last executing test programs: 21.00161416s ago: executing program 3 (id=2421): socket(0x28, 0x5, 0x0) socket(0x28, 0x5, 0x0) memfd_create(0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000400)={@val={0x0, 0xf9}, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @dccp_packet={0x9, 0x6, "2986bc", 0x10, 0x21, 0x0, @dev={0xfe, 0x80, '\x00', 0x2e}, @dev={0xfe, 0x80, '\x00', 0x26}, {[], {{0x4e22, 0x4e24, 0x4, 0x1, 0x3, 0x0, 0x0, 0x4, 0x6, "9ca1cf", 0x6, "e6c7b5"}}}}}}}}, 0x4a) 19.837951551s ago: executing program 3 (id=2425): bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000040)="b64b6779e728a585fc6d831c9c111ee3bf867c7fa20663508d961b5b0bc1d4eded804b84c8ee0b5e7b55af44aa8bf4a16c4d4aaf896a13f650a3b4f737945a9a179a6ceb93adadb8dd841258d0f04b02868cd415ab9bc48b055a8b3f92b143cb16138c216513a045af2101e7e3c507bedee404330f1171812cdaeed17a0e89dd4863a4e6808ca6b7046c38f33b9a0417e1c8fae7a9e1b4c8161b02", 0x0, 0x0, 0x0, 0xfffffffe}, 0x38) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0xfffffe8b}], 0x1}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071121e0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="33fe00004a00530c8e5e"], 0xfe33) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='6@\x00\x00I'], 0xfe33) 19.753724555s ago: executing program 3 (id=2426): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x800087, 0xffffffff, 0x2}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x7d, 0x0, &(0x7f0000000240)="b469802305624431ed33730100010446b20aed0200000000000000d5fe008c6090009c5bbd000000003683b7ee0fae7a6a53200386ce515ef6a4effbb7574d5eeb79bf8c4718e6b25de1d33cca488f87e31fd1385561b8b4cbf8611a1295fa69669e8fc61481728b796af2000000000000000000000000742226d7c685", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3}, 0x50) r0 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85) 19.506666258s ago: executing program 3 (id=2428): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000000c0)={0x9}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@gettaction={0x14, 0x5a, 0xc6b747b6bf1c6b95}, 0x14}}, 0x0) 19.338941597s ago: executing program 3 (id=2429): r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x121602, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000040)={0x4, 0xff, 0xbd54, 0x7f, 0x16, "c81e824ac9946ed0ed1e329e120bdebda62371"}) 19.218854683s ago: executing program 3 (id=2431): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x1, 0x2, 0x0) socket(0x10, 0x3, 0x0) getsockname$packet(r0, 0x0, &(0x7f00000003c0)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$SG_SET_RESERVED_SIZE(r4, 0x2275, &(0x7f0000000100)=0x2c0000) r5 = socket(0x5, 0x3, 0x414f) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000780)={'syztnl0\x00', 0x0, 0x700, 0x80, 0xa59e, 0x483, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x68, 0x0, 0x4, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x7}, @broadcast}}}}) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='net/snmp\x00') read$char_usb(r6, &(0x7f0000000040)=""/50, 0x32) 9.603291417s ago: executing program 0 (id=2469): syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000040), 0x7, 0x4e3, &(0x7f0000001200)="$eJzs3EFsVEUYAOD/bbe0QJGKiFJRi2hsNLZQUDiYGIwmHjQx4kGPTVsIUqhpayKEwJIYPBoSr8Z49OrBqxovhpOJVzyaGBJiuACe1rzdt+12+3Yp7bYr7fcl2515O+/NzM6bt/NmuhvApjWY/kki+iLiRkTsjIhCY4LB6tPd2xfH792+OB6lcvnEP0m6W9xJ45kke96eRYYKEYUvkoUX6syev3BmbGpqciaLj8yd/XRk9vyFV06fHTs1eWry3OixY0cOHzr62uirD16pnPzSet0ZuDS9b+87H197b7xY296bPdfXo10GYzCvKBUvtDuzDttRF06KrVK+sfaFYdnS8z9tru5K/98ZXdGy8YANpFwul3uav1wqN7qyZAvw0Eqi0yUAOqP2QZ/e/9YeeQOBLWsz/Oi4W8erN0Bpve9mj4hnKxtr8yDdDfe37TQYxfio9O+36SONF9dgHgIAoN7Px2sjwYbxX3/Enrp0j2RrKP0R8WhE7IqIxyJid0Q8HtW0T0TEkw3H74qIcov8BxviS8efhZurq2Fr6fjv9Wxta2H8F/WrYP1dWWxHRG3APHkwe0+Gorvn5OmpyUMt8vjlrT++avZaWv/a+C99pPnXxoJZOW4WGyboJsbmxlZc4Qa3rkQMFBvrnxQjkvmVgCQi9kbEwK/fLPu4/XXh0y99v28+0r043f3rX1HOXUdrw1JF+buIF6vtX4pF7b+QY9J6fXKkN6YmD46kZ8HB3Dyu/371/bztyXLq/+Nfjbu9ffSnE1nPWr20/bfVnf9RW79dqH9/EpHMr9fONjnQ5eZ5XP3zy6b3NCs9/7ckH1bCtfvSz8fm5mYORWxJ3l26fXRh31o8fY5Stf5DB/L7/65sn/SdeCoi0pP46Yh4Jqp3iINRvrw/Ip6LiAPNqx+/vfn8Jyuv/9pK6z+Re/1b1P4L6/VpIN06s2jL2FRSqqZe2DIf6Dqz/8a9gfz8l9f+RyqhoWxL/vUvWXSJWFqK/MAq3z4AAAB4KBQioq9uLqkvCoXh4eoc0O7YVpianp17OZn+7NxE9TsC/XVpq/PB3Ult/rO/Lj7aED+czRt/3bW1Eh8en56a6FCdgartlT6fFIbnrwXV/p/6uz1TzMD/ma/8wOZ1v/6/59o6FQRYdz7/YbOauVQXKTVJVPKfMrAxLefz31wgbEx5/b/F/3O7YYANoqw7w6b2IP1/cdrrO9teGGBdFeOD+XChoyUB1pvxP2xKy/qS/IoD5Z78l3pjaeLobX3ArlhZMbbm5NWRQDqy6kjuW1eyV+3XFJqmicKDHbBnyU9GrKxNT67+bTm1p+0nfzlbH2t3C/6wLv00L9D6ujHat3bXJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHb6LwAA///zLttP") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r0, 0x200, 0x1) getdents64(r0, 0x0, 0x0) 8.989962669s ago: executing program 2 (id=2470): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) unshare(0x62020600) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e21, @remote}}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000002000010026bd7000fbdbdf2502101000090000060600010008000200ac14142a05001500040008000500160089000000080001"], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4004804) 8.888259874s ago: executing program 0 (id=2471): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd0a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {0xffff, 0xffff}, {0xfff2, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000a40)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0xc, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x3, 0x2}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x810}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4) 8.461202786s ago: executing program 2 (id=2473): ioprio_set$uid(0x3, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x4000, &(0x7f00000000c0)={[{@noinit_itable}]}, 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=") 8.040556509s ago: executing program 2 (id=2477): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000001000000080000000b"], 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[], 0x10) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x2b8, 0xb0000010, 0x290, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0x0, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}, {0x10000000, 0x8000001}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x206, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f0000000000)="fc0000001a000700ab092500090007000aab0700a90100001d60369321000100ff0500000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bcf503000500000014000027000089fee1434f1e596534d07302ade0bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201800015b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb00d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a8700"/252, 0xfc) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={0x0, 0xfffffdea}, 0x1, 0x0, 0x0, 0x801}, 0x4) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) accept(r5, 0x0, 0x0) 3.293755647s ago: executing program 0 (id=2481): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file1\x00', 0x4000, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") syz_mount_image$vfat(&(0x7f0000000b00), &(0x7f000001fc00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1814011, 0x0, 0x40, 0x0, &(0x7f0000000140)) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x824851, 0x0, 0x1, 0x0, &(0x7f0000000d40)) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x600, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 3.114992036s ago: executing program 0 (id=2482): r0 = syz_clone(0xa8200780, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(r0, &(0x7f0000000040)='status\x00') ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, 0x0) pread64(r1, &(0x7f0000000140)=""/25, 0x19, 0x4) 2.838794791s ago: executing program 0 (id=2483): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x50) r0 = fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r4) sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1022000}, 0xc, &(0x7f0000000640)={&(0x7f0000000580)={0x14, r5, 0xc32, 0x70bd2a, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x20000010) pread64(0xffffffffffffffff, &(0x7f0000000480)=""/209, 0xd1, 0x2) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) socket(0x10, 0x803, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r0, 0x1, 0x0) r7 = openat$cgroup_ro(r6, &(0x7f0000000340)='cgroup.stat\x00', 0x300, 0x0) read$eventfd(r7, &(0x7f0000000340), 0x8) 2.642792421s ago: executing program 2 (id=2484): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x6a, 0x4) bind$inet(r0, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0xb27, 0x4) connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) sendmmsg(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)='\"', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)="92dba7cc", 0x4}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000c80)="eff38aa2e3f2c417a4d0bb308e1c69bfccb5c880f7298574b9b1319ae8337cb785c530e8807e76ff2c9afaa0c4c5eddc4bf88f600a0ae333b712235bc8b9b11fe545834b4c1b93c72090fb55ae34e9ab74837f7fb8db37a7c2366a2b2a17f7", 0x5f}], 0x1}}], 0x3, 0x4080) 2.546084986s ago: executing program 2 (id=2485): socketpair$nbd(0x1, 0x1, 0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)) socket$nl_sock_diag(0x10, 0x3, 0x4) socket$tipc(0x1e, 0x5, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x40000042}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) socket$key(0xf, 0x3, 0x2) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000003000/0x2000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x1eb541, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000280)=0x3) pwritev(r2, &(0x7f0000000040)=[{&(0x7f0000000240)='\x00!G', 0x3}], 0x1, 0x3, 0x7) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000100)={0x1, 0x0, [{0x1, 0x0, 0x5, 0x7, 0x803, 0x3fffffff, 0x2}]}) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x972, 0x0, 0x1}]}) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000440)={{0x33351000, 0x41000, 0x0, 0x6f, 0x8, 0x0, 0xac, 0x9, 0x3, 0x7, 0xfd, 0xb2}, {0xdddd1000, 0x0, 0xb, 0x1, 0x5, 0x5, 0x6, 0xda, 0xe, 0xfd, 0x2, 0xa}, {0x9000, 0x1, 0x4, 0x46, 0x4, 0xa, 0x4, 0x3, 0x5, 0x4, 0x7, 0xf}, {0xffff1000, 0x200000, 0xd, 0x2, 0x5, 0x9, 0x5, 0x4a, 0xa, 0x5d, 0x5, 0x5}, {0x3000, 0x70000, 0xe, 0x2, 0x8, 0x2, 0x6, 0x4, 0x1, 0x35, 0xd3, 0x1}, {0x200000, 0x60000, 0xb, 0xf7, 0x62, 0xe, 0x0, 0x2, 0xa8, 0x35, 0x7, 0x3}, {0x5000, 0x26000, 0x8, 0x6, 0x4, 0x2, 0x9, 0x5, 0x0, 0xff, 0x4, 0xc}, {0x10000, 0x0, 0x10, 0x2, 0x1, 0x7f, 0x20, 0x8, 0x7c, 0x0, 0x85}, {0x7000, 0x4}, {0x55000, 0x4132}, 0x0, 0x0, 0x1000, 0x8, 0x9, 0x8800, 0x10000, [0x2, 0x3ff, 0x2dcc, 0x4]}) ioprio_set$pid(0x2, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f0000000240)={@mcast2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @loopback, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86020086, r6}) openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) sched_setscheduler(0x0, 0x2, 0x0) 1.666672212s ago: executing program 2 (id=2487): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") open(&(0x7f00000001c0)='./file1\x00', 0x1ebb42, 0x83) getpid() pipe(0x0) getrlimit(0x5, &(0x7f00000000c0)) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f00000005c0)='fd', 0x0, 0xffffffffffffffff) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = fsmount(0xffffffffffffffff, 0x0, 0x2) fchdir(r0) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000001c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x7, 0xc2, 0xffffffffffffffff, 0x0, 0x0, 0x36}]) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82000000000", @ANYRES32=r1, @ANYBLOB="000080000000000018003480050035"], 0x38}, 0x1, 0x300}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00m'], 0x38}, 0x1, 0x300}, 0x0) 1.599986386s ago: executing program 0 (id=2488): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd0a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {0xffff, 0xffff}, {0xfff2, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000a40)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0xc, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x3, 0x2}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x810}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4) 1.466967063s ago: executing program 1 (id=2489): syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000040), 0x7, 0x4e3, &(0x7f0000001200)="$eJzs3EFsVEUYAOD/bbe0QJGKiFJRi2hsNLZQUDiYGIwmHjQx4kGPTVsIUqhpayKEwJIYPBoSr8Z49OrBqxovhpOJVzyaGBJiuACe1rzdt+12+3Yp7bYr7fcl2515O+/NzM6bt/NmuhvApjWY/kki+iLiRkTsjIhCY4LB6tPd2xfH792+OB6lcvnEP0m6W9xJ45kke96eRYYKEYUvkoUX6syev3BmbGpqciaLj8yd/XRk9vyFV06fHTs1eWry3OixY0cOHzr62uirD16pnPzSet0ZuDS9b+87H197b7xY296bPdfXo10GYzCvKBUvtDuzDttRF06KrVK+sfaFYdnS8z9tru5K/98ZXdGy8YANpFwul3uav1wqN7qyZAvw0Eqi0yUAOqP2QZ/e/9YeeQOBLWsz/Oi4W8erN0Bpve9mj4hnKxtr8yDdDfe37TQYxfio9O+36SONF9dgHgIAoN7Px2sjwYbxX3/Enrp0j2RrKP0R8WhE7IqIxyJid0Q8HtW0T0TEkw3H74qIcov8BxviS8efhZurq2Fr6fjv9Wxta2H8F/WrYP1dWWxHRG3APHkwe0+Gorvn5OmpyUMt8vjlrT++avZaWv/a+C99pPnXxoJZOW4WGyboJsbmxlZc4Qa3rkQMFBvrnxQjkvmVgCQi9kbEwK/fLPu4/XXh0y99v28+0r043f3rX1HOXUdrw1JF+buIF6vtX4pF7b+QY9J6fXKkN6YmD46kZ8HB3Dyu/371/bztyXLq/+Nfjbu9ffSnE1nPWr20/bfVnf9RW79dqH9/EpHMr9fONjnQ5eZ5XP3zy6b3NCs9/7ckH1bCtfvSz8fm5mYORWxJ3l26fXRh31o8fY5Stf5DB/L7/65sn/SdeCoi0pP46Yh4Jqp3iINRvrw/Ip6LiAPNqx+/vfn8Jyuv/9pK6z+Re/1b1P4L6/VpIN06s2jL2FRSqqZe2DIf6Dqz/8a9gfz8l9f+RyqhoWxL/vUvWXSJWFqK/MAq3z4AAAB4KBQioq9uLqkvCoXh4eoc0O7YVpianp17OZn+7NxE9TsC/XVpq/PB3Ult/rO/Lj7aED+czRt/3bW1Eh8en56a6FCdgartlT6fFIbnrwXV/p/6uz1TzMD/ma/8wOZ1v/6/59o6FQRYdz7/YbOauVQXKTVJVPKfMrAxLefz31wgbEx5/b/F/3O7YYANoqw7w6b2IP1/cdrrO9teGGBdFeOD+XChoyUB1pvxP2xKy/qS/IoD5Z78l3pjaeLobX3ArlhZMbbm5NWRQDqy6kjuW1eyV+3XFJqmicKDHbBnyU9GrKxNT67+bTm1p+0nfzlbH2t3C/6wLv00L9D6ujHat3bXJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHb6LwAA///zLttP") getdents64(0xffffffffffffffff, 0x0, 0x0) lseek(0xffffffffffffffff, 0x200, 0x1) getdents64(0xffffffffffffffff, 0x0, 0x0) 1.062370314s ago: executing program 1 (id=2490): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f00000003c0)='./file0\x00', 0xc0ed00c5, &(0x7f0000000180)={[{@noblock_validity}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}, {@noload}, {@nobarrier}, {@usrquota}]}, 0xfe, 0x475, &(0x7f0000001600)="$eJzs3MtvG8UfAPDvOk6a9PFLf6U8+oJAQVQ8kiZ90AMXEEgcQCDBoYhTcNIq1G1QEyRaRRA4BCEOqBJ3xBGJv4ATXBBwQuIKd1QJoVxaOBmtvZs6rh3ycOK0/nykTWZ215n57u54Z2fsBNC1htIfScTuiPgtIgYjoti4w1Dt183FudLfi3OlJCqV1/9Klv2dJFtSu2orKpUsv6NJuQtvRYyXy5OXs/zI7MV3R2auXH166uL4+cnzk5fGzpw5eeJI3+mxU22JM43rxsEPpg8feOnNa6+Uzl57+6dv0vruzrbfWJwrtaWgOkO1o9vUY+0urMP21KWTYgcrwprsydp7b7X9Dx7qiYGlbYPx4scdrRywqSqVSqXZ/TkzXwHuYkl0ugZAZ+Q3+vT5N1+2qOuxLfz5XO0BKI37ZrbUthSjkO3T2/B82079EXF2/p8v0yU2aRwCAKDed2n/56lm/b9C3Fe33/+yOZS9EfH/iNgXEfdExP6IuDeiuu/9EfHAGstvnCG5vf9TuL6uwFYp7f89m81tLe//5b2/2NuT5fZU4+9Nzk2VJ49nx+RY9O5I86PLXrLc9y/8+nnjus+yYfahuv5fuqTl533BrB7Xiw0DdBPjs+NtCT6N/6OIg8Vm8SdL84BJRByIiIPrLGPqia8Pt9r23/GvoA3zTJWvIh6vnf/5aIg/l7Scnxx95vTYqZH+KE8eH8mvitv9/MvCa63K31D8bZCe/51Nr/9a/OkzYtIfMXPl6oXqfO3M2stY+P2TUtJi2/51Xv99yRvVdF+27v3x2dnLoxF9yctpdmDZ+rFbr83z+f5p/MeONm//+2qPZ9UjcSgi0ov4SEQ8GBEPZefu4Yh4JCKOrhD/j88/+k6rba3P/wqj8m2Uxj+xwvlP3/LS1K3zv/ZEz4Ufvm1VfmVV5/9kNXUsW7Oa97/VVnAjxw4AAADuFIXqZ+CTwvBSulAYHq59hn9/7CyUp2dmnzw3/d6lidpn5fdGbyEf6RqsGw8dzcaG8/xYQ/5ENm78Rc9ANT9cmi5PdDp46HK7WrT/1B89na4dsOl8Xwu6l/YP3Uv7h+7VrP33d6AewNZz/4cu1dd89YdbXQ+gI9Z+//d0AHcL/X/oXto/dC/tH7pSy+/GFzb0lf87NVHcHtVomhjYHtXIE1HYFtVoX+LVT2tNYrvUJ08UV/3PLNaZ2NF0U6ffmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANrj3wAAAP//X4Dj1Q==") ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000001000)='./file1\x00', 0x1000000, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES16], 0xff, 0x7be, &(0x7f00000005c0)="$eJzs3U1oHPfZAPBn9EqxooAJeUtqjOOM7RRs6iq7q0SpyCHdrEbyJNKu2F0Vm1KSEMvFWPkgJrTxoYkvST8pPfWY5hpy6a3QQ6GHtqdCc+ilh0Igp5JCA6WlFFRmdtdeyfpyLNlJ+vuJ6D8788x/npmdzLOz1swEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBJY7ZSqSYHI2L5bLq1xmy7tbjN9EF/v17XbLPciKT4L8bH41Bv1KEvXJ98f/HreBzpvToS4yODCfc+/v+jI4P5t0nokzq2y7gk4o0ioUvPra6uvLIPidxGP/jVTc/yr7Xi93zWzDutfLE+n6V5p5XOTE9XHj4z10nn8oWsc67TzRbTRjurd1vt9GTjVFqdmZlKs8lzreXm/Gx9IRuMfOwrtUplOn1qcimrtzut5sNPTXYaZ/KFhbw5X8bUKt+OIuaxYkd8Ou+m3ay+mKYXLq6uTO2UahFUXTfmwLod58hD93746gcfX1wpdsitOkn6+1+tWq3VqtOPzjz6WKUyWqvU1o+obBDXImIkoojYl52Wz5A9OnLDrRsp6v/HScRC5NGM5TgbaaQxUv6+/jMW4zEb7WjFYvH6T2Mbpt9Q/7/08N/+sN1yh+v/oMofuj75cJT1/2jv1dEYL5rxuHLPuvpfHJQ35rF/P833etkMj7scr8WVuBTPxWqsxkq8chvz+UQ/I3vb33xk0Yw8OtGKPBajXo5J+2PSmInpmI5KPBNnYi46kcZc5LEQWXTiXHR+ONp/vxvRjizq0Y1WtCONk9GIU5FGNWZiJqYijSwm41y0YjmaMR+zUS97uRAXy+0+tSGv+7/7bPLGHz98uxi+FlTdZkWS4sNcEfT3bYL6xfzB2FX9v7u/busj1P/Pm/H++7zb+L04bMOeWCvP/0fvdBoAAADAPkrKb9+TiBiLB8qhuXwh+8adTgsAAADYQ+XfNR8pmrFi6IFIivP/yiaR79/23AAAAIC9kZTX2CURMREP9oYGl0tt9iUAAAAA8BlU/vv/0aKZiHi9HOH8HwAAAD5nvjd0j/0YvsfuB3f179HbWTqQ/F8/eunsQ8kL9WKo/kJ/XL/5+rUeu3OHk4P9TspmevTKPUlEjDayI8ng7pf/OdBrPyp7OHz9BoQb87h2r992eyy5unUCsX0C5av4URzrxRw732vPD6b0ljIxly9kk43WwuPVpP/lSPfVFy9+J6JY+vebiweTuHBxdWXy+ZdWz5e5XC16ufpC//bwyU3kstbfAvHA5ms8Vl6I0V/uRG+5leH17z8SYWT7ZSbDy3wzjvdijk/02on16z9eLLM6+Xg16vWDI93sbPfVtaG172dRvcU1fzNO9GJOnDzRazbJorYuixdvzKI2nMXutsWus3j72Otn//HbVpJN7ZTF1C1mAXCnXCjv+nO9Ct1dVqF/r/UU9X9D3R3c1fymjnIXrn/KGMw/VOtGY2+q+5txshdzsvd5YvTwJnWlsskR/eWLL/+uf0R/5N2f/fybR3//i62r21qyfRbvxqleYL+J+35zQxZFF9Vyy/54Q1V9p5jjnS2ramehlsRYjPSmDCavfGvlxVptarrySKXyaC3Gyo8K/UbtAWATOz5jZxdP4Xlk87PqGFS8+679ScFkPB8vxWqcj9Pl1QYR8eDmvU4M/RnC6R3OWieGnvByeodzy+uxtY2xB04ksUXs1NAW++JPy+af+/eeAMB+O75DHd5N/T+9w3n3+lp+qvfg3MHZcWxdyzfz1f3eIADwPyBrf5RMdN9K2u186ZnqzEy13j2Tpe1W4+m0nc/OZ2ne7Gbtxpl6cz5Ll9qtbqsx+OJ4NuukneWlpVa7m8612ulSq5OfLZ/8nvYf/d7JFuvNbt7oLC1k9U6WNlrNbr3RTWfzTiNdWn5yIe+cydrlzJ2lrJHP5Y16N281005rud3IJtO0k2VDgfls1uzmc3kx2EyX2vlivX01IhaWF7N0Nus02vlSt9XrcLCsvDnXai+W3U7euPp/vd3bGwA+DS6/duXSc6urK6+sH1hLNo7ZfODPu4i5HLF2p1cTABgyXKUBAAAAAAAAAAAAAIBPpxsv1yvG7nhJ3/DAWNxE8IaBA/FJ5vr8Dnz5vd7bshcd3ko/d697T+/q7yx3fvvc9MCzTzxxaauYJ18/dOYvWcTO/Wz+f8rle27Ye+OtgxF3/fInvTFfu11r+n701iJGb2r2tWSbmDt2SAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALf03AAD//2tvTu0=") setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) r0 = syz_clone(0xa8200780, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) r3 = syz_open_procfs(r0, &(0x7f0000000040)='status\x00') pread64(r3, &(0x7f0000000140)=""/25, 0x19, 0x4) 629.444686ms ago: executing program 1 (id=2491): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, 0x0, 0x4000) syz_emit_ethernet(0x41, &(0x7f0000000000)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @broadcast=0xac14140a, @initdev={0xac, 0x1e, 0x0, 0x0}}, '\b\x00\x00'}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 327.035212ms ago: executing program 1 (id=2492): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x6a, 0x4) bind$inet(r0, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0xb27, 0x4) connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) sendmmsg(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)='\"', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)="92dba7cc", 0x4}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000c80)="eff38aa2e3f2c417a4d0bb308e1c69bfccb5c880f7298574b9b1319ae8337cb785c530e8807e76ff2c9afaa0c4c5eddc4bf88f600a0ae333b712235bc8b9b11fe545834b4c1b93c72090fb55ae34e9ab74837f7fb8db37a7c2366a2b2a17f7", 0x5f}], 0x1}}], 0x3, 0x4080) 269.307506ms ago: executing program 1 (id=2493): openat$ptmx(0xffffffffffffff9c, 0x0, 0x3, 0x0) r0 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ftruncate(r2, 0x8008976) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r2, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 0s ago: executing program 1 (id=2494): syz_mount_image$ext4(&(0x7f00000009c0)='ext4\x00', &(0x7f0000000540)='./file0\x00', 0x800718, &(0x7f0000000200)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0x40000ff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x48d, &(0x7f0000000a00)="$eJzs281rHOUfAPDvTLKb9teX5FfrS2vVaBGCYtKkVXvwolQQqSjooR5jsi2h20aaKLYWm4p4EqSgZ/Eo+hd4E0HUk+DVkycpFO2lrafITGaSTbp5odlk0+7nAzP7PDPP7Dzfnbdnn2c3gI7Vn82SiJ0R8UdE9M5lFxfon3u5ef3i2K3rF8eSmJ198+8kL3fj+sWxsmi53Y4iM5BGpJ8kxU4Wmzp/4fRovV47V+SHps+8OzR1/sIz758ZPVU7VTs7cvTokcPDzz838mxL4sziurH/o8kD+155+8prYyeuvPPLd1l9dxbrG+Nolf4s8H9mc0vXPdnqnbXZrnzek8+T7jZXhjXriojscFXy6783umLh4PXGyx+3tXLAhsqeTT3Lr56ZBe5hSay1ZKXhngHc/coHffb9t5w2odmxZVx7ce4LUBb3zWKaW9MdaVGmMv/9tvX6I+LEzL9fZVNsUD8EAECjz8a+PF6Nnvjw1revZm2P3vk1aTyQv/6Zz3cXYyh9EfH/iNgTEfdFxN6IuD8iL/tgRDy0zvrc3v5Jr67zLVeUtf9eKMa2Frf/ytZf9HUVuV15/JXk5ES9dqj4TAai0pPlh1fYxw/Hfv98uXWN7b9syvZftgWLelztXtJBNz46PRqV9US94NrliP3dzeJP5kcCkojYFxH757da0wDP7jIx8dQ3B5YrtHr8K2jBONPs11l4M1n8M7Ek/lLSOD45cdv45NC2qNcODZVnxe1+/e3TN5bb/7rib4FrtbnXhuO/tEhf0jheO9Xa/d/h+Z9Wk7fyceZqMeb4wej09LnhiGpyPM9Xi7L58pGFbct8WT47/wcONr/+9xTbZPE/HBHZSfxIRDwaEY8VdX88Ip6IiIMrxPjzS6vHH2mbjv/liPGm97/583/J8T9/4XR5a1xYsmKi6/RP3y+3/7Ud/yN5aqBYkt//VtGsOt1NqnynnxsAAADcTdL8N/BJOjifTtPBwbnf8O+N/6X1yanpp09Ovnd2fO638n1RScuert6iP7Q+Ua8NJzPFO1aSY1GvjRR9xWV/6eGi3/iLru15fnBssj7e5tih0+1Y5vrP/NXV7toBG2x706Uj1U2vCNAGS8fR08XZS6+HmwHcq/xfGzrXKtd/uln1ADaf5z90rmbX/6UleWMBcG/y/IfO5fqHDpX+2O4aAG3k+Q8dadU/77cnsa1xSXXlwtUtUueWJbbqQckTEWUi3RL1kdigRLvvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK3xXwAAAP//uIXZzg==") kernel console output (not intermixed with test programs): city change from 0 to 512 [ 290.788621][ T9364] EXT4-fs: inline encryption not supported [ 290.798264][ T9364] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 290.819169][ T9364] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec118, mo2=0002] [ 290.827974][ T9364] System zones: 1-12 [ 290.844501][ T9364] EXT4-fs (loop1): 1 truncate cleaned up [ 290.851406][ T9364] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 291.034891][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.837452][ T9371] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.904540][ T9371] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 291.918349][ T9373] loop1: detected capacity change from 0 to 256 [ 293.046046][ T8133] usb 1-1: USB disconnect, device number 4 [ 293.169297][ T9389] tc_dump_action: action bad kind [ 293.373763][ T9391] syzkaller0: entered promiscuous mode [ 293.425693][ T9391] syzkaller0: entered allmulticast mode [ 293.447913][ T9396] x_tables: duplicate underflow at hook 1 [ 294.507718][ T9402] loop2: detected capacity change from 0 to 512 [ 294.515481][ T9402] EXT4-fs: inline encryption not supported [ 294.523159][ T9402] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 294.556351][ T9402] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec118, mo2=0002] [ 294.564802][ T9402] System zones: 1-12 [ 294.569447][ T9402] EXT4-fs (loop2): 1 truncate cleaned up [ 294.576591][ T9402] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 294.702462][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.316408][ T9410] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 296.335497][ T9410] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1149'. [ 297.716365][ T9417] loop1: detected capacity change from 0 to 256 [ 298.804529][ T1187] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 298.868197][ T9428] tc_dump_action: action bad kind [ 299.104098][ T1187] usb 1-1: Using ep0 maxpacket: 16 [ 299.112733][ T1187] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 299.126905][ T1187] usb 1-1: config 0 interface 0 has no altsetting 0 [ 299.666898][ T1187] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 299.898934][ T1187] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.958953][ T1187] usb 1-1: config 0 descriptor?? [ 300.011564][ T1187] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 300.101339][ T9438] loop2: detected capacity change from 0 to 512 [ 300.108808][ T9438] EXT4-fs: inline encryption not supported [ 300.117670][ T9438] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 300.140376][ T9438] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec118, mo2=0002] [ 300.148517][ T9438] System zones: 1-12 [ 300.164542][ T9438] EXT4-fs (loop2): 1 truncate cleaned up [ 300.171501][ T9438] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 300.287267][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 300.379917][ T9452] x_tables: duplicate underflow at hook 1 [ 300.602191][ T9456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 300.638035][ T9456] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 301.105800][ T9464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1162'. [ 301.763738][ T5813] usb 1-1: USB disconnect, device number 5 [ 302.501361][ T9468] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 302.517138][ T9468] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1165'. [ 303.203097][ T9445] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 303.440766][ T9486] loop0: detected capacity change from 0 to 512 [ 303.448281][ T9486] EXT4-fs: inline encryption not supported [ 303.461657][ T9486] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 303.486888][ T9486] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec118, mo2=0002] [ 303.495260][ T9486] System zones: 1-12 [ 303.501910][ T9486] EXT4-fs (loop0): 1 truncate cleaned up [ 303.509689][ T9486] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 304.889678][ T9496] x_tables: duplicate underflow at hook 1 [ 304.898142][ T9494] overlayfs: missing 'lowerdir' [ 304.979888][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 305.913248][ T9516] loop2: detected capacity change from 0 to 256 [ 307.405321][ T9506] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 307.425501][ T9506] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1175'. [ 308.300363][ T9533] overlayfs: missing 'lowerdir' [ 308.619909][ T9528] tipc: Started in network mode [ 308.629054][ T9528] tipc: Node identity 4a7c0f3b09d5, cluster identity 4711 [ 308.665840][ T9528] tipc: Enabled bearer , priority 0 [ 308.789337][ T9539] syzkaller0: entered promiscuous mode [ 308.805750][ T9539] syzkaller0: entered allmulticast mode [ 308.813142][ T9539] tipc: Resetting bearer [ 308.938613][ T9526] tipc: Resetting bearer [ 309.027573][ T9547] x_tables: duplicate underflow at hook 1 [ 309.745042][ T9545] loop0: detected capacity change from 0 to 40427 [ 309.766324][ T9545] F2FS-fs (loop0): invalid crc value [ 309.793432][ T9545] F2FS-fs (loop0): Found nat_bits in checkpoint [ 309.883603][ T9545] F2FS-fs (loop0): Start checkpoint disabled! [ 309.898491][ T9545] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 310.788877][ T4708] kworker/u4:10: attempt to access beyond end of device [ 310.788877][ T4708] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 310.803437][ T4708] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 310.813366][ T4708] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 312.000908][ T9526] tipc: Disabling bearer [ 312.040885][ T5816] tipc: Node number set to 1135152955 [ 312.050449][ T9561] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1187'. [ 312.081939][ T9561] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1187'. [ 312.392336][ T9570] loop0: detected capacity change from 0 to 256 [ 313.981370][ T9576] syzkaller0: entered promiscuous mode [ 314.019713][ T9576] syzkaller0: entered allmulticast mode [ 314.163586][ T9581] tc_dump_action: action bad kind [ 314.359123][ T9596] x_tables: duplicate underflow at hook 1 [ 314.408981][ T9596] vlan2: entered allmulticast mode [ 314.417372][ T9596] macsec0: entered allmulticast mode [ 314.423137][ T9596] veth1_macvtap: entered allmulticast mode [ 316.375188][ T9635] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 316.407089][ T9623] syzkaller0: entered promiscuous mode [ 316.419673][ T9623] syzkaller0: entered allmulticast mode [ 316.467398][ T9635] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1207'. [ 317.018163][ T9626] loop1: detected capacity change from 0 to 40427 [ 317.028901][ T9626] F2FS-fs (loop1): invalid crc value [ 317.040258][ T9626] F2FS-fs (loop1): Found nat_bits in checkpoint [ 317.112320][ T9626] F2FS-fs (loop1): Start checkpoint disabled! [ 317.128588][ T9626] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 317.517960][ T28] audit: type=1804 audit(1776975435.496:16): pid=9641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1208" name="/newroot/322/file0/file0" dev="loop1" ino=10 res=1 errno=0 [ 318.048380][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.064195][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.114601][ T12] kworker/u4:1: attempt to access beyond end of device [ 318.114601][ T12] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 318.129128][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 318.139533][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 320.306631][ T9653] Driver unsupported XDP return value 0 on prog (id 41) dev N/A, expect packet loss! [ 320.322809][ T9653] netlink: 'syz.2.1214': attribute type 10 has an invalid length. [ 321.674121][ T27] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 321.864218][ T27] usb 2-1: Using ep0 maxpacket: 16 [ 321.887457][ T27] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 321.901676][ T27] usb 2-1: config 0 interface 0 has no altsetting 0 [ 321.911108][ T27] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 321.947795][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.981685][ T27] usb 2-1: config 0 descriptor?? [ 322.010137][ T27] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 322.515640][ T9668] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 322.546521][ T9672] syzkaller0: entered promiscuous mode [ 322.552256][ T9672] syzkaller0: entered allmulticast mode [ 322.588668][ T9686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 322.608406][ T9686] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 322.722251][ T9685] syzkaller0: entered promiscuous mode [ 322.731819][ T9685] syzkaller0: entered allmulticast mode [ 322.764230][ T9690] netlink: 'syz.3.1223': attribute type 29 has an invalid length. [ 322.910360][ T9695] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 322.919793][ T9695] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 322.928878][ T9695] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 324.443652][ T8133] usb 2-1: USB disconnect, device number 5 [ 325.397904][ T9690] netlink: 'syz.3.1223': attribute type 29 has an invalid length. [ 325.526771][ T9711] syzkaller0: entered promiscuous mode [ 325.532311][ T9711] syzkaller0: entered allmulticast mode [ 325.765620][ T9718] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.772938][ T9718] bridge0: port 2(bridge_slave_1) entered forwarding state [ 325.780604][ T9718] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.788002][ T9718] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.000493][ T9729] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 326.010114][ T9729] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 326.018989][ T9729] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 326.846830][ T9718] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 326.929384][ T9723] syzkaller0: entered promiscuous mode [ 326.944098][ T9723] syzkaller0: entered allmulticast mode [ 327.627343][ T9748] syzkaller0: entered promiscuous mode [ 327.647724][ T9748] syzkaller0: entered allmulticast mode [ 331.095911][ T9776] syzkaller0: entered promiscuous mode [ 331.102589][ T9776] syzkaller0: entered allmulticast mode [ 331.200327][ T9781] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1247'. [ 331.215385][ T9781] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1247'. [ 331.513594][ T9791] netlink: 'syz.1.1252': attribute type 29 has an invalid length. [ 331.534073][ T9791] netlink: 'syz.1.1252': attribute type 29 has an invalid length. [ 331.557444][ T9791] netlink: 'syz.1.1252': attribute type 29 has an invalid length. [ 331.646914][ T9795] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 331.666579][ T9795] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1251'. [ 333.582085][ T9808] overlayfs: missing 'lowerdir' [ 334.095567][ T9818] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1259'. [ 334.128739][ T9818] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1259'. [ 334.316726][ T9825] syzkaller0: entered promiscuous mode [ 334.323640][ T9825] syzkaller0: entered allmulticast mode [ 334.568909][ T9832] syzkaller0: entered promiscuous mode [ 334.574703][ T9832] syzkaller0: entered allmulticast mode [ 335.532934][ T9841] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 335.585277][ T9841] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1269'. [ 337.121387][ T9852] x_tables: duplicate underflow at hook 1 [ 337.174742][ T9845] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 339.582890][ T9871] loop3: detected capacity change from 0 to 256 [ 340.163887][ T9879] loop0: detected capacity change from 0 to 40427 [ 340.177260][ T9879] F2FS-fs (loop0): invalid crc value [ 340.186585][ T9879] F2FS-fs (loop0): Found nat_bits in checkpoint [ 340.323106][ T9879] F2FS-fs (loop0): Start checkpoint disabled! [ 340.344843][ T9879] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 340.529116][ T9883] netlink: 'syz.2.1284': attribute type 21 has an invalid length. [ 340.546902][ T9883] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1284'. [ 341.179639][ T9892] loop1: detected capacity change from 0 to 512 [ 341.187412][ T9892] EXT4-fs: inline encryption not supported [ 341.207990][ T9892] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 341.276708][ T9895] x_tables: duplicate underflow at hook 1 [ 341.301560][ T9892] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec118, mo2=0002] [ 341.310275][ T9892] System zones: 1-12 [ 341.422224][ T9892] EXT4-fs (loop1): 1 truncate cleaned up [ 341.433999][ T9892] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 341.960630][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 342.070172][ T11] kworker/u4:0: attempt to access beyond end of device [ 342.070172][ T11] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 342.121124][ T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 342.165481][ T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 342.367281][ T9909] loop2: detected capacity change from 0 to 1024 [ 342.375215][ T9909] EXT4-fs: Ignoring removed bh option [ 342.383160][ T9909] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869) [ 342.397197][ T9909] JBD2: no valid journal superblock found [ 342.403722][ T9909] EXT4-fs (loop2): Could not load journal inode [ 342.452266][ T5776] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 342.789168][ T9904] loop3: detected capacity change from 0 to 40427 [ 342.826984][ T9904] F2FS-fs (loop3): invalid crc value [ 342.864893][ T9904] F2FS-fs (loop3): Found nat_bits in checkpoint [ 343.915105][ T9904] F2FS-fs (loop3): Start checkpoint disabled! [ 344.012733][ T9904] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 344.126996][ T9925] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.1298'. [ 344.357552][ T28] audit: type=1804 audit(1776975462.356:17): pid=9926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1292" name="/newroot/334/file0/file0" dev="loop3" ino=10 