fs: Ignoring removed bh option [ 249.530636][ T1261] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 249.680251][ T1261] usb 3-1: Using ep0 maxpacket: 32 [ 249.684578][ T1261] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.684650][ T1261] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 249.684671][ T1261] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 249.684702][ T1261] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 249.684726][ T1261] usb 3-1: config 1 interface 1 has no altsetting 0 [ 249.688307][ T1261] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 249.688333][ T1261] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.688357][ T1261] usb 3-1: Product: syz [ 249.688365][ T1261] usb 3-1: Manufacturer: syz [ 249.688372][ T1261] usb 3-1: SerialNumber: syz [ 249.759806][ T9370] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 249.802328][ T37] kauditd_printk_skb: 47 callbacks suppressed [ 249.802346][ T37] audit: type=1800 audit(1779338181.459:140): pid=9370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1404" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 250.786758][ T9351] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1395'. [ 250.786783][ T9351] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1395'. [ 250.922606][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.947701][ T1261] usb 3-1: USB disconnect, device number 11 [ 251.144665][ T6138] udevd[6138]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 251.790656][ T9431] syz.0.1419 uses obsolete (PF_INET,SOCK_PACKET) [ 251.792555][ T9431] syzkaller1: entered promiscuous mode [ 251.792581][ T9431] syzkaller1: entered allmulticast mode [ 251.840604][ T9436] loop2: detected capacity change from 0 to 1024 [ 251.987869][ T9442] loop5: detected capacity change from 0 to 7 [ 252.007410][ T9442] Dev loop5: unable to read RDB block 7 [ 252.007444][ T9442] loop5: AHDI p1 p2 p3 [ 252.007475][ T9442] loop5: partition table partially beyond EOD, truncated [ 252.007707][ T9442] loop5: p1 start 1818582900 is beyond EOD, truncated [ 252.007724][ T9442] loop5: p3 start 335544320 is beyond EOD, truncated [ 252.813306][ T9436] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.965542][ T37] audit: type=1800 audit(1779338184.619:141): pid=9436 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1422" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 253.603095][ T1261] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 253.751042][ T1261] usb 2-1: Using ep0 maxpacket: 32 [ 253.763076][ T1261] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 253.763150][ T1261] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 253.763174][ T1261] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 253.763204][ T1261] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 253.763228][ T1261] usb 2-1: config 1 interface 1 has no altsetting 0 [ 253.768827][ T1261] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 253.768855][ T1261] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.768873][ T1261] usb 2-1: Product: syz [ 253.768886][ T1261] usb 2-1: Manufacturer: syz [ 253.768898][ T1261] usb 2-1: SerialNumber: syz [ 254.263594][ T9464] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1428'. [ 254.263621][ T9464] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1428'. [ 255.448033][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.646087][ T1261] usb 2-1: USB disconnect, device number 11 [ 255.658723][ T9495] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1437'. [ 255.737272][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.737369][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.908220][ T6138] udevd[6138]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 256.101400][ T9495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 256.176601][ T9495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 256.286506][ T9495] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 256.321294][ T9525] loop1: detected capacity change from 0 to 512 [ 256.354017][ T9525] EXT4-fs: Ignoring removed mblk_io_submit option [ 256.383452][ T9525] EXT4-fs (loop1): write access unavailable, skipping orphan cleanup [ 256.396766][ T9525] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 256.468234][ T9495] bond0 (unregistering): Released all slaves [ 256.527609][ T5614] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.898232][ T9539] loop1: detected capacity change from 0 to 2048 [ 256.984846][ T9541] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1452'. [ 257.378974][ T9557] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1460'. [ 257.541230][ T9564] netlink: 'syz.1.1463': attribute type 10 has an invalid length. [ 257.541258][ T9564] bridge0: left allmulticast mode [ 258.000604][ T9577] loop2: detected capacity change from 0 to 2048 [ 258.090455][ T9577] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 258.090595][ T9577] ext4 filesystem being mounted at /218/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.197400][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.395502][ T9591] binder: 9589:9591 ioctl c0306201 0 returned -14 [ 258.410643][ T9591] vivid-003: ================= START STATUS ================= [ 258.410661][ T9591] vivid-003: Radio HW Seek Mode: Bounded [ 258.410684][ T9591] vivid-003: Radio Programmable HW Seek: false [ 258.410701][ T9591] vivid-003: RDS Rx I/O Mode: Block I/O [ 258.410717][ T9591] vivid-003: Generate RBDS Instead of RDS: false [ 258.410734][ T9591] vivid-003: RDS Reception: true [ 258.410758][ T9591] vivid-003: RDS Program Type: 0 inactive [ 258.410779][ T9591] vivid-003: RDS PS Name: inactive [ 258.410799][ T9591] vivid-003: RDS Radio Text: inactive [ 258.410819][ T9591] vivid-003: RDS Traffic Announcement: false inactive [ 258.410839][ T9591] vivid-003: RDS Traffic Program: false inactive [ 258.410860][ T9591] vivid-003: RDS Music: false inactive [ 258.410880][ T9591] vivid-003: ================== END STATUS ================== [ 259.541000][ T9637] loop3: detected capacity change from 0 to 1024 [ 259.574428][ T9637] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 259.646207][ T37] audit: type=1800 audit(1779338191.299:142): pid=9637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1495" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 259.915584][ T9659] loop2: detected capacity change from 0 to 1024 [ 259.916826][ T9659] EXT4-fs: Ignoring removed bh option [ 259.991373][ T9659] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 260.141347][ T9666] netlink: 1363 bytes leftover after parsing attributes in process `syz.0.1506'. [ 260.449470][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.739472][ T9692] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 260.739497][ T9692] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 260.750251][ T9692] vhci_hcd vhci_hcd.0: Device attached [ 260.764709][ T9692] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(7) [ 260.764735][ T9692] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 260.764780][ T9692] vhci_hcd vhci_hcd.0: Device attached [ 260.768896][ T9692] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(9) [ 260.768941][ T9692] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 260.768979][ T9692] vhci_hcd vhci_hcd.0: Device attached [ 260.798501][ T9692] loop3: detected capacity change from 0 to 1024 [ 260.823170][ T9692] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 260.878453][ T9692] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.1510: Invalid block bitmap block 0 in block_group 0 [ 260.878486][ T9692] loop3: lost filesystem error report for type 5 error -117 [ 260.878938][ T9692] Quota error (device loop3): write_blk: dquota write failed [ 260.879068][ T9692] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 260.879131][ T9692] EXT4-fs error (device loop3): ext4_acquire_dquot:7034: comm syz.3.1510: Failed to acquire dquot type 0 [ 260.879186][ T9692] loop3: lost filesystem error report for type 5 error -117 [ 260.879607][ T9692] EXT4-fs error (device loop3): ext4_free_blocks:6718: comm syz.3.1510: Freeing blocks not in datazone - block = 0, count = 4096 [ 260.879673][ T9692] loop3: lost filesystem error report for type 5 error -117 [ 260.882811][ C1] EXT4-fs (loop3): error count since last fsck: 3 [ 260.882834][ C1] EXT4-fs (loop3): initial error at time 1779338192: ext4_read_block_bitmap_nowait:483 [ 260.882858][ C1] EXT4-fs (loop3): last error at time 1779338192: ext4_free_blocks:6718 [ 260.926012][ T9692] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.1510: Invalid inode bitmap blk 0 in block_group 0 [ 260.926141][ T9692] loop3: lost filesystem error report for type 5 error -117 [ 260.943473][ T9692] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 260.943567][ T9692] loop3: lost filesystem error report for type 5 error -117 [ 260.950993][ T9692] EXT4-fs (loop3): 1 orphan inode deleted [ 260.976331][ T9692] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 261.005034][ T9692] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 261.042362][ T123] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-7 [ 261.042496][ T123] EXT4-fs error (device loop3): ext4_release_dquot:7070: comm kworker/u8:5: Failed to release dquot type 0 [ 261.070315][ T1261] usb 39-1: new low-speed USB device number 3 using vhci_hcd [ 261.300327][ T9713] loop0: detected capacity change from 0 to 128 [ 261.424723][ T5624] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 261.462652][ T5624] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 261.466085][ T5624] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 261.476064][ T5624] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 261.478288][ T5624] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 261.587915][ T9698] vhci_hcd: connection closed [ 261.588405][ T9696] vhci_hcd: connection closed [ 261.593399][ T123] vhci_hcd vhci_hcd.3: stop threads [ 261.593499][ T123] vhci_hcd vhci_hcd.3: release socket [ 261.593570][ T123] vhci_hcd vhci_hcd.3: disconnect device [ 261.597371][ T123] vhci_hcd