res=1 errno=0 [ 344.737232][ T49] kworker/u4:3: attempt to access beyond end of device [ 344.737232][ T49] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 344.760861][ T49] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 344.769933][ T49] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 345.039981][ T9943] loop1: detected capacity change from 0 to 1024 [ 345.055898][ T9943] EXT4-fs: Ignoring removed bh option [ 345.350247][ T9943] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869) [ 345.377337][ T9943] JBD2: no valid journal superblock found [ 345.538789][ T9943] EXT4-fs (loop1): Could not load journal inode [ 345.665669][ T5776] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 345.718823][ T9947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1307'. [ 345.732276][ T9947] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1307'. [ 345.907854][ T9951] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1309'. [ 345.955278][ T9953] netlink: 'syz.1.1309': attribute type 10 has an invalid length. [ 345.978919][ T9953] team0: Device hsr_slave_0 failed to register rx_handler [ 346.132656][ T9952] syzkaller0: entered promiscuous mode [ 346.147655][ T9952] syzkaller0: entered allmulticast mode [ 349.515414][ T9994] overlayfs: missing 'workdir' [ 354.316335][T10015] loop3: detected capacity change from 0 to 40427 [ 355.591988][T10056] syzkaller0: entered promiscuous mode [ 355.629496][T10056] syzkaller0: entered allmulticast mode [ 355.685318][T10058] netlink: 'syz.2.1342': attribute type 29 has an invalid length. [ 355.693632][T10058] netlink: 'syz.2.1342': attribute type 29 has an invalid length. [ 356.177713][T10076] loop3: detected capacity change from 0 to 512 [ 356.185206][T10076] EXT4-fs: inline encryption not supported [ 356.214609][T10076] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 356.228006][T10076] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec118, mo2=0002] [ 356.237101][T10076] System zones: 1-12 [ 356.244208][T10076] EXT4-fs (loop3): 1 truncate cleaned up [ 356.251198][T10076] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 356.693923][ C1] hrtimer: interrupt took 51196 ns [ 356.984985][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 358.477029][T10098] syzkaller0: entered promiscuous mode [ 358.482752][T10098] syzkaller0: entered allmulticast mode [ 358.523018][T10102] loop3: detected capacity change from 0 to 256 [ 358.994361][T10064] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 359.779465][T10125] syzkaller0: entered promiscuous mode [ 359.802607][T10125] syzkaller0: entered allmulticast mode [ 360.175946][T10146] loop2: detected capacity change from 0 to 256 [ 360.452657][T10128] loop0: detected capacity change from 0 to 40427 [ 360.476477][T10128] F2FS-fs (loop0): invalid crc value [ 360.493603][T10128] F2FS-fs (loop0): Found nat_bits in checkpoint [ 360.617953][T10128] F2FS-fs (loop0): Start checkpoint disabled! [ 360.639770][T10128] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 361.071995][ T28] audit: type=1804 audit(1776975479.056:18): pid=10158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1368" name="/newroot/326/file0/file0" dev="loop0" ino=10 res=1 errno=0 [ 361.640750][ T5071] kworker/u4:12: attempt to access beyond end of device [ 361.640750][ T5071] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 361.662824][ T5071] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 361.672187][ T5071] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 362.126636][T10167] syzkaller0: entered promiscuous mode [ 362.132188][T10167] syzkaller0: entered allmulticast mode [ 362.627522][T10171] loop2: detected capacity change from 0 to 40427 [ 362.640733][T10171] F2FS-fs (loop2): invalid crc value [ 362.652648][T10171] F2FS-fs (loop2): Found nat_bits in checkpoint [ 362.761617][T10171] F2FS-fs (loop2): Start checkpoint disabled! [ 362.800176][T10171] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 362.829701][T10131] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 362.911615][T10177] loop0: detected capacity change from 0 to 40427 [ 362.958530][T10177] F2FS-fs (loop0): invalid crc value [ 363.045312][T10177] F2FS-fs (loop0): Found nat_bits in checkpoint [ 363.222901][ T28] audit: type=1804 audit(1776975481.206:19): pid=10184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1383" name="/newroot/331/file0/file0" dev="loop2" ino=10 res=1 errno=0 [ 363.532835][T10177] F2FS-fs (loop0): Start checkpoint disabled! [ 363.600836][T10177] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 363.863572][ T4708] kworker/u4:10: attempt to access beyond end of device [ 363.863572][ T4708] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 363.883361][ T4708] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 363.892002][ T4708] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 364.012682][ T28] audit: type=1804 audit(1776975481.986:20): pid=10191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1386" name="/newroot/332/file0/file0" dev="loop0" ino=10 res=1 errno=0 [ 364.691309][T10197] x_tables: duplicate underflow at hook 1 [ 364.926784][ T3505] kworker/u4:9: attempt to access beyond end of device [ 364.926784][ T3505] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 365.161267][ T3505] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 365.303213][ T3505] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 365.651928][T10206] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.1394'. [ 366.257548][T10221] loop2: detected capacity change from 0 to 40427 [ 366.270962][T10221] F2FS-fs (loop2): invalid crc value [ 366.280989][T10221] F2FS-fs (loop2): Found nat_bits in checkpoint [ 366.343598][T10221] F2FS-fs (loop2): Start checkpoint disabled! [ 366.353721][T10221] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 367.859233][ T28] audit: type=1804 audit(1776975485.476:21): pid=10227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1398" name="/newroot/336/file0/file0" dev="loop2" ino=10 res=1 errno=0 [ 367.994652][ T4708] kworker/u4:10: attempt to access beyond end of device [ 367.994652][ T4708] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 368.010343][ T4708] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 368.018612][ T4708] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 368.118399][T10240] x_tables: duplicate underflow at hook 1 [ 368.775360][T10210] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 369.119001][T10248] netlink: 'syz.1.1405': attribute type 7 has an invalid length. [ 369.396953][T10260] netlink: 'syz.1.1411': attribute type 2 has an invalid length. [ 369.409233][T10258] loop2: detected capacity change from 0 to 256 [ 369.424132][T10260] netlink: 'syz.1.1411': attribute type 1 has an invalid length. [ 369.438434][T10260] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1411'. [ 370.841453][T10270] x_tables: duplicate underflow at hook 1 [ 371.273064][T10274] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.1414'. [ 372.274985][T10293] loop2: detected capacity change from 0 to 256 [ 373.172534][T10294] syzkaller0: entered promiscuous mode [ 373.203669][T10294] syzkaller0: entered allmulticast mode [ 373.656596][T10316] loop2: detected capacity change from 0 to 256 [ 376.406200][T10351] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1436'. [ 376.541959][T10354] loop0: detected capacity change from 0 to 256 [ 377.698971][T10358] loop0: detected capacity change from 0 to 256 [ 379.468876][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.475671][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.948330][T10384] loop3: detected capacity change from 0 to 256 [ 380.328450][T10394] netlink: 'syz.1.1450': attribute type 10 has an invalid length. [ 380.360617][T10394] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 380.398923][T10401] syzkaller0: entered promiscuous mode [ 380.408831][T10401] syzkaller0: entered allmulticast mode [ 381.507840][T10434] syzkaller0: entered promiscuous mode [ 381.529937][T10434] syzkaller0: entered allmulticast mode [ 385.271443][T10456] netlink: 'syz.0.1473': attribute type 29 has an invalid length. [ 385.304659][T10456] netlink: 'syz.0.1473': attribute type 29 has an invalid length. [ 385.361202][T10460] netlink: 336 bytes leftover after parsing attributes in process `syz.2.1476'. [ 385.370890][T10456] netlink: 'syz.0.1473': attribute type 29 has an invalid length. [ 385.372883][T10458] loop3: detected capacity change from 0 to 256 [ 385.381739][T10456] netlink: 'syz.0.1473': attribute type 29 has an invalid length. [ 387.859645][T10515] netlink: 'syz.0.1498': attribute type 10 has an invalid length. [ 387.958884][T10515] veth0_vlan: left promiscuous mode [ 388.000323][T10515] veth0_vlan: entered promiscuous mode [ 388.043051][T10515] team0: Device veth0_vlan failed to register rx_handler [ 388.135943][T10526] loop1: detected capacity change from 0 to 256 [ 388.405946][T10530] x_tables: duplicate underflow at hook 1 [ 391.140073][T10570] netlink: 'syz.1.1520': attribute type 29 has an invalid length. [ 391.190009][T10570] netlink: 'syz.1.1520': attribute type 29 has an invalid length. [ 391.204498][T10573] netlink: 'syz.1.1520': attribute type 29 has an invalid length. [ 391.218593][T10573] netlink: 'syz.1.1520': attribute type 29 has an invalid length. [ 391.424275][T10579] loop1: detected capacity change from 0 to 256 [ 391.465307][T10581] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1524'. [ 392.966082][T10598] netlink: 'syz.3.1530': attribute type 1 has an invalid length. [ 392.981548][T10596] syzkaller0: entered promiscuous mode [ 392.999596][T10598] netlink: 'syz.3.1530': attribute type 2 has an invalid length. [ 393.000195][T10596] syzkaller0: entered allmulticast mode [ 393.029478][T10598] netlink: 'syz.3.1530': attribute type 2 has an invalid length. [ 393.070050][T10598] netlink: 'syz.3.1530': attribute type 2 has an invalid length. [ 393.096900][T10598] netlink: 'syz.3.1530': attribute type 1 has an invalid length. [ 393.146523][T10598] netlink: 'syz.3.1530': attribute type 1 has an invalid length. [ 393.463171][T10616] syzkaller0: entered promiscuous mode [ 393.473258][T10616] syzkaller0: entered allmulticast mode [ 394.427364][T10631] loop2: detected capacity change from 0 to 256 [ 394.435542][T10630] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1542'. [ 395.664673][T10650] x_tables: duplicate underflow at hook 1 [ 397.382469][T10692] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1563'. [ 397.415429][T10694] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1564'. [ 397.532683][T10696] syzkaller0: entered promiscuous mode [ 397.562959][T10696] syzkaller0: entered allmulticast mode [ 398.085376][T10718] syzkaller0: entered promiscuous mode [ 398.091005][T10718] syzkaller0: entered allmulticast mode [ 399.000039][T10765] syzkaller0: entered promiscuous mode [ 399.048260][T10765] syzkaller0: entered allmulticast mode [ 399.527920][T10775] syzkaller0: entered promiscuous mode [ 399.754433][T10775] syzkaller0: entered allmulticast mode [ 399.923862][T10780] syzkaller0: entered promiscuous mode [ 399.938165][T10780] syzkaller0: entered allmulticast mode [ 400.664185][ T27] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 400.880530][ T27] usb 4-1: Using ep0 maxpacket: 16 [ 400.953243][ T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 401.123876][ T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 401.252410][ T27] usb 4-1: config 0 interface 0 has no altsetting 0 [ 401.340286][ T27] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 401.390063][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.417194][ T27] usb 4-1: config 0 descriptor?? [ 401.875134][T10798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 401.894748][T10798] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 402.131509][ T5813] usb 4-1: USB disconnect, device number 7 [ 402.312572][T10841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1616'. [ 402.443288][T10845] loop1: detected capacity change from 0 to 256 [ 404.784839][T10882] netlink: 16222 bytes leftover after parsing attributes in process `syz.2.1632'. [ 405.704449][ T5813] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 405.871745][T10898] x_tables: duplicate underflow at hook 1 [ 406.294209][ T5813] usb 1-1: Using ep0 maxpacket: 16 [ 406.325721][ T5813] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 406.345928][ T5813] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 406.361875][ T5813] usb 1-1: config 0 interface 0 has no altsetting 0 [ 406.369164][ T5813] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 406.379556][ T5813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.407212][ T5813] usb 1-1: config 0 descriptor?? [ 407.225084][T10877] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.233859][T10877] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.551751][ T9245] usb 1-1: USB disconnect, device number 6 [ 407.749617][T10927] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1650'. [ 409.130067][T10993] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 409.614056][ T5816] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 409.836988][T11022] x_tables: duplicate underflow at hook 1 [ 411.054104][ T5816] usb 4-1: Using ep0 maxpacket: 32 [ 411.102718][ T5816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 411.164483][ T5816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 411.216484][ T5816] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 411.261929][ T5816] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.319005][ T5816] usb 4-1: config 0 descriptor?? [ 411.440947][T11031] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1696'. [ 411.763465][ T5816] savu 0003:1E7D:2D5A.0003: item fetching failed at offset 6/8 [ 411.786551][ T5816] savu 0003:1E7D:2D5A.0003: parse failed [ 411.834169][ T5816] savu: probe of 0003:1E7D:2D5A.0003 failed with error -22 [ 411.930863][T11054] netlink: 16222 bytes leftover after parsing attributes in process `syz.1.1702'. [ 411.979319][ T5816] usb 4-1: USB disconnect, device number 8 [ 412.165605][T11062] x_tables: duplicate underflow at hook 1 [ 412.178834][T11062] vlan2: entered allmulticast mode [ 412.184838][T11062] macsec0: entered allmulticast mode [ 412.190472][T11062] veth1_macvtap: entered allmulticast mode [ 413.309091][T11082] syzkaller0: entered promiscuous mode [ 413.316068][T11082] syzkaller0: entered allmulticast mode [ 413.585788][T11095] x_tables: duplicate underflow at hook 1 [ 413.756431][T11101] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1721'. [ 414.454565][T11118] syzkaller0: entered promiscuous mode [ 414.467118][T11118] syzkaller0: entered allmulticast mode [ 414.624196][T11124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1731'. [ 415.332845][T11151] syzkaller0: entered promiscuous mode [ 415.356054][T11151] syzkaller0: entered allmulticast mode [ 415.483690][T11158] loop0: detected capacity change from 0 to 256 [ 415.738378][T11164] binder: 11163:11164 ioctl 40046210 0 returned -14 [ 416.044542][T11175] x_tables: duplicate underflow at hook 1 [ 416.150185][T11181] netlink: 16198 bytes leftover after parsing attributes in process `syz.3.1752'. [ 416.639498][T11193] binder: BINDER_SET_CONTEXT_MGR already set [ 416.651625][T11193] binder: 11192:11193 ioctl 4018620d 200000000280 returned -16 [ 418.419637][T11221] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.1769'. [ 418.479760][ T5813] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 418.557626][T11225] loop1: detected capacity change from 0 to 256 [ 418.604098][ T5901] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 418.675265][ T5813] usb 1-1: Using ep0 maxpacket: 16 [ 418.697074][ T5813] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 418.720089][ T5813] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 418.732362][ T5813] usb 1-1: config 0 interface 0 has no altsetting 0 [ 418.748737][ T5813] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 418.760853][ T5813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.783894][ T5813] usb 1-1: config 0 descriptor?? [ 418.843689][ T5901] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 418.863541][ T5901] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 418.875060][ T5901] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 418.895334][ T5901] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 418.913826][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.935162][ T5901] usb 3-1: config 0 descriptor?? [ 419.205826][T11211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.224657][T11211] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.383521][ T5901] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 419.406352][ T5901] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 419.430243][ T5901] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 419.438334][ T5901] plantronics 0003:047F:FFFF.0005: unexpected long global item [ 419.461389][ T5816] usb 1-1: USB disconnect, device number 7 [ 419.461991][ T5901] plantronics 0003:047F:FFFF.0005: parse failed [ 419.484005][ T5901] plantronics: probe of 0003:047F:FFFF.0005 failed with error -22 [ 419.617770][ T27] usb 3-1: USB disconnect, device number 16 [ 419.808338][ T9245] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 420.001424][ T9245] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 420.012085][ T9245] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 420.037613][ T9245] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 420.057347][ T9245] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.089647][ T9245] usb 4-1: Product: syz [ 420.103372][ T9245] usb 4-1: Manufacturer: syz [ 420.115329][ T9245] usb 4-1: SerialNumber: syz [ 420.131205][ T9245] usb 4-1: config 0 descriptor?? [ 420.142190][T11245] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 420.164434][T11245] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 420.356576][T11266] loop2: detected capacity change from 0 to 256 [ 420.391437][T11245] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 420.414321][T11245] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 420.614324][ T5901] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 420.834161][ T5901] usb 1-1: Using ep0 maxpacket: 16 [ 420.845303][ T5901] usb 1-1: unable to get BOS descriptor or descriptor too short [ 420.857544][ T5901] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 420.871639][ T5901] usb 1-1: New USB device found, idVendor=041e, idProduct=3237, bcdDevice= 0.40 [ 420.882306][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.892373][ T5901] usb 1-1: Product: syz [ 420.912357][ T5901] usb 1-1: Manufacturer: syz [ 420.917582][ T5901] usb 1-1: SerialNumber: syz [ 421.044205][ T5813] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 421.056909][ T9245] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 421.087982][ T9245] usb 4-1: USB disconnect, device number 9 [ 421.168215][ T5901] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 421.178266][ T5901] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 421.244280][ T5813] usb 2-1: Using ep0 maxpacket: 16 [ 421.250295][ T5901] usb 1-1: USB disconnect, device number 8 [ 421.303455][ T5813] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 421.328132][ T5813] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 421.352037][ T5813] usb 2-1: config 0 interface 0 has no altsetting 0 [ 421.371380][ T5813] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 421.377064][ T5774] udevd[5774]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 421.381759][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.427333][ T5813] usb 2-1: config 0 descriptor?? [ 421.869313][T11275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 421.891673][T11275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.141678][ T5816] usb 2-1: USB disconnect, device number 6 [ 422.301819][T11299] loop0: detected capacity change from 0 to 256 [ 422.314435][ T5901] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 422.520918][ T5901] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 422.535381][ T5901] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 422.548120][ T5901] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 422.558213][ T5901] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 211, setting to 64 [ 423.199585][T11303] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 423.370524][T11303] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1804'. [ 424.167586][ T5901] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 424.789016][T11315] ======================================================= [ 424.789016][T11315] WARNING: The mand mount option has been deprecated and [ 424.789016][T11315] and is ignored by this kernel. Remove the mand [ 424.789016][T11315] option from the mount to silence this warning. [ 424.789016][T11315] ======================================================= [ 424.901189][T11317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1811'. [ 424.919139][T11315] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 424.941881][ T5901] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=e4.40 [ 424.952168][ T5901] usb 3-1: New USB device strings: Mfr=255, Product=0, SerialNumber=1 [ 424.960605][ T5901] usb 3-1: Manufacturer: syz [ 424.965688][ T5901] usb 3-1: SerialNumber: syz [ 424.998368][T11291] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 425.147108][ T5901] cdc_acm: probe of 3-1:1.0 failed with error -12 [ 425.203020][ T5901] usb 3-1: USB disconnect, device number 17 [ 425.320071][T11326] kvm: kvm [11323]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x80000000000 [ 425.365579][T11330] x_tables: duplicate underflow at hook 1 [ 425.565796][T11337] syzkaller0: entered promiscuous mode [ 425.584172][T11337] syzkaller0: entered allmulticast mode [ 426.832681][T11360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1827'. [ 426.878601][T11367] binder: BINDER_SET_CONTEXT_MGR already set [ 426.905094][T11367] binder: 11366:11367 ioctl 40046207 0 returned -16 [ 426.923139][T11367] binder: BINDER_SET_CONTEXT_MGR already set [ 426.941310][T11367] binder: 11366:11367 ioctl 40046207 0 returned -16 [ 426.974194][ T8] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 427.360041][ T5816] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 427.568201][ T5816] usb 3-1: too many configurations: 65, using maximum allowed: 8 [ 427.610000][ T5816] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 427.650312][ T5816] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 427.732322][ T5816] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 427.770853][ T5816] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 427.782206][ T8] usb 2-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 427.797366][ T8] usb 2-1: config 0 interface 0 has no altsetting 0 [ 427.801158][ T5816] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 427.804078][ T8] usb 2-1: New USB device found, idVendor=0458, idProduct=501a, bcdDevice= 0.00 [ 427.804105][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.806605][ T8] usb 2-1: config 0 descriptor?? [ 427.819696][ T5816] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 427.853582][ T5816] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 427.864611][ T5816] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 427.923415][ T5816] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 427.934276][ T5816] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 427.949006][ T5816] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 427.959838][ T5816] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 427.975353][ T5816] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 427.994346][ T5816] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 428.009772][ T5816] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 428.022107][ T5816] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 428.042077][ T5816] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 428.064056][ T5816] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 428.072314][ T5816] usb 3-1: SerialNumber: syz [ 428.095876][ T5816] usb 3-1: bad CDC descriptors [ 428.250441][ T8] kye 0003:0458:501A.0007: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 428.270348][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.278976][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.288678][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.298572][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.307171][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.322893][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.331365][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.342638][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.352999][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.369029][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.379455][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.390118][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.398614][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.399022][ T5816] usb 3-1: USB disconnect, device number 18 [ 428.409075][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.420724][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.433639][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.442645][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.457949][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.478230][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.490701][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.500870][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.509371][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.534129][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.543475][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.558679][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.567581][T11389] capability: warning: `syz.0.1838' uses 32-bit capabilities (legacy support in use) [ 428.578041][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.578079][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.578107][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.578130][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.608035][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.623335][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.630901][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.638587][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.648678][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.674342][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.681131][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.688968][ T8] kye 0003:0458:501A.0007: unknown main item tag 0x0 [ 428.718737][ T8] kye 0003:0458:501A.0007: hidraw0: USB HID v0.04 Device [HID 0458:501a] on usb-dummy_hcd.1-1/input0 [ 428.730039][ T8] kye 0003:0458:501A.0007: tablet-enabling feature report not found [ 428.743062][ T8] kye 0003:0458:501A.0007: tablet enabling failed [ 428.761273][ T8] usb 2-1: USB disconnect, device number 7 [ 428.811475][T11392] fido_id[11392]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 428.994523][ T5901] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 429.163352][T11399] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1842'. [ 429.184476][ T5901] usb 1-1: Using ep0 maxpacket: 16 [ 429.195427][ T5901] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 429.221592][ T5901] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 429.242501][ T5901] usb 1-1: config 0 interface 0 has no altsetting 0 [ 429.250380][ T5901] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 429.261432][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.282941][ T5901] usb 1-1: config 0 descriptor?? [ 429.378018][T11406] syzkaller0: entered promiscuous mode [ 429.392826][T11406] syzkaller0: entered allmulticast mode [ 429.726707][T11391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 429.744590][T11391] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 429.886548][T11424] syzkaller0: entered promiscuous mode [ 429.892182][T11424] syzkaller0: entered allmulticast mode [ 429.991698][ T5816] usb 1-1: USB disconnect, device number 9 [ 430.593290][T11435] binder: 11433:11435 ioctl c0306201 200000000080 returned -14 [ 430.802249][T11435] binder: 11433:11435 ioctl c0306201 2000000003c0 returned -14 [ 430.998254][T11439] netlink: 16410 bytes leftover after parsing attributes in process `syz.2.1859'. [ 432.430103][T11463] syzkaller0: entered promiscuous mode [ 432.450554][T11463] syzkaller0: entered allmulticast mode [ 432.629227][T11467] binder: 11466:11467 ioctl c0306201 200000000080 returned -14 [ 432.641547][T11467] binder: 11466:11467 ioctl c0306201 2000000003c0 returned -14 [ 432.834141][ T5816] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 433.024202][ T5816] usb 4-1: Using ep0 maxpacket: 16 [ 433.032181][ T5816] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 3320, setting to 1024 [ 433.045343][ T5816] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 1024 [ 433.057136][ T5816] usb 4-1: config 0 interface 0 has no altsetting 0 [ 433.074081][ T5816] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 433.090205][ T5816] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.103732][ T5816] usb 4-1: config 0 descriptor?? [ 433.110135][T11465] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 433.117773][ T27] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 433.133840][ T5816] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 433.316462][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 433.330258][ T27] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 433.334250][T11493] binder: 11492:11493 ioctl c0306201 200000000080 returned -14 [ 433.344347][ T27] usb 2-1: New USB device found, idVendor=04d9, idProduct=a0c2, bcdDevice= 0.00 [ 433.368510][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.369478][T11493] binder: 11492:11493 ioctl c0306201 2000000003c0 returned -14 [ 433.391128][ T27] usb 2-1: config 0 descriptor?? [ 433.497654][ T8] usb 4-1: USB disconnect, device number 10 [ 433.525989][T11496] syzkaller0: entered promiscuous mode [ 433.531714][T11496] syzkaller0: entered allmulticast mode [ 433.823072][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.836593][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.847133][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.855500][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.863245][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.871450][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.889927][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.898796][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.906837][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.915845][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.925823][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.933565][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.942108][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.968925][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.978390][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.987452][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 433.997635][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.006183][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.021592][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.030353][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.054285][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.062117][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.071188][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.080741][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.190490][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.240836][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.335750][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.434511][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.541239][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.681823][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.743803][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.764338][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.772660][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.786321][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.860509][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.869464][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.879156][ T27] holtek_mouse 0003:04D9:A0C2.0009: unknown main item tag 0x0 [ 434.899640][ T27] holtek_mouse 0003:04D9:A0C2.0009: hidraw0: USB HID v0.07 Device [HID 04d9:a0c2] on usb-dummy_hcd.1-1/input0 [ 434.929104][ T27] usb 2-1: USB disconnect, device number 8 [ 435.209667][T11522] fido_id[11522]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 435.559651][T11541] netlink: 16410 bytes leftover after parsing attributes in process `syz.2.1897'. [ 436.041628][T11558] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 436.169967][T11558] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1895'. [ 436.624192][ T27] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 436.666131][T11580] loop7: detected capacity change from 0 to 7 [ 436.688955][T11580] Dev loop7: unable to read RDB block 7 [ 436.696524][T11580] loop7: unable to read partition table [ 436.703388][T11580] loop7: partition table beyond EOD, truncated [ 436.712731][T11580] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 436.826266][ T27] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 436.852535][ T27] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 436.890936][ T27] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 436.906550][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.927142][ T27] usb 3-1: config 0 descriptor?? [ 436.949086][T11573] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 436.977349][ T27] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 437.118385][T11588] syzkaller0: entered promiscuous mode [ 437.124381][T11588] syzkaller0: entered allmulticast mode [ 439.087343][T11623] syzkaller0: entered promiscuous mode [ 439.097250][T11623] syzkaller0: entered allmulticast mode [ 439.377029][ T5813] usb 3-1: USB disconnect, device number 19 [ 439.384482][ T8] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 439.621412][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 439.645164][ T8] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.669650][ T8] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.693201][ T8] usb 1-1: config 0 interface 0 has no altsetting 0 [ 439.701293][ T8] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 439.711182][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.722182][ T8] usb 1-1: config 0 descriptor?? [ 440.160616][T11625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 