vhci_hcd.3: stop threads [ 261.597390][ T123] vhci_hcd vhci_hcd.3: release socket [ 261.597426][ T123] vhci_hcd vhci_hcd.3: disconnect device [ 261.645935][ T9694] vhci_hcd: connection reset by peer [ 261.647257][ T4245] vhci_hcd vhci_hcd.3: stop threads [ 261.647275][ T4245] vhci_hcd vhci_hcd.3: release socket [ 261.647581][ T4245] vhci_hcd vhci_hcd.3: disconnect device [ 261.676721][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.850310][ T822] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 262.000214][ T822] usb 1-1: Using ep0 maxpacket: 32 [ 262.000972][ T822] usb 1-1: no configurations [ 262.000987][ T822] usb 1-1: can't read configurations, error -22 [ 262.140282][ T822] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 262.290366][ T822] usb 1-1: Using ep0 maxpacket: 32 [ 262.291545][ T822] usb 1-1: no configurations [ 262.291556][ T822] usb 1-1: can't read configurations, error -22 [ 262.295682][ T822] usb usb1-port1: attempt power cycle [ 262.488629][ T9732] netlink: 1363 bytes leftover after parsing attributes in process `syz.3.1528'. [ 262.650461][ T822] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 262.694360][ T822] usb 1-1: Using ep0 maxpacket: 32 [ 262.695799][ T822] usb 1-1: no configurations [ 262.695814][ T822] usb 1-1: can't read configurations, error -22 [ 262.820805][ T822] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 262.842017][ T822] usb 1-1: Using ep0 maxpacket: 32 [ 262.843429][ T822] usb 1-1: no configurations [ 262.843445][ T822] usb 1-1: can't read configurations, error -22 [ 262.845175][ T822] usb usb1-port1: unable to enumerate USB device [ 263.009902][ T9751] loop5: detected capacity change from 0 to 7 [ 263.021489][ T9751] Dev loop5: unable to read RDB block 7 [ 263.021518][ T9751] loop5: AHDI p1 p2 p3 [ 263.021546][ T9751] loop5: partition table partially beyond EOD, truncated [ 263.021747][ T9751] loop5: p1 start 1818582900 is beyond EOD, truncated [ 263.021764][ T9751] loop5: p3 start 335544320 is beyond EOD, truncated [ 263.104154][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.580680][ T5621] Bluetooth: hci5: command tx timeout [ 264.001484][ T9782] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1546'. [ 264.009437][ T9782] netlink: 'syz.3.1546': attribute type 10 has an invalid length. [ 264.070284][ T5888] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 264.101894][ T9784] loop3: detected capacity change from 0 to 128 [ 264.221941][ T5888] usb 3-1: Using ep0 maxpacket: 32 [ 264.223990][ T5888] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 264.226949][ T5888] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 264.226973][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.226990][ T5888] usb 3-1: Product: syz [ 264.227002][ T5888] usb 3-1: Manufacturer: syz [ 264.227015][ T5888] usb 3-1: SerialNumber: syz [ 264.260029][ T5888] usb 3-1: config 0 descriptor?? [ 264.278468][ T5888] cdc_ether 3-1:0.0: missing cdc header descriptor [ 264.317115][ T5888] usb 3-1: unsupported MDLM descriptors [ 264.546384][ T5888] usb 3-1: USB disconnect, device number 12 [ 264.876459][ T9796] loop5: detected capacity change from 0 to 7 [ 264.881035][ T9796] Dev loop5: unable to read RDB block 7 [ 264.881062][ T9796] loop5: AHDI p1 p2 p3 [ 264.881086][ T9796] loop5: partition table partially beyond EOD, truncated [ 264.881288][ T9796] loop5: p1 start 1818582900 is beyond EOD, truncated [ 264.881304][ T9796] loop5: p3 start 335544320 is beyond EOD, truncated [ 265.270469][ T9805] loop1: detected capacity change from 0 to 2048 [ 265.332150][ T9814] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1556'. [ 265.394207][ T9817] netlink: 'syz.0.1556': attribute type 10 has an invalid length. [ 265.554803][ T9824] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1561'. [ 265.651046][ T5621] Bluetooth: hci5: command tx timeout [ 265.751406][ T5793] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 265.867598][ T9715] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.868573][ T9715] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.870529][ T9715] bridge_slave_0: entered allmulticast mode [ 265.885624][ T9715] bridge_slave_0: entered promiscuous mode [ 265.896385][ T9715] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.896705][ T9715] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.896960][ T9715] bridge_slave_1: entered allmulticast mode [ 265.901247][ T9715] bridge_slave_1: entered promiscuous mode [ 265.933898][ T5793] usb 2-1: Using ep0 maxpacket: 32 [ 265.936012][ T5793] usb 2-1: no configurations [ 265.936028][ T5793] usb 2-1: can't read configurations, error -22 [ 266.030621][ T5888] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 266.060274][ T5793] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 266.090538][ T13] bridge_slave_1: left allmulticast mode [ 266.090695][ T13] bridge_slave_1: left promiscuous mode [ 266.108354][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.200272][ T5888] usb 4-1: Using ep0 maxpacket: 32 [ 266.200548][ T1261] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 266.206030][ T5888] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 266.216263][ T5888] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 266.216289][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.216308][ T5888] usb 4-1: Product: syz [ 266.216320][ T5888] usb 4-1: Manufacturer: syz [ 266.216333][ T5888] usb 4-1: SerialNumber: syz [ 266.216558][ T5793] usb 2-1: Using ep0 maxpacket: 32 [ 266.231508][ T5793] usb 2-1: no configurations [ 266.231584][ T5793] usb 2-1: can't read configurations, error -22 [ 266.273482][ T5793] usb usb2-port1: attempt power cycle [ 266.288031][ T5888] usb 4-1: config 0 descriptor?? [ 266.297108][ T5888] cdc_ether 4-1:0.0: missing cdc header descriptor [ 266.319548][ T5888] usb 4-1: unsupported MDLM descriptors [ 266.329390][ T13] bridge_slave_0: left allmulticast mode [ 266.329421][ T13] bridge_slave_0: left promiscuous mode [ 266.329701][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.511986][ T5888] usb 4-1: USB disconnect, device number 11 [ 266.661035][ T5793] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 266.702490][ T5793] usb 2-1: Using ep0 maxpacket: 32 [ 266.703094][ T5793] usb 2-1: no configurations [ 266.703103][ T5793] usb 2-1: can't read configurations, error -22 [ 266.860261][ T5793] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 266.881155][ T5793] usb 2-1: Using ep0 maxpacket: 32 [ 266.881818][ T5793] usb 2-1: no configurations [ 266.881827][ T5793] usb 2-1: can't read configurations, error -22 [ 266.882209][ T5793] usb usb2-port1: unable to enumerate USB device [ 267.000940][ T13] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 267.145628][ T9842] loop3: detected capacity change from 0 to 2048 [ 267.194564][ T9842] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 267.194708][ T9842] ext4 filesystem being mounted at /249/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 267.283023][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.381310][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.481489][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 267.521269][ T13] bond0 (unregistering): Released all slaves [ 267.560776][ T9832] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1565'. [ 267.626918][ T9715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 267.744666][ T5621] Bluetooth: hci5: command tx timeout [ 267.799635][ T9861] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1574'. [ 267.838564][ T9715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 268.103632][ T9868] loop5: detected capacity change from 0 to 7 [ 268.123254][ T9868] Dev loop5: unable to read RDB block 7 [ 268.123283][ T9868] loop5: AHDI p1 p2 p3 [ 268.123309][ T9868] loop5: partition table partially beyond EOD, truncated [ 268.124057][ T9868] loop5: p1 start 1818582900 is beyond EOD, truncated [ 268.124079][ T9868] loop5: p3 start 335544320 is beyond EOD, truncated [ 268.350274][ T5873] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 268.374104][ T9715] team0: Port device team_slave_0 added [ 268.391871][ T9715] team0: Port device team_slave_1 added [ 268.573139][ T5873] usb 4-1: Using ep0 maxpacket: 32 [ 268.575194][ T5873] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 268.579025][ T5873] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 268.579050][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.579067][ T5873] usb 4-1: Product: syz [ 268.579087][ T5873] usb 4-1: Manufacturer: syz [ 268.579100][ T5873] usb 4-1: SerialNumber: syz [ 268.619106][ T5873] usb 4-1: config 0 descriptor?? [ 268.662441][ T5873] cdc_ether 4-1:0.0: missing cdc header descriptor [ 268.703738][ T5873] usb 4-1: unsupported MDLM descriptors [ 268.888220][ T1261] usb 4-1: USB disconnect, device number 12 [ 269.089264][ T9715] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 269.089279][ T9715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 269.089299][ T9715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 269.176614][ T9715] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 269.176631][ T9715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 269.176657][ T9715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 269.434727][ T9892] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1583'. [ 269.619966][ T9715] hsr_slave_0: entered promiscuous mode [ 269.625365][ T9715] hsr_slave_1: entered promiscuous mode [ 269.626795][ T9715] debugfs: 'hsr0' already exists in 'hsr' [ 269.626820][ T9715] Cannot create hsr debugfs directory [ 269.677294][ T9899] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1585'. [ 269.773334][ T9903] binder: 9902:9903 ioctl c0306201 0 returned -14 [ 269.777074][ T9903] vivid-002: ================= START STATUS ================= [ 269.777091][ T9903] vivid-002: Radio HW Seek Mode: Bounded [ 269.777109][ T9903] vivid-002: Radio Programmable HW Seek: false [ 269.777124][ T9903] vivid-002: RDS Rx I/O Mode: Block I/O [ 269.777141][ T9903] vivid-002: Generate RBDS Instead of RDS: false [ 269.777159][ T9903] vivid-002: RDS Reception: true [ 269.777176][ T9903] vivid-002: RDS Program Type: 0 inactive [ 269.777198][ T9903] vivid-002: RDS PS Name: inactive [ 269.777219][ T9903] vivid-002: RDS Radio Text: inactive [ 269.777240][ T9903] vivid-002: RDS Traffic Announcement: false inactive [ 269.777262][ T9903] vivid-002: RDS Traffic Program: false inactive [ 269.777285][ T9903] vivid-002: RDS Music: false inactive [ 269.777308][ T9903] vivid-002: ================== END STATUS ================== [ 269.812888][ T5621] Bluetooth: hci5: command tx timeout [ 270.051101][ T5277] 8021q: adding VLAN 0 to HW filter on device eth1 [ 270.259202][ T9918] tipc: Started in network mode [ 270.259230][ T9918] tipc: Node identity 422dfd299ecf, cluster identity 4711 [ 270.259548][ T9918] tipc: Enabled bearer , priority 0 [ 270.289913][ T9913] syzkaller0: entered promiscuous mode [ 270.289937][ T9913] syzkaller0: entered allmulticast mode [ 270.526408][ T9915] tipc: Resetting bearer [ 270.614594][ T9911] tipc: Resetting bearer [ 270.623085][ T9931] binder: 9929:9931 ioctl c0306201 0 returned -14 [ 270.626503][ T9931] vivid-000: ================= START STATUS ================= [ 270.626520][ T9931] vivid-000: Radio HW Seek Mode: Bounded [ 270.626540][ T9931] vivid-000: Radio Programmable HW Seek: false [ 270.626555][ T9931] vivid-000: RDS Rx I/O Mode: Block I/O [ 270.626571][ T9931] vivid-000: Generate RBDS Instead of RDS: false [ 270.626629][ T9931] vivid-000: RDS Reception: true [ 270.626646][ T9931] vivid-000: RDS Program Type: 0 inactive [ 270.626667][ T9931] vivid-000: RDS PS Name: inactive [ 270.626685][ T9931] vivid-000: RDS Radio Text: inactive [ 270.626704][ T9931] vivid-000: RDS Traffic Announcement: false inactive [ 270.626725][ T9931] vivid-000: RDS Traffic Program: false inactive [ 270.626745][ T9931] vivid-000: RDS Music: false inactive [ 270.626764][ T9931] vivid-000: ================== END STATUS ================== [ 270.783771][ T9911] tipc: Disabling bearer [ 270.843891][ T9935] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1600'. [ 271.080210][ T13] hsr_slave_0: left promiscuous mode [ 271.120299][ T13] hsr_slave_1: left promiscuous mode [ 271.123674][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 271.150185][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 271.570956][ T13] team0 (unregistering): Port device vlan0 removed [ 271.782125][ T13] team0 (unregistering): Port device team_slave_1 removed [ 271.813696][ T9943] loop3: detected capacity change from 0 to 2048 [ 271.880276][ T9943] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 271.880419][ T9943] ext4 filesystem being mounted at /256/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 271.888504][ T13] team0 (unregistering): Port device team_slave_0 removed [ 271.984000][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.462035][ T9956] binder: 9954:9956 ioctl c0306201 0 returned -14 [ 272.471571][ T9956] vivid-000: ================= START STATUS ================= [ 272.471589][ T9956] vivid-000: Radio HW Seek Mode: Bounded [ 272.471610][ T9956] vivid-000: Radio Programmable HW Seek: false [ 272.471626][ T9956] vivid-000: RDS Rx I/O Mode: Block I/O [ 272.471643][ T9956] vivid-000: Generate RBDS Instead of RDS: false [ 272.471658][ T9956] vivid-000: RDS Reception: true [ 272.471673][ T9956] vivid-000: RDS Program Type: 0 inactive [ 272.471693][ T9956] vivid-000: RDS PS Name: inactive [ 272.471711][ T9956] vivid-000: RDS Radio Text: inactive [ 272.471730][ T9956] vivid-000: RDS Traffic Announcement: false inactive [ 272.471749][ T9956] vivid-000: RDS Traffic Program: false inactive [ 272.471768][ T9956] vivid-000: RDS Music: false inactive [ 272.471787][ T9956] vivid-000: ================== END STATUS ================== [ 273.346982][ T9984] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1618'. [ 273.883673][ T5873] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 274.034143][ T5873] usb 3-1: Using ep0 maxpacket: 32 [ 274.036536][ T5873] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 274.058484][ T5873] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 274.058512][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.058531][ T5873] usb 3-1: Product: syz [ 274.058544][ T5873] usb 3-1: Manufacturer: syz [ 274.058556][ T5873] usb 3-1: SerialNumber: syz [ 274.126997][ T5873] usb 3-1: config 0 descriptor?? [ 274.143323][ T5873] cdc_ether 3-1:0.0: missing cdc header descriptor [ 274.167645][ T5873] usb 3-1: unsupported MDLM descriptors [ 274.217908][ T5277] 8021q: adding VLAN 0 to HW filter on device eth2 [ 274.342605][ T5873] usb 3-1: USB disconnect, device number 13 [ 274.436090][T10021] tipc: Enabled bearer , priority 0 [ 274.437236][T10021] syzkaller0: entered promiscuous mode [ 274.437256][T10021] syzkaller0: entered allmulticast mode [ 274.685478][T10020] tipc: Resetting bearer [ 274.883014][T10020] tipc: Disabling bearer [ 275.188414][T10041] loop3: detected capacity change from 0 to 128 [ 276.201575][T10059] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1641'. [ 276.438251][T10077] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1646'. [ 276.469543][T10077] netlink: 'syz.0.1646': attribute type 10 has an invalid length. [ 276.472756][T10076] tipc: Started in network mode [ 276.472783][T10076] tipc: Node identity bed38698830f, cluster identity 4711 [ 276.472959][T10076] tipc: Enabled bearer , priority 0 [ 276.473849][T10076] syzkaller0: entered promiscuous mode [ 276.473869][T10076] syzkaller0: entered allmulticast mode [ 276.531889][T10074] tipc: Resetting bearer [ 276.626990][T10083] loop0: detected capacity change from 0 to 128 [ 276.783305][T10074] tipc: Disabling bearer [ 277.306005][T10106] 9p: Bad value for 'rfdno' [ 277.487266][T10111] loop1: detected capacity change from 0 to 1024 [ 277.502801][T10111] EXT4-fs: Ignoring removed bh option [ 278.090879][T10132] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 278.504290][ T9715] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 278.868032][ T9715] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 278.873754][ T9715] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 279.120708][ T9715] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 279.165649][T10155] 9p: Bad value for 'rfdno' [ 279.190422][ T9715] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 279.249416][T10159] loop0: detected capacity change from 0 to 1024 [ 279.292131][T10162] loop2: detected capacity change from 0 to 1024 [ 279.294875][ T9715] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 279.311839][ T9715] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 279.334876][T10159] EXT4-fs: Ignoring removed bh option [ 279.339940][T10162] EXT4-fs: Ignoring removed bh option [ 279.426673][T10162] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 279.451660][ T9715] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 279.478904][T10159] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 279.484896][ T37] audit: type=1800 audit(1779338211.129:143): pid=10162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1666" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 279.537002][ T37] audit: type=1800 audit(1779338211.189:144): pid=10159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1665" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 279.826132][ T5617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.454340][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.478207][ T9715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 280.808798][ T9715] 8021q: adding VLAN 0 to HW filter on device team0 [ 280.915104][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.916823][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.057653][ T4245] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.057863][ T4245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.135888][T10246] 9p: Bad value for 'rfdno' [ 283.761630][T10266] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1692'. [ 283.761657][T10266] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1692'. [ 283.805876][ T9715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 284.288805][ T9715] veth0_vlan: entered promiscuous mode [ 284.322547][ T9715] veth1_vlan: entered promiscuous mode [ 284.359988][ T9715] veth0_macvtap: entered promiscuous mode [ 284.371811][ T9715] veth1_macvtap: entered promiscuous mode [ 284.465647][ T9715] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 284.513227][ T9715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 284.536625][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.539893][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.542175][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.545242][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.455802][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.455822][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.775333][T10318] loop1: detected capacity change from 0 to 1024 [ 285.778792][T10318] EXT4-fs: Ignoring removed bh option [ 285.905747][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.905767][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 286.229877][T10327] ªªªªªª: renamed from vlan0 [ 286.407838][T10334] loop4: detected capacity change from 0 to 1024 [ 286.557435][T10334] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 286.596503][ T37] audit: type=1800 audit(1779338218.239:145): pid=10334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1521" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 287.509171][ T9715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.957142][T10362] loop0: detected capacity change from 0 to 1024 [ 287.969842][T10362] EXT4-fs: Ignoring removed bh option [ 288.008686][T10362] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 288.096043][ T37] audit: type=1800 audit(1779338219.749:146): pid=10362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1722" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 288.581517][T10376] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1719'. [ 