440.180156][T11625] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 440.221620][ T8] hid (null): unknown global tag 0xd [ 440.420819][ T8133] usb 1-1: USB disconnect, device number 10 [ 440.908178][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.914899][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.369308][T11687] netlink: 'syz.2.1944': attribute type 1 has an invalid length. [ 442.575264][T11692] netlink: 16410 bytes leftover after parsing attributes in process `syz.1.1946'. [ 442.589197][T11694] loop2: detected capacity change from 0 to 256 [ 442.984668][ T27] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 443.765838][ T27] usb 1-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 443.799113][ T27] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 443.814175][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 443.837732][ T27] usb 1-1: SerialNumber: syz [ 444.149817][ T8] usb 1-1: USB disconnect, device number 11 [ 444.229465][T11732] loop3: detected capacity change from 0 to 256 [ 444.774442][ T5813] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 445.118927][ T5813] usb 2-1: Using ep0 maxpacket: 16 [ 445.186247][ T5813] usb 2-1: config 1 has an invalid interface number: 105 but max is 0 [ 445.209336][ T5813] usb 2-1: config 1 has no interface number 0 [ 445.321256][ T5813] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 445.337272][ T5813] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 445.347742][ T5813] usb 2-1: config 1 interface 105 has no altsetting 0 [ 445.366703][ T5813] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 445.384241][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 445.404215][ T5813] usb 2-1: Product: syz [ 445.408717][ T5813] usb 2-1: Manufacturer: syz [ 445.413416][ T5813] usb 2-1: SerialNumber: syz [ 445.455476][T11743] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 445.463823][T11743] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 445.734816][ T27] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 445.804453][ T23] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 445.937369][T11743] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 445.945506][ T27] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 445.955065][T11743] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 445.968862][ T27] usb 4-1: config 0 has no interface number 0 [ 445.982889][ T27] usb 4-1: config 0 interface 2 has no altsetting 0 [ 445.992956][ T27] usb 4-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64 [ 446.005919][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.016493][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 446.032015][ T27] usb 4-1: Product: syz [ 446.047983][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 446.058204][ T27] usb 4-1: Manufacturer: syz [ 446.062924][ T27] usb 4-1: SerialNumber: syz [ 446.080277][ T23] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 446.095197][ T23] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 446.106270][ T27] usb 4-1: config 0 descriptor?? [ 446.118557][ T27] hub 4-1:0.2: bad descriptor, ignoring hub [ 446.135272][ T27] hub: probe of 4-1:0.2 failed with error -5 [ 446.142356][ T27] f81232 4-1:0.2: f81534a converter detected [ 446.154069][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.175615][ T23] usb 3-1: config 0 descriptor?? [ 446.342074][ T27] f81534a ttyUSB0: f81232_set_register failed status: -71 [ 446.360817][ T27] f81534a: probe of ttyUSB0 failed with error -5 [ 446.393074][ T5813] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32 [ 446.623211][ T5813] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 446.633432][ T27] usb 4-1: reset high-speed USB device number 11 using dummy_hcd [ 446.649110][ T5813] aqc111 2-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 12:88:6b:a5:44:71 [ 446.651585][ T23] steelseries 0003:1038:1410.000B: item fetching failed at offset 5/7 [ 446.665579][ T5813] usb 2-1: USB disconnect, device number 9 [ 446.698562][ T5813] aqc111 2-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 446.709001][ T23] steelseries 0003:1038:1410.000B: parse failed [ 446.725066][ T23] steelseries: probe of 0003:1038:1410.000B failed with error -22 [ 446.832497][ T5813] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 446.849764][ T5813] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 446.865906][ T23] usb 3-1: USB disconnect, device number 20 [ 446.870403][ T5813] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 447.177090][ T27] usb 4-1: failed to restore interface 2 altsetting 11 (error=-71) [ 447.197361][ T27] usb 4-1: USB disconnect, device number 11 [ 447.221947][ T27] f81232 4-1:0.2: device disconnected [ 447.564184][ T8133] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 447.766152][ T8133] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 447.786735][ T8133] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 447.801419][ T8133] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 447.811589][ T8133] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 447.824029][ T8133] usb 2-1: Product: syz [ 447.828350][ T8133] usb 2-1: Manufacturer: syz [ 447.837899][ T8133] usb 2-1: SerialNumber: syz [ 447.867015][ T8133] usb 2-1: config 0 descriptor?? [ 447.878766][T11799] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 447.897949][T11799] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 448.115284][T11799] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 448.137131][T11799] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 448.194364][ T1187] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 448.232052][T11828] binder: BINDER_SET_CONTEXT_MGR already set [ 448.239448][T11828] binder: 11827:11828 ioctl 4018620d 200000004a80 returned -16 [ 448.404173][ T1187] usb 1-1: Using ep0 maxpacket: 8 [ 448.415324][ T1187] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 448.439719][ T1187] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 448.453295][ T1187] usb 1-1: New USB device found, idVendor=046d, idProduct=c218, bcdDevice= 0.00 [ 448.466907][ T1187] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.481101][ T1187] usb 1-1: config 0 descriptor?? [ 448.589331][ T8133] Error reading MAC address [ 448.607776][ T8133] usb 2-1: USB disconnect, device number 10 [ 448.929078][ T1187] logitech 0003:046D:C218.000C: ignoring exceeding usage max [ 448.950238][ T1187] logitech 0003:046D:C218.000C: unknown main item tag 0x0 [ 448.969859][ T1187] logitech 0003:046D:C218.000C: unknown main item tag 0x0 [ 448.987728][ T1187] logitech 0003:046D:C218.000C: unknown main item tag 0x0 [ 448.997875][ T1187] logitech 0003:046D:C218.000C: unknown main item tag 0x0 [ 449.008641][ T1187] logitech 0003:046D:C218.000C: unknown main item tag 0x0 [ 449.021641][ T1187] logitech 0003:046D:C218.000C: unknown main item tag 0x0 [ 449.032031][ T1187] logitech 0003:046D:C218.000C: unknown main item tag 0x0 [ 449.052744][ T1187] logitech 0003:046D:C218.000C: unknown main item tag 0x0 [ 449.075341][ T1187] logitech 0003:046D:C218.000C: hidraw0: USB HID v0.04 Device [HID 046d:c218] on usb-dummy_hcd.0-1/input0 [ 449.115983][ T1187] logitech 0003:046D:C218.000C: no inputs found [ 449.174158][ T1187] usb 1-1: USB disconnect, device number 12 [ 449.280959][T11845] fido_id[11845]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 449.338770][T11854] binder: BINDER_SET_CONTEXT_MGR already set [ 449.356648][T11854] binder: 11852:11854 ioctl 4018620d 200000004a80 returned -16 [ 449.460598][T11856] x_tables: duplicate underflow at hook 1 [ 449.886852][T11858] overlayfs: failed to resolve './bus': -2 [ 450.283628][T11864] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 450.301316][T11864] pim6reg: entered allmulticast mode [ 450.304667][T11865] loop0: detected capacity change from 0 to 256 [ 450.325150][T11864] syz_tun: entered allmulticast mode [ 451.738916][T11881] netlink: 16386 bytes leftover after parsing attributes in process `syz.2.2014'. [ 452.014248][ T5816] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 452.234156][ T5816] usb 2-1: Using ep0 maxpacket: 32 [ 452.264859][ T5816] usb 2-1: unable to get BOS descriptor or descriptor too short [ 452.275496][ T5816] usb 2-1: config 0 has an invalid interface number: 18 but max is 0 [ 452.294418][ T5816] usb 2-1: config 0 has no interface number 0 [ 452.300748][ T5816] usb 2-1: config 0 interface 18 has no altsetting 0 [ 452.355743][ T5816] usb 2-1: New USB device found, idVendor=0df6, idProduct=061c, bcdDevice=58.21 [ 452.384086][ T5816] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.392418][ T5816] usb 2-1: Product: syz [ 452.417172][ T5816] usb 2-1: Manufacturer: syz [ 452.422277][ T5816] usb 2-1: SerialNumber: syz [ 452.465189][ T5816] usb 2-1: config 0 descriptor?? [ 452.704828][ T5816] asix: probe of 2-1:0.18 failed with error -22 [ 452.725754][ T5816] usb 2-1: USB disconnect, device number 11 [ 452.996586][ T5901] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 453.184586][ T5901] usb 3-1: Using ep0 maxpacket: 16 [ 453.208836][ T5901] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 3320, setting to 1024 [ 453.227431][ T5901] usb 3-1: config 0 interface 0 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 1024 [ 453.239531][ T5901] usb 3-1: config 0 interface 0 has no altsetting 0 [ 453.249276][ T5901] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 453.259184][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.286685][ T5901] usb 3-1: config 0 descriptor?? [ 453.294714][T11896] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 453.315811][ T5901] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 453.633125][T11924] loop1: detected capacity change from 0 to 256 [ 453.709708][ T5901] usb 3-1: USB disconnect, device number 21 [ 454.035240][T11933] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2038'. [ 454.045049][ T5813] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 454.103397][T11933] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 454.125383][T11933] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 454.157836][T11936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2038'. [ 454.180922][T11936] macvlan2: entered promiscuous mode [ 454.192107][T11936] macvlan2: entered allmulticast mode [ 454.199092][T11936] bond1: (slave macvlan2): Error -98 calling set_mac_address [ 454.244118][ T5813] usb 1-1: Using ep0 maxpacket: 32 [ 454.259734][ T5813] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 454.296188][ T5813] usb 1-1: config 0 has no interface number 0 [ 454.321914][ T5813] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 454.375801][ T5813] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 454.412416][ T5813] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 454.439401][ T5813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.463238][ T5813] usb 1-1: config 0 descriptor?? [ 455.111449][ T5813] uclogic 0003:28BD:0094.000D: pen parameters not found [ 455.120963][ T5813] uclogic 0003:28BD:0094.000D: interface is invalid, ignoring [ 455.140325][ T5813] usb 1-1: USB disconnect, device number 13 [ 455.906535][T11969] loop0: detected capacity change from 0 to 128 [ 455.967175][T11969] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 455.990026][T11969] ext4 filesystem being mounted at /512/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 456.048812][T11969] EXT4-fs (loop0): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 ro. [ 456.092124][T11969] EXT4-fs (loop0): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w. [ 456.123900][ T5772] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 456.886890][T11984] loop0: detected capacity change from 0 to 256 [ 458.473204][T12004] loop2: detected capacity change from 0 to 256 [ 458.734099][ T5816] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 459.554050][ T5816] usb 1-1: Using ep0 maxpacket: 16 [ 459.587714][T12013] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 459.610022][T12013] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2059'. [ 459.762794][ T5816] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 3320, setting to 1024 [ 459.865424][ T5816] usb 1-1: config 0 interface 0 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 1024 [ 459.883994][ T5816] usb 1-1: config 0 interface 0 has no altsetting 0 [ 459.901285][ T5816] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 459.928729][ T5816] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.000106][ T5816] usb 1-1: config 0 descriptor?? [ 460.030068][T12002] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 460.090470][ T5816] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 460.193558][T12020] program syz.2.2065 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 460.533687][T12026] syzkaller0: entered promiscuous mode [ 460.543341][T12026] syzkaller0: entered allmulticast mode [ 461.089675][ T27] usb 1-1: USB disconnect, device number 14 [ 461.246880][T12039] loop2: detected capacity change from 0 to 256 [ 462.254767][ T1187] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 462.460773][ T1187] usb 2-1: Using ep0 maxpacket: 16 [ 462.468607][ T1187] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.487480][ T1187] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.521456][ T1187] usb 2-1: config 0 interface 0 has no altsetting 0 [ 462.533341][ T1187] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 462.543114][ T1187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.566200][ T1187] usb 2-1: config 0 descriptor?? [ 462.855858][T12067] loop0: detected capacity change from 0 to 256 [ 463.004656][T12041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 463.039756][T12041] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 464.399826][ T8133] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 464.610962][ T1187] usb 2-1: USB disconnect, device number 12 [ 465.094645][ T8133] usb 3-1: Using ep0 maxpacket: 16 [ 465.252287][ T8133] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 3320, setting to 1024 [ 465.446790][ T8133] usb 3-1: config 0 interface 0 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 1024 [ 465.804149][ T8133] usb 3-1: config 0 interface 0 has no altsetting 0 [ 465.810870][ T8133] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 465.834261][ T8133] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.850214][ T8133] usb 3-1: config 0 descriptor?? [ 465.892056][ T8133] usb 3-1: can't set config #0, error -71 [ 465.908583][T12091] loop1: detected capacity change from 0 to 512 [ 465.909785][ T8133] usb 3-1: USB disconnect, device number 22 [ 465.989680][T12098] loop2: detected capacity change from 0 to 256 [ 466.196216][T12103] loop3: detected capacity change from 0 to 128 [ 466.220101][T12091] EXT4-fs error (device loop1): ext4_do_update_inode:5255: inode #16: comm syz.1.2094: corrupted inode contents [ 466.282149][T12091] EXT4-fs error (device loop1): ext4_dirty_inode:6143: inode #16: comm syz.1.2094: mark_inode_dirty error [ 466.342221][T12091] EXT4-fs error (device loop1): ext4_do_update_inode:5255: inode #16: comm syz.1.2094: corrupted inode contents [ 466.382165][T12091] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.2094: mark_inode_dirty error [ 466.426209][T12091] EXT4-fs error (device loop1): ext4_do_update_inode:5255: inode #16: comm syz.1.2094: corrupted inode contents [ 466.450303][T12091] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 466.465598][T12091] EXT4-fs error (device loop1): ext4_do_update_inode:5255: inode #16: comm syz.1.2094: corrupted inode contents [ 466.487733][T12091] EXT4-fs error (device loop1): ext4_truncate:4301: inode #16: comm syz.1.2094: mark_inode_dirty error [ 466.502121][T12091] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 466.520885][T12091] EXT4-fs (loop1): 1 truncate cleaned up [ 466.544580][T12091] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 466.559035][ T11] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 466.578746][ T11] EXT4-fs error (device loop1): ext4_release_dquot:6989: comm kworker/u4:0: Failed to release dquot type 1 [ 466.595502][T12091] ext4 filesystem being mounted at /526/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 466.816235][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 466.914124][T12113] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 466.933483][T12113] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2099'. [ 468.539135][T12126] loop2: detected capacity change from 0 to 512 [ 468.557796][T12126] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 468.601429][T12126] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.2103: bg 0: block 393: padding at end of block bitmap is not set [ 468.640211][T12126] EXT4-fs (loop2): Remounting filesystem read-only [ 468.652739][T12126] EXT4-fs (loop2): 2 truncates cleaned up [ 468.662319][T12126] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 468.782167][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 468.966730][T12131] syzkaller0: entered promiscuous mode [ 468.986383][T12131] syzkaller0: entered allmulticast mode [ 469.144368][ T1187] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 469.308280][T12144] loop0: detected capacity change from 0 to 128 [ 469.364037][ T1187] usb 3-1: Using ep0 maxpacket: 16 [ 469.386293][ T1187] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 3320, setting to 1024 [ 469.435584][ T1187] usb 3-1: config 0 interface 0 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 1024 [ 469.456264][ T1187] usb 3-1: config 0 interface 0 has no altsetting 0 [ 469.463669][ T1187] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 469.498272][ T1187] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.534852][ T1187] usb 3-1: config 0 descriptor?? [ 469.572901][T12129] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 469.597893][ T1187] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 469.638473][T12150] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2114'. [ 469.647162][T12152] loop1: detected capacity change from 0 to 128 [ 469.672815][T12150] bond0: entered promiscuous mode [ 469.674835][T12152] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 469.694393][T12150] bond_slave_0: entered promiscuous mode [ 469.701344][T12152] ext4 filesystem being mounted at /534/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 469.719608][T12150] bond_slave_1: entered promiscuous mode [ 469.752039][T12150] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 469.777005][T12150] bond0: left promiscuous mode [ 469.783758][T12150] bond_slave_0: left promiscuous mode [ 469.792566][T12150] bond_slave_1: left promiscuous mode [ 469.863008][ T5770] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 469.949214][ T1187] usb 3-1: USB disconnect, device number 23 [ 470.120401][T12163] syzkaller0: entered promiscuous mode [ 470.139396][T12163] syzkaller0: entered allmulticast mode [ 470.409012][T12171] tap0: tun_chr_ioctl cmd 1074025681 [ 470.807164][T12185] binder: 12183:12185 ioctl c0306201 2000000003c0 returned -14 [ 470.809786][T12187] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2127'. [ 470.914316][ T1187] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 470.989573][T12192] loop3: detected capacity change from 0 to 256 [ 471.022216][T12194] syzkaller0: entered promiscuous mode [ 471.028148][T12194] syzkaller0: entered allmulticast mode [ 471.084312][ T1187] usb 3-1: device descriptor read/64, error -71 [ 471.320258][T12201] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.2133'. [ 471.374048][ T1187] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 471.554453][ T1187] usb 3-1: device descriptor read/64, error -71 [ 471.694801][ T1187] usb usb3-port1: attempt power cycle [ 471.871203][T12220] loop1: detected capacity change from 0 to 512 [ 471.890273][T12220] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 472.003693][T12220] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.2141: bg 0: block 104: invalid block bitmap [ 472.034335][T12220] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 472.063797][T12220] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.2141: invalid indirect mapped block 1 (level 1) [ 472.091011][T12220] EXT4-fs (loop1): 1 truncate cleaned up [ 472.113357][T12228] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.2143'. [ 472.125588][ T1187] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 472.139520][T12220] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 472.184522][ T1187] usb 3-1: device descriptor read/8, error -71 [ 472.514326][ T1187] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 472.607094][ T1187] usb 3-1: device descriptor read/8, error -71 [ 472.767523][ T1187] usb usb3-port1: unable to enumerate USB device [ 473.433186][T12241] loop0: detected capacity change from 0 to 8192 [ 473.680399][T12247] loop3: detected capacity change from 0 to 256 [ 474.429545][T12269] binder: BINDER_SET_CONTEXT_MGR already set [ 474.437979][T12269] binder: 12268:12269 ioctl 4018620d 200000000040 returned -16 [ 474.474210][ T1187] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 474.685077][ T1187] usb 3-1: Using ep0 maxpacket: 8 [ 474.697465][ T1187] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 474.713303][ T1187] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 474.730948][ T1187] usb 3-1: New USB device found, idVendor=046d, idProduct=c218, bcdDevice= 0.00 [ 474.740430][ T1187] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.765187][ T1187] usb 3-1: config 0 descriptor?? [ 475.187458][ T1187] usbhid 3-1:0.0: can't add hid device: -71 [ 475.193608][ T1187] usbhid: probe of 3-1:0.0 failed with error -71 [ 475.204642][T12278] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2163'. [ 475.226490][ T1187] usb 3-1: USB disconnect, device number 28 [ 475.228913][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 475.470588][T12289] loop1: detected capacity change from 0 to 256 [ 475.719221][T12293] syzkaller0: entered promiscuous mode [ 475.724963][T12293] syzkaller0: entered allmulticast mode [ 475.988476][T12300] binder: BINDER_SET_CONTEXT_MGR already set [ 475.995897][T12300] binder: 12299:12300 ioctl 4018620d 200000000040 returned -16 [ 477.766884][T12328] binder: 12326:12328 ioctl c0306201 0 returned -14 [ 478.755693][T12334] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2184'. [ 478.957114][T12342] loop0: detected capacity change from 0 to 128 [ 479.004450][T12342] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 479.060424][T12342] ext4 filesystem being mounted at /569/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 479.138107][T12348] loop1: detected capacity change from 0 to 256 [ 479.284273][ T5772] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 479.508032][T12355] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 479.594770][T12357] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2188'. [ 479.687296][T12358] dummy0: entered promiscuous mode [ 479.693077][T12358] macsec1: entered promiscuous mode [ 479.698463][T12358] vlan3: entered promiscuous mode [ 479.755309][T12358] vlan3: left promiscuous mode [ 479.763997][T12358] dummy0: left promiscuous mode [ 480.222657][T12368] syzkaller0: entered promiscuous mode [ 480.242008][T12368] syzkaller0: entered allmulticast mode [ 481.401939][T12383] loop1: detected capacity change from 0 to 256 [ 482.254149][ T23] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 482.638293][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 482.645949][ T23] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.659371][ T23] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.669458][ T23] usb 2-1: config 0 interface 0 has no altsetting 0 [ 482.676498][ T23] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 482.686170][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.696788][ T23] usb 2-1: config 0 descriptor?? [ 483.202668][T12405] syzkaller0: entered promiscuous mode [ 483.307774][T12405] syzkaller0: entered allmulticast mode [ 483.322175][T12390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 483.364517][T12390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 483.642355][ T23] usb 2-1: USB disconnect, device number 13 [ 483.658507][T12410] loop2: detected capacity change from 0 to 256 [ 484.814292][T12426] loop1: detected capacity change from 0 to 4096 [ 484.879220][T12432] syzkaller0: entered promiscuous mode [ 484.887256][T12432] syzkaller0: entered allmulticast mode [ 484.900573][T12426] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 485.085169][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.413731][T12455] loop1: detected capacity change from 0 to 256 [ 485.971083][T12463] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 486.127417][T12464] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2231'. [ 486.586950][T12468] loop1: detected capacity change from 0 to 128 [ 486.640378][T12468] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 486.657738][T12468] ext4 filesystem being mounted at /559/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 486.719029][ T5770] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 486.967544][T12473] syzkaller0: entered promiscuous mode [ 486.973160][T12473] syzkaller0: entered allmulticast mode [ 487.814124][T12430] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 488.497519][T12487] loop2: detected capacity change from 0 to 256 [ 489.383257][T12490] loop0: detected capacity change from 0 to 128 [ 489.595924][T12490] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 489.660236][T12490] ext4 filesystem being mounted at /589/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 489.743065][T12501] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2243'. [ 489.842754][ T5772] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 490.088981][T12517] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.2249'. [ 490.139894][T12513] loop0: detected capacity change from 0 to 4096 [ 490.155650][T12513] EXT4-fs: Ignoring removed nomblk_io_submit option [ 490.189089][T12513] EXT4-fs (loop0): stripe (97) is not aligned with cluster size (16), stripe is disabled [ 490.212855][T12513] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 490.238788][T12520] loop2: detected capacity change from 0 to 256 [ 490.292964][ T28] audit: type=1800 audit(1776975608.286:22): pid=12513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2246" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 490.798261][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.048088][T12530] loop3: detected capacity change from 0 to 512 [ 491.280346][T12532] loop0: detected capacity change from 0 to 128 [ 491.367561][T12532] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 491.462643][T12532] ext4 filesystem being mounted at /592/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 491.520864][T12545] sctp: [Deprecated]: syz.3.2260 (pid 12545) Use of int in max_burst socket option. [ 491.520864][T12545] Use struct sctp_assoc_value instead [ 491.636176][ T5772] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 491.811450][T12547] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 491.830303][T12547] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2261'. [ 492.706195][T12582] x_tables: duplicate underflow at hook 1 [ 492.898758][T12507] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 493.685609][T12596] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.2281'. [ 493.934199][ T1187] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 493.952347][T12602] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2284'. [ 494.155095][ T1187] usb 1-1: Using ep0 maxpacket: 8 [ 494.164688][ T1187] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 494.177335][ T1187] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 494.191581][ T1187] usb 1-1: New USB device found, idVendor=046d, idProduct=c218, bcdDevice= 0.00 [ 494.217736][ T1187] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.238404][ T1187] usb 1-1: config 0 descriptor?? [ 494.492150][T12619] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 494.511961][T12619] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2289'. [ 494.703478][ T1187] logitech 0003:046D:C218.0010: ignoring exceeding usage max [ 494.715786][ T1187] logitech 0003:046D:C218.0010: unknown main item tag 0x0 [ 494.723198][ T1187] logitech 0003:046D:C218.0010: unknown main item tag 0x0 [ 494.734711][ T1187] logitech 0003:046D:C218.0010: unknown main item tag 0x0 [ 494.741930][ T1187] logitech 0003:046D:C218.0010: unknown main item tag 0x0 [ 494.754800][ T1187] logitech 0003:046D:C218.0010: unknown main item tag 0x0 [ 494.761999][ T1187] logitech 0003:046D:C218.0010: unknown main item tag 0x0 [ 494.771406][ T1187] logitech 0003:046D:C218.0010: unknown main item tag 0x0 [ 494.791455][ T1187] logitech 0003:046D:C218.0010: unknown main item tag 0x0 [ 494.831802][T12628] loop1: detected capacity change from 0 to 512 [ 494.839040][ T1187] logitech 0003:046D:C218.0010: hidraw0: USB HID v0.04 Device [HID 046d:c218] on usb-dummy_hcd.0-1/input0 [ 494.878956][T12628] EXT4-fs error (device loop1): ext4_quota_enable:7144: inode #4: comm syz.1.2292: iget: bad i_size value: -360287970189633536 [ 494.908529][ T1187] logitech 0003:046D:C218.0010: no inputs found [ 494.934776][T12628] EXT4-fs (loop1): Remounting filesystem read-only [ 494.961254][T12628] EXT4-fs warning (device loop1): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 494.989529][T12628] EXT4-fs (loop1): mount failed [ 495.009665][ T1187] usb 1-1: USB disconnect, device number 15 [ 495.081328][T12631] fido_id[12631]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 495.101818][T12633] netlink: 'syz.3.2293': attribute type 29 has an invalid length. [ 496.060801][T12656] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 496.071824][T12656] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 496.077124][T12654] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2302'. [ 496.093829][T12656] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 496.110735][T12656] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 496.120322][T12656] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 496.132490][T12656] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 496.231904][T12652] tipc: Resetting bearer [ 496.526484][T12652] chnl_net:caif_netlink_parms(): no params data found [ 496.698684][T12652] bridge0: port 1(bridge_slave_0) entered blocking state [ 496.707164][T12652] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.714956][T12652] bridge_slave_0: entered allmulticast mode [ 496.722175][T12652] bridge_slave_0: entered promiscuous mode [ 496.732704][T12652] bridge0: port 2(bridge_slave_1) entered blocking state [ 496.742210][T12652] bridge0: port 2(bridge_slave_1) entered disabled state [ 496.759907][T12652] bridge_slave_1: entered allmulticast mode [ 496.769133][T12652] bridge_slave_1: entered promiscuous mode [ 496.819178][T12652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 496.839484][T12652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 496.908690][T12652] team0: Port device team_slave_0 added [ 496.918147][T12652] team0: Port device team_slave_1 added [ 496.949191][T12652] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 496.958583][T12652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 496.986408][T12652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 496.997707][T12606] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 497.102235][T12652] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 497.152504][T12652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 497.234771][T12652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 497.407145][T12652] hsr_slave_0: entered promiscuous mode [ 497.418021][T12652] hsr_slave_1: entered promiscuous mode [ 497.460536][T12652] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 497.504167][T12652] Cannot create hsr debugfs directory [ 497.855057][T12652] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 497.857802][T12688] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.2311'. [ 497.984954][T12652] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.022872][T12693] syzkaller1: entered promiscuous mode [ 498.032462][T12693] syzkaller1: entered allmulticast mode [ 498.167999][T12652] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.194074][ T5086] Bluetooth: hci4: command tx timeout [ 498.307198][T12652] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.547296][T12652] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 498.561314][T12652] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 498.578903][T12652] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 498.608263][T12652] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 498.752388][T12652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 498.797826][T12652] 8021q: adding VLAN 0 to HW filter on device team0 [ 498.817716][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 498.825130][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 498.860649][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 498.867991][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 499.277581][T12721] loop2: detected capacity change from 0 to 512 [ 499.292754][T12652] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 499.330679][T12721] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 499.392939][T12721] ext4 filesystem being mounted at /569/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 499.450070][T12652] veth0_vlan: entered promiscuous mode [ 499.521427][T12652] veth1_vlan: entered promiscuous mode [ 499.563859][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.598933][T12652] veth0_macvtap: entered promiscuous mode [ 499.667667][T12652] veth1_macvtap: entered promiscuous mode [ 499.713852][T12652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.725690][T12652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.737328][T12652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.748627][T12652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.784305][T12652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.821685][T12652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.854226][T12652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.892526][T12652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.906278][T12652] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 499.918662][T12652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 499.941892][T12652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.952504][T12652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 499.963740][T12652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 