288.921427][ T5617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.138217][T10376] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 289.238368][T10376] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 289.378448][T10376] bond0 (unregistering): Released all slaves [ 290.184862][T10412] loop1: detected capacity change from 0 to 1024 [ 290.185989][T10412] EXT4-fs: Ignoring removed bh option [ 290.550709][T10422] tipc: Started in network mode [ 290.550727][T10422] tipc: Node identity c2077504ff49, cluster identity 4711 [ 290.550847][T10422] tipc: Enabled bearer , priority 0 [ 290.556119][T10419] syzkaller0: entered promiscuous mode [ 290.556135][T10419] syzkaller0: entered allmulticast mode [ 290.726121][T10418] tipc: Resetting bearer [ 290.931464][T10418] tipc: Disabling bearer [ 291.391658][ T5888] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 291.527403][T10439] ================================================================== [ 291.527453][T10439] BUG: KASA[ 291.527453][T10439] BUG: KASAN: slab-use-after-free in reverse_path_check_proc+0x5b/0x240 [ 291.527546][T10439] Read of size 8 at addr ffff88803f1d1740 by task syz.1.1749/10439 [ 291.527563][T10439] [ 291.527661][T10439] CPU: 0 UID: 0 PID: 10439 Comm: syz.1.1749 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 291.527690][T10439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 291.527728][T10439] Call Trace: [ 291.527764][T10439] [ 291.527846][T10439] dump_stack_lvl+0xe8/0x150 [ 291.527919][T10439] print_address_description+0x55/0x1e0 [ 291.527943][T10439] ? reverse_path_check_proc+0x5b/0x240 [ 291.527968][T10439] print_report+0x58/0x70 [ 291.527987][T10439] kasan_report+0x117/0x150 [ 291.528033][T10439] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 291.528057][T10439] ? reverse_path_check_proc+0x5b/0x240 [ 291.528078][T10439] ? ep_insert+0xbbb/0x1820 [ 291.528094][T10439] reverse_path_check_proc+0x5b/0x240 [ 291.528117][T10439] ? ep_insert+0xbbb/0x1820 [ 291.528133][T10439] ep_insert+0xc6c/0x1820 [ 291.528155][T10439] ? __pfx_ep_insert+0x10/0x10 [ 291.528170][T10439] ? trace_irq_disable+0x3b/0x140 [ 291.528225][T10439] do_epoll_ctl_file+0x8bb/0xed0 [ 291.528284][T10439] ? do_epoll_ctl_file+0xac3/0xed0 [ 291.528311][T10439] ? __pfx_do_epoll_ctl_file+0x10/0x10 [ 291.528334][T10439] ? __fget_files+0x3a6/0x420 [ 291.528403][T10439] ? __fget_files+0x2a/0x420 [ 291.528430][T10439] __se_sys_epoll_ctl+0x14e/0x210 [ 291.528448][T10439] ? __pfx___se_sys_epoll_ctl+0x10/0x10 [ 291.528468][T10439] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.528487][T10439] do_syscall_64+0x15f/0x560 [ 291.528506][T10439] ? trace_irq_disable+0x3b/0x140 [ 291.528524][T10439] ? clear_bhb_loop+0x40/0x90 [ 291.528544][T10439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.528561][T10439] RIP: 0033:0x7f8e6c08ce59 [ 291.528607][T10439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 291.528630][T10439] RSP: 002b:00007f8e6a2bd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 291.528676][T10439] RAX: ffffffffffffffda RBX: 00007f8e6c306090 RCX: 00007f8e6c08ce59 [ 291.528691][T10439] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006 [ 291.528703][T10439] RBP: 00007f8e6c122d6f R08: 0000000000000000 R09: 0000000000000000 [ 291.528715][T10439] R10: 0000200000000600 R11: 0000000000000246 R12: 0000000000000000 [ 291.528727][T10439] R13: 00007f8e6c306128 R14: 00007f8e6c306090 R15: 00007ffe4c0e5918 [ 291.528748][T10439] [ 291.528754][T10439] [ 291.528758][T10439] Allocated by task 10435: [ 291.528795][T10439] kasan_save_track+0x3e/0x80 [ 291.528844][T10439] __kasan_slab_alloc+0x6c/0x80 [ 291.528859][T10439] kmem_cache_alloc_noprof+0x33b/0x680 [ 291.528898][T10439] ep_insert+0x512/0x1820 [ 291.528910][T10439] do_epoll_ctl_file+0x8bb/0xed0 [ 291.528933][T10439] __se_sys_epoll_ctl+0x14e/0x210 [ 291.528947][T10439] do_syscall_64+0x15f/0x560 [ 291.528965][T10439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.528981][T10439] [ 291.528985][T10439] Freed by task 10435: [ 291.528993][T10439] kasan_save_track+0x3e/0x80 [ 291.529016][T10439] kasan_save_free_info+0x46/0x50 [ 291.529034][T10439] __kasan_slab_free+0x5c/0x80 [ 291.529048][T10439] kmem_cache_free+0x187/0x6c0 [ 291.529064][T10439] eventpoll_release_file+0xc2/0x240 [ 291.529086][T10439] __fput+0x83c/0xa70 [ 291.529106][T10439] task_work_run+0x1d9/0x270 [ 291.529124][T10439] exit_to_user_mode_loop+0xf3/0x4d0 [ 291.529141][T10439] do_syscall_64+0x33e/0x560 [ 291.529158][T10439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.529173][T10439] [ 291.529178][T10439] The buggy address belongs to the object at ffff88803f1d1740 [ 291.529178][T10439] which belongs to the cache ep_head of size 16 [ 291.529193][T10439] The buggy address is located 0 bytes inside of [ 291.529193][T10439] freed 16-byte region [ffff88803f1d1740, ffff88803f1d1750) [ 291.529211][T10439] [ 291.529215][T10439] The buggy address belongs to the physical page: [ 291.529237][T10439] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803f1d1380 pfn:0x3f1d1 [ 291.529290][T10439] memcg:ffff888061ea9001 [ 291.529300][T10439] flags: 0x80000000000200(workingset|node=0|zone=1) [ 291.529319][T10439] page_type: f5(slab) [ 291.529336][T10439] raw: 0080000000000200 ffff888020a8ec80 ffffea0000c9c9d0 ffff8880206faf88 [ 291.529353][T10439] raw: ffff88803f1d1380 0000000800800072 00000000f5000000 ffff888061ea9001 [ 291.529362][T10439] page dumped because: kasan: bad access detected [ 291.529374][T10439] page_owner tracks the page as allocated [ 291.529381][T10439] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4992, tgid 4992 (udevd), ts 40654181150, free_ts 40643807731 [ 291.529412][T10439] post_alloc_hook+0x1f9/0x250 [ 291.529461][T10439] get_page_from_freelist+0x265c/0x26e0 [ 291.529504][T10439] __alloc_frozen_pages_noprof+0x18d/0x380 [ 291.529523][T10439] allocate_slab+0x74/0x5e0 [ 291.529566][T10439] refill_objects+0x33c/0x3d0 [ 291.529583][T10439] __pcs_replace_empty_main+0x373/0x720 [ 291.529603][T10439] kmem_cache_alloc_noprof+0x433/0x680 [ 291.529617][T10439] ep_insert+0x512/0x1820 [ 291.529630][T10439] do_epoll_ctl_file+0x8bb/0xed0 [ 291.529652][T10439] __se_sys_epoll_ctl+0x14e/0x210 [ 291.529666][T10439] do_syscall_64+0x15f/0x560 [ 291.529682][T10439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.529699][T10439] page last free pid 29 tgid 29 stack trace: [ 291.529709][T10439] __free_frozen_pages+0x10af/0x1190 [ 291.529725][T10439] tlb_remove_table_rcu+0x85/0x100 [ 291.529769][T10439] rcu_cpu_kthread+0x99e/0x1470 [ 291.529819][T10439] smpboot_thread_fn+0x541/0xa50 [ 291.529862][T10439] kthread+0x389/0x470 [ 291.529879][T10439] ret_from_fork+0x514/0xb70 [ 291.529899][T10439] ret_from_fork_asm+0x1a/0x30 [ 291.529921][T10439] [ 291.529925][T10439] Memory state around the buggy address: [ 291.529935][T10439] ffff88803f1d1600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 291.529947][T10439] ffff88803f1d1680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 291.529959][T10439] >ffff88803f1d1700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 291.529967][T10439] ^ [ 291.529978][T10439] ffff88803f1d1780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 291.529988][T10439] ffff88803f1d1800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 291.529996][T10439] ================================================================== [ 291.540853][T10439] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 291.540879][T10439] CPU: 0 UID: 0 PID: 10439 Comm: syz.1.1749 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 291.540902][T10439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 291.540913][T10439] Call Trace: [ 291.540921][T10439] [ 291.540929][T10439] vpanic+0x56c/0xa60 [ 291.540958][T10439] ? __pfx_vpanic+0x10/0x10 [ 291.540986][T10439] panic+0xc5/0xd0 [ 291.541007][T10439] ? __pfx_panic+0x10/0x10 [ 291.541030][T10439] ? preempt_schedule_thunk+0x16/0x40 [ 291.541051][T10439] ? preempt_schedule_thunk+0x16/0x40 [ 291.541069][T10439] ? reverse_path_check_proc+0x5b/0x240 [ 291.541088][T10439] check_panic_on_warn+0x89/0xb0 [ 291.541109][T10439] ? reverse_path_check_proc+0x5b/0x240 [ 291.541127][T10439] end_report+0x73/0x170 [ 291.541144][T10439] ? reverse_path_check_proc+0x5b/0x240 [ 291.541169][T10439] kasan_report+0x128/0x150 [ 291.541187][T10439] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 291.541207][T10439] ? reverse_path_check_proc+0x5b/0x240 [ 291.541246][T10439] ? ep_insert+0xbbb/0x1820 [ 291.541267][T10439] reverse_path_check_proc+0x5b/0x240 [ 291.541289][T10439] ? ep_insert+0xbbb/0x1820 [ 291.541305][T10439] ep_insert+0xc6c/0x1820 [ 291.541326][T10439] ? __pfx_ep_insert+0x10/0x10 [ 291.541342][T10439] ? trace_irq_disable+0x3b/0x140 [ 291.541369][T10439] do_epoll_ctl_file+0x8bb/0xed0 [ 291.541396][T10439] ? do_epoll_ctl_file+0xac3/0xed0 [ 291.541421][T10439] ? __pfx_do_epoll_ctl_file+0x10/0x10 [ 291.541448][T10439] ? __fget_files+0x3a6/0x420 [ 291.541471][T10439] ? __fget_files+0x2a/0x420 [ 291.541496][T10439] __se_sys_epoll_ctl+0x14e/0x210 [ 291.541517][T10439] ? __pfx___se_sys_epoll_ctl+0x10/0x10 [ 291.541538][T10439] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.541556][T10439] do_syscall_64+0x15f/0x560 [ 291.541575][T10439] ? trace_irq_disable+0x3b/0x140 [ 291.541592][T10439] ? clear_bhb_loop+0x40/0x90 [ 291.541611][T10439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.541628][T10439] RIP: 0033:0x7f8e6c08ce59 [ 291.541643][T10439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 291.541659][T10439] RSP: 002b:00007f8e6a2bd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 291.541678][T10439] RAX: ffffffffffffffda RBX: 00007f8e6c306090 RCX: 00007f8e6c08ce59 [ 291.541692][T10439] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006 [ 291.541703][T10439] RBP: 00007f8e6c122d6f R08: 0000000000000000 R09: 0000000000000000 [ 291.541715][T10439] R10: 0000200000000600 R11: 0000000000000246 R12: 0000000000000000 [ 291.541726][T10439] R13: 00007f8e6c306128 R14: 00007f8e6c306090 R15: 00007ffe4c0e5918 [ 291.541747][T10439] [ 291.542062][T10439] Kernel Offset: disabled