499.991296][T12652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.006501][T12652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.017590][T12652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.028824][T12652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.042180][T12652] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 500.079646][T12652] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.089424][T12652] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.098696][T12652] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.109255][T12652] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.252396][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 500.264199][ T5086] Bluetooth: hci4: command tx timeout [ 500.273520][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 500.454166][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 500.463036][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 502.344742][ T5086] Bluetooth: hci4: command tx timeout [ 502.348261][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.358055][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.638817][T12752] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 503.773009][T12791] overlayfs: missing 'lowerdir' [ 504.425251][ T5086] Bluetooth: hci4: command tx timeout [ 504.554120][ T8] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 504.744947][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 504.758169][ T8] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 504.771178][ T8] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 504.785509][ T8] usb 3-1: config 0 interface 0 has no altsetting 0 [ 504.792258][ T8] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 504.802763][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.817810][ T8] usb 3-1: config 0 descriptor?? [ 505.229684][T12809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.246153][T12809] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 505.478664][ T23] usb 3-1: USB disconnect, device number 29 [ 505.898078][T12656] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 505.909214][T12656] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 505.919021][T12656] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 505.930117][T12656] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 505.940131][T12656] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 505.948090][T12656] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 506.632526][ T5770] syz_tun (unregistering): left allmulticast mode [ 506.908965][ T58] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 506.932540][T12832] chnl_net:caif_netlink_parms(): no params data found [ 506.964434][ T23] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 507.040810][ T58] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.086792][T12832] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.095204][T12832] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.102921][T12832] bridge_slave_0: entered allmulticast mode [ 507.111854][T12832] bridge_slave_0: entered promiscuous mode [ 507.140792][ T58] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.158635][T12832] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.166436][T12832] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.173714][T12832] bridge_slave_1: entered allmulticast mode [ 507.180959][ T23] usb 1-1: Using ep0 maxpacket: 8 [ 507.185665][T12832] bridge_slave_1: entered promiscuous mode [ 507.188190][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 507.208142][ T23] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 507.221236][ T23] usb 1-1: New USB device found, idVendor=046d, idProduct=c218, bcdDevice= 0.00 [ 507.230574][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.244523][ T23] usb 1-1: config 0 descriptor?? [ 507.253526][ T58] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode [ 507.265997][ T58] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.294804][T12832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 507.307569][T12832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 507.357137][T12832] team0: Port device team_slave_0 added [ 507.367659][T12832] team0: Port device team_slave_1 added [ 507.400522][T12832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 507.407699][T12832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.437680][T12832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 507.451348][T12832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 507.462375][T12832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.489621][T12832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 507.546922][T12818] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 507.651787][T12832] hsr_slave_0: entered promiscuous mode [ 507.664506][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 507.673502][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 507.682413][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 507.690041][ T23] usbhid 1-1:0.0: can't add hid device: -32 [ 507.696295][ T23] usbhid: probe of 1-1:0.0 failed with error -32 [ 507.709914][T12832] hsr_slave_1: entered promiscuous mode [ 507.710768][ T23] usb 1-1: USB disconnect, device number 16 [ 507.727131][T12856] overlayfs: missing 'lowerdir' [ 507.742260][T12832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 507.757915][T12832] Cannot create hsr debugfs directory [ 507.898948][ T58] tipc: Left network mode [ 508.024152][ T5086] Bluetooth: hci0: command tx timeout [ 509.578898][ T58] hsr_slave_0: left promiscuous mode [ 509.589297][ T58] hsr_slave_1: left promiscuous mode [ 509.596752][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 509.605005][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 509.613196][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 509.621160][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 509.629658][ T58] bridge_slave_1: left allmulticast mode [ 509.637966][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.650217][ T58] bridge_slave_0: left allmulticast mode [ 509.656115][ T58] bridge_slave_0: left promiscuous mode [ 509.662002][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.690807][ T58] veth1_macvtap: left allmulticast mode [ 509.697116][ T58] veth1_macvtap: left promiscuous mode [ 509.703287][ T58] veth0_macvtap: left promiscuous mode [ 509.709137][ T58] veth1_vlan: left promiscuous mode [ 509.716633][ T58] veth0_vlan: left promiscuous mode [ 509.845909][ T58] pim6reg (unregistering): left allmulticast mode [ 510.104308][ T5086] Bluetooth: hci0: command tx timeout [ 510.761521][ T58] team0 (unregistering): Port device team_slave_1 removed [ 510.847574][ T58] team0 (unregistering): Port device team_slave_0 removed [ 510.900138][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 510.960024][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 511.381779][ T58] bond0 (unregistering): Released all slaves [ 511.745326][T12885] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 511.767971][T12832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 511.941839][T12832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 511.996148][T12832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 512.032369][T12832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 512.205087][ T5086] Bluetooth: hci0: command tx timeout [ 513.016380][ T58] IPVS: stop unused estimator thread 0... [ 513.164770][T12832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.171938][ T58] tipc: Left network mode [ 513.253368][T12832] 8021q: adding VLAN 0 to HW filter on device team0 [ 513.456281][ T3490] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.463585][ T3490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 513.492683][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.500322][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 513.529087][T12946] binder: 12945:12946 ioctl 4018620d 0 returned -22 [ 513.546980][T12946] binder: 12945:12946 ioctl c0306201 200000000080 returned -14 [ 513.589594][T12946] binder: 12945:12946 ioctl c0306201 2000000003c0 returned -14 [ 513.691227][T12832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 514.159081][T12832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 514.260768][T12832] veth0_vlan: entered promiscuous mode [ 514.266992][ T5086] Bluetooth: hci0: command tx timeout [ 514.424907][T12832] veth1_vlan: entered promiscuous mode [ 514.566833][T12832] veth0_macvtap: entered promiscuous mode [ 514.700087][T12832] veth1_macvtap: entered promiscuous mode [ 514.732848][T12832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.752528][T12832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.770488][T12832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.809288][T12832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.842131][T12832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.858566][T12832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.869254][T12832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 516.085667][T12832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.098482][T12977] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 516.118503][T12977] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2397'. [ 516.146336][T12832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 516.219469][T12832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 516.234179][T12832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.246896][T12832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 516.258801][T12832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.276486][T12832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 516.304203][T12832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.314140][T12832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 516.325796][T12832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.344868][T12832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 516.431731][ T58] hsr_slave_0: left promiscuous mode [ 516.442870][ T58] hsr_slave_1: left promiscuous mode [ 516.449743][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 516.457327][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 516.478863][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 516.493665][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 516.514814][ T58] bridge_slave_1: left allmulticast mode [ 516.520687][ T58] bridge_slave_1: left promiscuous mode [ 516.540464][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 516.562744][ T58] bridge_slave_0: left allmulticast mode [ 516.574116][ T58] bridge_slave_0: left promiscuous mode [ 516.581337][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.658984][ T58] veth1_macvtap: left allmulticast mode [ 516.664935][ T58] veth1_macvtap: left promiscuous mode [ 516.670601][ T58] veth0_macvtap: left promiscuous mode [ 516.676436][ T58] veth1_vlan: left promiscuous mode [ 516.681882][T12995] loop0: detected capacity change from 0 to 1024 [ 516.696467][T12995] EXT4-fs: Ignoring removed bh option [ 516.729597][T12995] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 516.853901][T12994] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 516.936730][T12652] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 518.547390][ T58] team0 (unregistering): Port device team_slave_1 removed [ 518.599857][ T58] team0 (unregistering): Port device team_slave_0 removed [ 518.652107][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 518.712339][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 519.098585][ T58] bond0 (unregistering): Released all slaves [ 519.263801][T12832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.273268][T12832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.282324][T12832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.292003][T12832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.470844][ T3490] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.494387][ T3490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.607848][ T4708] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.631790][ T4708] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.734320][ T58] IPVS: stop unused estimator thread 0... [ 519.867554][T13022] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2409'. [ 519.883171][T13022] syzkaller0: entered promiscuous mode [ 519.892139][T13022] syzkaller0: entered allmulticast mode [ 520.658909][T13047] serio: Serial port ptm1 [ 521.918981][T13048] tipc: Enabled bearer , priority 10 [ 522.271301][T13068] program syz.3.2426 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 522.318867][T13069] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 522.337496][T13069] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2424'. [ 522.348521][ T5086] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 525.112475][T12656] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 525.126711][T12656] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 525.149587][T12656] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 525.161699][T12656] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 525.169794][T12656] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 525.179896][T12656] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 525.378767][ T4708] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.486419][ T4708] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.569421][ T58] Bluetooth: hci2: Frame reassembly failed (-84) [ 525.615676][ T4708] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.699829][ T4708] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.807710][T13128] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2443'. [ 525.845125][T13110] chnl_net:caif_netlink_parms(): no params data found [ 526.068269][ T4708] tipc: Left network mode [ 526.153172][T13135] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2445'. [ 526.170547][T13110] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.192344][T13110] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.226888][T13110] bridge_slave_0: entered allmulticast mode [ 526.255188][T13110] bridge_slave_0: entered promiscuous mode [ 526.285515][T13110] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.292779][T13110] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.341056][T13110] bridge_slave_1: entered allmulticast mode [ 526.389369][T13110] bridge_slave_1: entered promiscuous mode [ 526.925022][ T5901] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 527.250756][T12656] Bluetooth: hci1: command tx timeout [ 527.274127][ T5901] usb 1-1: Using ep0 maxpacket: 8 [ 527.283334][T13110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 527.317684][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 527.336491][T13110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 527.350688][ T5901] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 527.376358][T13158] binder: 13157:13158 ioctl c0306201 2000000003c0 returned -14 [ 527.393237][ T5901] usb 1-1: New USB device found, idVendor=046d, idProduct=c218, bcdDevice= 0.00 [ 527.413346][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.436295][ T5901] usb 1-1: config 0 descriptor?? [ 527.470154][T13110] team0: Port device team_slave_0 added [ 527.530476][T13110] team0: Port device team_slave_1 added [ 527.624289][T12656] Bluetooth: hci2: command 0x1003 tx timeout [ 527.633228][ T5086] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 527.709949][T13168] loop1: detected capacity change from 0 to 512 [ 527.733276][T13168] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 527.751660][T13110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 527.759193][T13110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 527.793408][T13110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 527.813156][T13110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 527.815122][T13168] EXT4-fs (loop1): orphan cleanup on readonly fs [ 527.820365][T13110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 527.853143][T13110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 527.866714][T13168] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.2452: Invalid inode bitmap blk 4 in block_group 0 [ 527.896939][T13168] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 527.997671][T13173] loop2: detected capacity change from 0 to 128 [ 528.035343][T13173] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 528.076577][ T5901] usbhid 1-1:0.0: can't add hid device: -71 [ 528.087034][T13173] ext4 filesystem being mounted at /607/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 528.119827][ T5901] usbhid: probe of 1-1:0.0 failed with error -71 [ 528.150084][T12832] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 528.209089][ T5901] usb 1-1: USB disconnect, device number 17 [ 528.293506][ T5771] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 528.383564][T13180] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2454'. [ 528.469674][T13110] hsr_slave_0: entered promiscuous mode [ 528.487784][T13110] hsr_slave_1: entered promiscuous mode [ 528.685219][T13187] binder: 13186:13187 ioctl c0306201 2000000003c0 returned -14 [ 528.980877][T13193] loop0: detected capacity change from 0 to 512 [ 529.057515][ T4708] hsr_slave_0: left promiscuous mode [ 529.098550][ T4708] hsr_slave_1: left promiscuous mode [ 529.129968][ T4708] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 529.145732][T13193] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 529.233433][T13208] x_tables: duplicate underflow at hook 1 [ 529.273079][ T4708] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 529.306494][ T5086] Bluetooth: hci1: command tx timeout [ 529.454044][ T4708] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 529.477401][T13193] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 529.600771][ T4708] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 529.768374][ T4708] bridge_slave_1: left allmulticast mode [ 529.884992][ T4708] bridge_slave_1: left promiscuous mode [ 529.891979][ T4708] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.909123][ T4708] bridge_slave_0: left allmulticast mode [ 529.918312][ T4708] bridge_slave_0: left promiscuous mode [ 529.929817][ T4708] bridge0: port 1(bridge_slave_0) entered disabled state [ 530.024869][ T4708] veth1_macvtap: left allmulticast mode [ 530.031030][ T4708] veth1_macvtap: left promiscuous mode [ 530.054223][ T4708] veth0_macvtap: left promiscuous mode [ 530.072895][ T4708] veth1_vlan: left promiscuous mode [ 530.081143][ T4708] veth0_vlan: left promiscuous mode [ 530.467296][ T4708] bond1 (unregistering): Released all slaves [ 530.615971][ T5760] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 530.806099][ T5760] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.818264][ T5760] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 530.837204][ T5760] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 530.846656][ T5760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.854823][ T5760] usb 2-1: Product: syz [ 530.859047][ T5760] usb 2-1: Manufacturer: syz [ 530.870728][ T5760] usb 2-1: SerialNumber: syz [ 530.891927][ T5760] usb 2-1: config 0 descriptor?? [ 530.922345][ T5760] dm9601: probe of 2-1:0.0 failed with error -22 [ 531.197548][ T4708] team0 (unregistering): Port device team_slave_1 removed [ 531.248922][ T4708] team0 (unregistering): Port device team_slave_0 removed [ 531.300870][ T4708] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 531.354430][ T4708] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 531.387924][ T5086] Bluetooth: hci1: command tx timeout [ 531.730135][ T4708] bond0 (unregistering): Released all slaves [ 532.148796][T13237] binder: 13236:13237 ioctl c0306201 2000000003c0 returned -14 [ 532.272662][T12652] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 532.499299][T13249] loop0: detected capacity change from 0 to 512 [ 532.542707][T13249] EXT4-fs error (device loop0): ext4_validate_block_bitmap:430: comm syz.0.2469: bg 0: block 5: invalid block bitmap [ 532.636619][T13249] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 532.685378][T13249] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.2469: invalid indirect mapped block 3 (level 2) [ 532.728432][T13249] EXT4-fs (loop0): 1 orphan inode deleted [ 532.782142][ T4708] IPVS: stop unused estimator thread 0... [ 532.817187][T13249] EXT4-fs (loop0): 1 truncate cleaned up [ 532.840670][T13249] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 532.946672][T13110] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 532.977557][T13110] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 532.991289][T12652] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 533.005646][T13110] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 533.057078][T13110] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 533.232879][T13263] syzkaller0: entered promiscuous mode [ 533.245841][T13263] syzkaller0: entered allmulticast mode [ 533.374741][ T5816] usb 2-1: USB disconnect, device number 14 [ 533.434384][T13268] loop2: detected capacity change from 0 to 512 [ 533.470036][ T5086] Bluetooth: hci1: command tx timeout [ 533.549320][T13268] EXT4-fs (loop2): 1 orphan inode deleted [ 533.578373][ T12] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 533.595106][T13268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 533.636560][ T12] EXT4-fs error (device loop2): ext4_release_dquot:6989: comm kworker/u4:1: Failed to release dquot type 1 [ 533.666432][T13268] ext4 filesystem being mounted at /616/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 533.760791][T13277] binder: 13276:13277 ioctl c0306201 2000000003c0 returned -14 [ 533.827478][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 533.932547][T13279] program syz.1.2476 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 534.391915][T13285] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 534.411280][T13285] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2477'. [ 536.924123][ T5760] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 537.121931][ T5760] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 537.132505][ T5760] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 537.150141][ T5760] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 537.163395][ T5760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.171909][ T5760] usb 2-1: Product: syz [ 537.180947][ T5760] usb 2-1: Manufacturer: syz [ 537.185803][ T5760] usb 2-1: SerialNumber: syz [ 537.192991][ T5760] usb 2-1: config 0 descriptor?? [ 537.207599][ T5760] dm9601: probe of 2-1:0.0 failed with error -22 [ 538.618107][T13110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 538.651103][T13299] loop0: detected capacity change from 0 to 128 [ 538.663315][T13110] 8021q: adding VLAN 0 to HW filter on device team0 [ 538.686652][T13299] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 538.700560][T13299] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 538.751854][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.759010][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 538.775846][T12652] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 538.802452][ T3472] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.809670][ T3472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 540.086638][ T8] usb 2-1: USB disconnect, device number 15 [ 540.168831][T13110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 540.381172][T13110] veth0_vlan: entered promiscuous mode [ 540.432771][T13110] veth1_vlan: entered promiscuous mode [ 540.471857][T13334] loop1: detected capacity change from 0 to 512 [ 540.481560][T13327] loop2: detected capacity change from 0 to 4096 [ 540.537249][T13327] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 540.553688][T13334] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.2489: bg 0: block 5: invalid block bitmap [ 540.569781][T13330] syzkaller0: entered promiscuous mode [ 540.572705][T13334] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 540.611755][T13330] syzkaller0: entered allmulticast mode [ 540.625318][T13334] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.2489: invalid indirect mapped block 3 (level 2) [ 540.660978][T13334] EXT4-fs (loop1): 1 orphan inode deleted [ 540.673997][T13334] EXT4-fs (loop1): 1 truncate cleaned up [ 540.699007][T13334] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 540.807297][T12832] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 540.988529][T13343] loop1: detected capacity change from 0 to 512 [ 541.006355][T13343] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 541.022841][T13343] EXT4-fs (loop1): orphan cleanup on readonly fs [ 541.030476][T13343] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.2490: Invalid inode bitmap blk 4 in block_group 0 [ 541.049468][T13343] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 541.239078][T12832] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 541.933247][T13354] loop1: detected capacity change from 0 to 512 [ 541.980548][T13354] ------------[ cut here ]------------ [ 541.986829][T13354] EA inode 11 i_nlink=2 [ 542.003161][T13354] WARNING: CPU: 0 PID: 13354 at fs/ext4/xattr.c:1059 ext4_xattr_inode_update_ref+0x53c/0x590 [ 542.018081][T13354] Modules linked in: [ 542.022038][T13354] CPU: 0 PID: 13354 Comm: syz.1.2494 Not tainted syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 542.030586][T13354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 542.041775][T13354] RIP: 0010:ext4_xattr_inode_update_ref+0x53c/0x590 [ 542.048503][T13354] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 65 d5 98 ff 49 8b 37 48 c7 c7 20 d8 de 8a 89 da e8 44 54 0a ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 ab fe ff ff e8 8e c5 3f 08 [ 542.068566][T13354] RSP: 0018:ffffc900043072e0 EFLAGS: 00010246 [ 542.074759][T13354] RAX: 37e75ad3be4bbb00 RBX: 0000000000000002 RCX: 0000000000080000 [ 542.083042][T13354] RDX: ffffc9001b705000 RSI: 0000000000020759 RDI: 000000000002075a [ 542.091252][T13354] RBP: ffffc900043073d0 R08: ffff8880b8e28c13 R09: 1ffff110171c5182 [ 542.099982][T13354] R10: dffffc0000000000 R11: ffffed10171c5183 R12: dffffc0000000000 [ 542.108088][T13354] R13: ffff88805c60e8a8 R14: ffff88805c60e6b0 R15: ffff88805c60e700 [ 542.116379][T13354] FS: 00007f23e1f9f6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 542.126013][T13354] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 542.132669][T13354] CR2: 00007f23e1185980 CR3: 000000007c78f000 CR4: 00000000003506f0 [ 542.141057][T13354] Call Trace: [ 542.144510][T13354] [ 542.147484][T13354] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 542.153355][T13354] ? __ext4_journal_ensure_credits+0x30/0x450 [ 542.159551][T13354] ext4_xattr_inode_dec_ref_all+0x9a6/0x1040 [ 542.165680][T13354] ? ext4_xattr_delete_inode+0xd10/0xd10 [ 542.171560][T13354] ? __ext4_journal_ensure_credits+0x450/0x450 [ 542.177946][T13354] ext4_xattr_delete_inode+0xb3e/0xd10 [ 542.183475][T13354] ? up_write+0x1c3/0x410 [ 542.188235][T13354] ? ext4_expand_extra_isize_ea+0x1e80/0x1e80 [ 542.194421][T13354] ext4_evict_inode+0xaaf/0xea0 [ 542.199315][T13354] ? _raw_spin_unlock+0x28/0x40 [ 542.204260][T13354] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 542.210208][T13354] ? do_raw_spin_unlock+0x121/0x230 [ 542.215613][T13354] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 542.221645][T13354] evict+0x4ca/0x8d0 [ 542.225639][T13354] ? proc_nr_inodes+0x230/0x230 [ 542.231066][T13354] ? do_raw_spin_unlock+0x121/0x230 [ 542.236474][T13354] ? _raw_spin_unlock+0x28/0x40 [ 542.241459][T13354] ? iput+0x706/0x920 [ 542.245608][T13354] ext4_orphan_cleanup+0xbec/0x1420 [ 542.250859][T13354] ? ext4_orphan_del+0xbf0/0xbf0 [ 542.255873][T13354] ? ext4_register_li_request+0x183/0x940 [ 542.262066][T13354] ? errseq_check_and_advance+0x66/0x120 [ 542.267882][T13354] ext4_fill_super+0x5eea/0x67b0 [ 542.272991][T13354] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 542.279436][T13354] ? __might_sleep+0xe0/0xe0 [ 542.284208][T13354] ? read_lock_is_recursive+0x20/0x20 [ 542.289626][T13354] ? snprintf+0xe9/0x140 [ 542.293908][T13354] ? down_read_killable+0x340/0x340 [ 542.299259][T13354] ? setup_bdev_super+0x56b/0x660 [ 542.304498][T13354] get_tree_bdev+0x3f3/0x520 [ 542.309403][T13354] ? vfs_parse_fs_string+0x170/0x170 [ 542.314783][T13354] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 542.321067][T13354] ? setup_bdev_super+0x660/0x660 [ 542.326249][T13354] ? apparmor_capable+0x137/0x1a0 [ 542.331661][T13354] ? bpf_lsm_capable+0x9/0x10 [ 542.336528][T13354] ? security_capable+0x89/0xb0 [ 542.341486][T13354] vfs_get_tree+0x8c/0x280 [ 542.346090][T13354] do_new_mount+0x24b/0xa40 [ 542.350810][T13354] __se_sys_mount+0x2e7/0x3d0 [ 542.355594][T13354] ? __x64_sys_mount+0xc0/0xc0 [ 542.360394][T13354] ? lockdep_hardirqs_on+0x98/0x150 [ 542.366096][T13354] ? __x64_sys_mount+0x20/0xc0 [ 542.371100][T13354] do_syscall_64+0x55/0xa0 [ 542.375696][T13354] ? clear_bhb_loop+0x40/0x90 [ 542.380683][T13354] ? clear_bhb_loop+0x40/0x90 [ 542.385461][T13354] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 542.391484][T13354] RIP: 0033:0x7f23e119da8a [ 542.396016][T13354] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 542.416321][T13354] RSP: 002b:00007f23e1f9ee58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 542.424832][T13354] RAX: ffffffffffffffda RBX: 00007f23e1f9eee0 RCX: 00007f23e119da8a [ 542.433328][T13354] RDX: 00002000000009c0 RSI: 0000200000000540 RDI: 00007f23e1f9eea0 [ 542.441522][T13354] RBP: 00002000000009c0 R08: 00007f23e1f9eee0 R09: 0000000000800718 [ 542.449602][T13354] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000540 [ 542.457706][T13354] R13: 00007f23e1f9eea0 R14: 000000000000048d R15: 0000200000000200 [ 542.466017][T13354] [ 542.469131][T13354] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 542.476517][T13354] CPU: 0 PID: 13354 Comm: syz.1.2494 Not tainted syzkaller #0 [ 542.484170][T13354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 542.494315][T13354] Call Trace: [ 542.497688][T13354] [ 542.500617][T13354] dump_stack_lvl+0x18c/0x250 [ 542.505402][T13354] ? show_regs_print_info+0x20/0x20 [ 542.510599][T13354] ? load_image+0x420/0x420 [ 542.515113][T13354] panic+0x2dc/0x730 [ 542.519010][T13354] ? bpf_jit_dump+0xd0/0xd0 [ 542.523528][T13354] __warn+0x2e0/0x470 [ 542.527511][T13354] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 542.533591][T13354] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 542.539585][T13354] report_bug+0x2be/0x4f0 [ 542.543923][T13354] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 542.550008][T13354] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 542.555997][T13354] ? ext4_xattr_inode_update_ref+0x53e/0x590 [ 542.562088][T13354] handle_bug+0xcf/0x120 [ 542.566411][T13354] exc_invalid_op+0x1a/0x50 [ 542.570914][T13354] asm_exc_invalid_op+0x1a/0x20 [ 542.575769][T13354] RIP: 0010:ext4_xattr_inode_update_ref+0x53c/0x590 [ 542.582448][T13354] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 65 d5 98 ff 49 8b 37 48 c7 c7 20 d8 de 8a 89 da e8 44 54 0a ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 ab fe ff ff e8 8e c5 3f 08 [ 542.602223][T13354] RSP: 0018:ffffc900043072e0 EFLAGS: 00010246 [ 542.608308][T13354] RAX: 37e75ad3be4bbb00 RBX: 0000000000000002 RCX: 0000000000080000 [ 542.616305][T13354] RDX: ffffc9001b705000 RSI: 0000000000020759 RDI: 000000000002075a [ 542.624292][T13354] RBP: ffffc900043073d0 R08: ffff8880b8e28c13 R09: 1ffff110171c5182 [ 542.632282][T13354] R10: dffffc0000000000 R11: ffffed10171c5183 R12: dffffc0000000000 [ 542.640605][T13354] R13: ffff88805c60e8a8 R14: ffff88805c60e6b0 R15: ffff88805c60e700 [ 542.648782][T13354] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 542.654543][T13354] ? __ext4_journal_ensure_credits+0x30/0x450 [ 542.660788][T13354] ext4_xattr_inode_dec_ref_all+0x9a6/0x1040 [ 542.666813][T13354] ? ext4_xattr_delete_inode+0xd10/0xd10 [ 542.672554][T13354] ? __ext4_journal_ensure_credits+0x450/0x450 [ 542.678816][T13354] ext4_xattr_delete_inode+0xb3e/0xd10 [ 542.684553][T13354] ? up_write+0x1c3/0x410 [ 542.688971][T13354] ? ext4_expand_extra_isize_ea+0x1e80/0x1e80 [ 542.695138][T13354] ext4_evict_inode+0xaaf/0xea0 [ 542.700117][T13354] ? _raw_spin_unlock+0x28/0x40 [ 542.705097][T13354] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 542.711275][T13354] ? do_raw_spin_unlock+0x121/0x230 [ 542.716470][T13354] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 542.722359][T13354] evict+0x4ca/0x8d0 [ 542.726264][T13354] ? proc_nr_inodes+0x230/0x230 [ 542.731117][T13354] ? do_raw_spin_unlock+0x121/0x230 [ 542.736313][T13354] ? _raw_spin_unlock+0x28/0x40 [ 542.741163][T13354] ? iput+0x706/0x920 [ 542.745386][T13354] ext4_orphan_cleanup+0xbec/0x1420 [ 542.750993][T13354] ? ext4_orphan_del+0xbf0/0xbf0 [ 542.756025][T13354] ? ext4_register_li_request+0x183/0x940 [ 542.761740][T13354] ? errseq_check_and_advance+0x66/0x120 [ 542.767393][T13354] ext4_fill_super+0x5eea/0x67b0 [ 542.772503][T13354] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 542.779139][T13354] ? __might_sleep+0xe0/0xe0 [ 542.783750][T13354] ? read_lock_is_recursive+0x20/0x20 [ 542.789124][T13354] ? snprintf+0xe9/0x140 [ 542.793522][T13354] ? down_read_killable+0x340/0x340 [ 542.798729][T13354] ? setup_bdev_super+0x56b/0x660 [ 542.803761][T13354] get_tree_bdev+0x3f3/0x520 [ 542.808362][T13354] ? vfs_parse_fs_string+0x170/0x170 [ 542.813659][T13354] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 542.820276][T13354] ? setup_bdev_super+0x660/0x660 [ 542.825323][T13354] ? apparmor_capable+0x137/0x1a0 [ 542.830361][T13354] ? bpf_lsm_capable+0x9/0x10 [ 542.835136][T13354] ? security_capable+0x89/0xb0 [ 542.839991][T13354] vfs_get_tree+0x8c/0x280 [ 542.844409][T13354] do_new_mount+0x24b/0xa40 [ 542.848953][T13354] __se_sys_mount+0x2e7/0x3d0 [ 542.853647][T13354] ? __x64_sys_mount+0xc0/0xc0 [ 542.858415][T13354] ? lockdep_hardirqs_on+0x98/0x150 [ 542.863638][T13354] ? __x64_sys_mount+0x20/0xc0 [ 542.868521][T13354] do_syscall_64+0x55/0xa0 [ 542.872943][T13354] ? clear_bhb_loop+0x40/0x90 [ 542.877653][T13354] ? clear_bhb_loop+0x40/0x90 [ 542.882347][T13354] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 542.888501][T13354] RIP: 0033:0x7f23e119da8a [ 542.893053][T13354] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 542.912855][T13354] RSP: 002b:00007f23e1f9ee58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 542.921828][T13354] RAX: ffffffffffffffda RBX: 00007f23e1f9eee0 RCX: 00007f23e119da8a [ 542.930235][T13354] RDX: 00002000000009c0 RSI: 0000200000000540 RDI: 00007f23e1f9eea0 [ 542.938397][T13354] RBP: 00002000000009c0 R08: 00007f23e1f9eee0 R09: 0000000000800718 [ 542.946716][T13354] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000540 [ 542.954859][T13354] R13: 00007f23e1f9eea0 R14: 000000000000048d R15: 0000200000000200 [ 542.962848][T13354] [ 542.966503][T13354] Kernel Offset: disabled [ 542.970953][T13354] Rebooting in 86400 seconds..