last executing test programs: 12.007226276s ago: executing program 0 (id=464): syz_open_procfs(0x0, &(0x7f0000000340)='mountinfo\x00') socket$tipc(0x1e, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x82001) socket$inet6(0xa, 0x2, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x22000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x0, 0x1, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x7f, 0x800000, 0x3, 0x7, 0xc3ad, 0x4}, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 11.557526182s ago: executing program 3 (id=467): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008413, &(0x7f0000000000)={[{@noblock_validity}, {@barrier}]}, 0x0, 0x517, &(0x7f00000000c0)="$eJzs3c9vG1kdAPDvOHG2adJNFjjASuwu7KK0gtrJRrsb9VCKhOBUCSj3EhIniuLEVey0TVTRVPwBSAgBEie4cEHiD0BClbhwREiV4AwCBELQwgEk6CDb4zR17CS0rp0mn480nffDM9/33M543sx0JoBT60o2PU7T9EJETGTluWz6ZD2zE/FWRDx6eGehPiWRptf+lkSSlbXWlTa8EmPNRRor+MoXI76e7I9b3dpenS+XSxtZvlhbu1Gsbm1fXFmbXy4tl9ZnZ2fen/tg7r256efp3tJYljgXEZc//6fvfuvHX7j888/c+v31v5z/RtJs8932fvx/hg+sbX6f+TjTtsjGswU7lob3JkaPtsy97J8IAAD9VT8u/VB2nH8hJmLokONZAAAA4OWTfnY8/pO0rt3tM9KlHAAAAHiJ5CJiPJJcIbvfdzxyuUIhGvfwfiTO5sqVau3TS5XN9cV6XcRk5HNLK+XSdHZv62Tkk3p+ppF+kn+3LT8bEa9FxHcmRhv5wkKlvDjokx8AAABwSoy1jf//OdEc/wMAAAAnzOSgGwAAAAC8cMb/AAAAcPIZ/wMAAMCJ9qWrV+tT2nr/9eLNrc3Vys2Li6XqamFtc6GwUNm4UViuVJYbz+xbO3Blu68OXN+8XayVqrVidWv7+lplc712feXpV2ADAAAA/fPam/d/m0TEzqXRGL002igb2VP/7+w9AQNrIPDC7J6yiySbj+z/0O9ebc7/2KdGAX0xNOgGAAMzPOgGAAOTH3QDgIFLDqnvevPOr7L5J3rbHgAAoPemPvbk+v9O2/X/3IFL7hxcDRx7NmI4vVz/h9Orcf2/wy1/HTlYgBMl7wgATr3nvv5/KP+HCAAABm28MSW5QnZ6bzxyuUIh4lzjtQD5ZGmlXJqOiFcj4jcT+Vfq+ZnGksmhYwYAAAAAAAAAAAAAAAAAAAAAAAAAoClNk0gBAACAEy0i9+fkF81n+U9NvDPefn5gJPnXRGSvCL31g2vfuz1fq23M1Mv/vlte+35W/u4gzmAAAAAA7Vrj9NY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB66dHDOwutqZ9x//q5iJjsFH84zjTmZyIfEWf/kcTwnuWSiBjqQfydexHx0U7xk3qzdkN2ij/64uPHZPYtdIo/1oP4cJrdr+9/rnTa/nLxVmPeefsbjngq/6y67/9id/831GX7P3fEGK8/+Gmxa/x7Ea8Pd97/tOInXeK/fcT4X/vq9na3uvSHEVMdf3+Sp2IVa2s3itWt7Ysra/PLpeXS+uzszPtzH8y9NzddXFopl7I/O8b49sd/9vig/p/tEn/ykP6/c8T+//fB7YcfbibzneKff7tD/F/+KPvE/vi57LfvU1m6Xj/VSu8003u98ZNfv3FQ/xe79P+wv//zR+z/hS9/8w9H/CgA0AfVre3V+XK5tHFiE/VR+jFohsQxTNzdX/VmdF0qSQ5eYZqmaX2beo6GJd2j9yeR7JYMes8EAAD02pOj/0G3BAAAAAAAAAAAAAAAAAAAAE6vfjxXrD3mzm4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuJ/AQAA//8fp+fv") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0xfffffffffffffffe, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x19, &(0x7f0000000080)=0x1b, 0x4) sendto$inet6(r4, &(0x7f00000000c0)="26a757208dfd7c2e695f05eca27904afc7789197712465003a9621f6ef13b022ac2cd77c5e5ae8a304de170b9e54bf62003c0580ae9e27c53b91f70a23096a516e804dcf9b48074f4b45cab58e76826558b1df48a374ea092f13c7cfdd1c26387be3cb085135c5638d29063a0bebee88088cb70b5450c5bb265dcc2595a238ed5183fdba75006ca53c5ecf0bb12b24294d144f580c3848b3abf78718c64d6b918d17ace6c4dd09fc22e489062a2a0561cd86b9b192a963caa53ef444b5efb693a13053a25e0759ea4e6c9585f550e004e770b6a3f5e396f2412fc556c54c3d4a4282872b18b8041a", 0xe8, 0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'tunl0\x00', &(0x7f00000003c0)={'ip_vti0\x00', 0x0, 0x40, 0x10, 0x49, 0x0, {{0x14, 0x4, 0x1, 0x0, 0x50, 0x65, 0x0, 0x1, 0x4, 0x0, @local, @private=0xa010102, {[@rr={0x7, 0x3, 0xff}, @timestamp_prespec={0x44, 0x24, 0x36, 0x3, 0x1, [{@broadcast, 0x80}, {@remote, 0xa}, {@dev={0xac, 0x14, 0x14, 0x40}, 0x2}, {@local, 0xfffffffb}]}, @timestamp_addr={0x44, 0x14, 0x82, 0x1, 0xd, [{@rand_addr=0x64010100, 0x7}, {@local, 0x7}]}]}}}}}) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000040)=[{&(0x7f0000000280)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010005081000418e00000004fcff", 0x58}], 0x1) 10.977353469s ago: executing program 0 (id=469): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB], &(0x7f0000000240)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02002c000b35d25a806f8c6394f91124fc602f1b06000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 10.664174724s ago: executing program 0 (id=470): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000040)=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x1}}, 0x20) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, 0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, 0x0) r6 = msgget$private(0x0, 0x0) msgsnd(r6, 0x0, 0x2000, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 10.189546802s ago: executing program 1 (id=471): fanotify_init(0x200, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_dev$ndb(0x0, 0x0, 0x115440) r0 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000100), 0x8101, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, 0x0) sendto$l2tp(0xffffffffffffffff, &(0x7f0000000040)="52784a0e000071000000c83b", 0xff92, 0x0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) set_mempolicy(0x3, &(0x7f00000000c0)=0x3, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 9.644294756s ago: executing program 1 (id=472): syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x40002) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x840000000002, 0x3, 0xff) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x18) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) sendmmsg$inet(r3, &(0x7f0000000240)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e150451160200000064c6", 0x15}, {&(0x7f0000000000)="17460081ba60ccbb9d000000000000", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000780)="5825be06000000000000007ca2746314d1787b351f0dda2d3d656bc3a2a75e0d", 0x20}], 0x1}}], 0x2, 0x4004040) r5 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet6(r5, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001bc0)=[@hoplimit={{0x14, 0x29, 0x34, 0x5}}, @hoplimit={{0x14, 0x29, 0x34, 0x200006}}], 0x30}}], 0x1, 0x4000000) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xc00, 0x0) ioctl$BTRFS_IOC_SEND(r5, 0x40489426, &(0x7f0000000300)={{r6}, 0x4, &(0x7f00000001c0)=[0x0, 0x8, 0x80000000, 0x5], 0x0, 0x7}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @local}, "380086ddffffffff"}}}}}, 0x0) ioctl$USBDEVFS_CLAIMINTERFACE(r8, 0x8004550f, 0x0) 9.297927484s ago: executing program 3 (id=473): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x3) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000100)=0x400, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0xff, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '@\x00', 0x14, 0x6, 0x1, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7, 0x0, 0x0, 0xf}}}}}}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8000000000000001}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x10, 0x3, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 7.506318837s ago: executing program 3 (id=475): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @socket={{0xb}, @void}}]}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, ']'}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x20004049}, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x7, &(0x7f00000000c0)={0x0, 0x0, 0x4}) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) getdents(0xffffffffffffffff, 0xffffffffffffffff, 0x5a) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x6, 0x0, &(0x7f0000000380)) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r2, 0x40045402, &(0x7f0000000140)) prlimit64(0x0, 0x1, &(0x7f0000000140), 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, &(0x7f0000000340), &(0x7f0000000280)) r3 = openat2$dir(0xffffff9c, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x101c00, 0x4c}, 0x18) read(r3, &(0x7f0000000440)=""/147, 0x93) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f00000000c0)=0x2000) 7.160105905s ago: executing program 4 (id=476): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x75, 0x5}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='signal_generate\x00', r0}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 7.039333905s ago: executing program 4 (id=477): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) r0 = getpid() prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x88b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r6 = gettid() process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x229, 0x0) 6.929141644s ago: executing program 3 (id=478): syz_open_dev$vim2m(0x0, 0x1, 0x2) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) syz_open_dev$vbi(0x0, 0x0, 0x2) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0x0) socket$kcm(0x2, 0xa, 0x2) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) openat$nvram(0xffffff9c, &(0x7f00000001c0), 0x80400, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x10) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r6, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x5}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc}]}}]}]}]}}]}, 0x6c}}, 0x0) 6.251814628s ago: executing program 1 (id=479): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x3f, 0x2000000000000033, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r0}, 0x18) syz_clone(0x500, 0x0, 0x0, 0x0, 0x0, 0x0) 5.962609862s ago: executing program 1 (id=481): ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c00000010000904040000000000080000000000", @ANYRES32=r2, @ANYBLOB="00000000000000003c001280110001006272696467655f736c6176650000000024000580"], 0x5c}}, 0x0) 5.962311742s ago: executing program 4 (id=482): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @socket={{0xb}, @void}}]}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, ']'}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x20004049}, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x7, &(0x7f00000000c0)={0x0, 0x0, 0x4}) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) getdents(0xffffffffffffffff, 0xffffffffffffffff, 0x5a) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x6, 0x0, &(0x7f0000000380)) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r2, 0x40045402, &(0x7f0000000140)) prlimit64(0x0, 0x1, &(0x7f0000000140), 0x0) add_key(&(0x7f0000000040)='big_key\x00', &(0x7f0000000000)={'syz', 0x3}, &(0x7f0000000240)="7a5d11dba25ccb2dde2f82a419fe7ea41b4424adda4e8c3be797cf6910d54400a9aff2b55d33ad438a4f258f64a45a6783e20a8ffdc2a7e562fc1596aaeea7e5e9d309daaabd4573fe5605c2644bcdfa0aa19b6bad3aafc9ee43af2ec449e88891b5eef99e622795495035828dfeedb2f29b", 0xff51, 0xfffffffffffffffd) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, &(0x7f0000000340)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) openat2$dir(0xffffff9c, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x101c00, 0x4c}, 0x18) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x2) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f00000000c0)=0x2000) 5.557742204s ago: executing program 4 (id=483): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008413, &(0x7f0000000000)={[{@noblock_validity}, {@barrier}]}, 0x0, 0x517, &(0x7f00000000c0)="$eJzs3c9vG1kdAPDvOHG2adJNFjjASuwu7KK0gtrJRrsb9VCKhOBUCSj3EhIniuLEVey0TVTRVPwBSAgBEie4cEHiD0BClbhwREiV4AwCBELQwgEk6CDb4zR17CS0rp0mn480nffDM9/33M543sx0JoBT60o2PU7T9EJETGTluWz6ZD2zE/FWRDx6eGehPiWRptf+lkSSlbXWlTa8EmPNRRor+MoXI76e7I9b3dpenS+XSxtZvlhbu1Gsbm1fXFmbXy4tl9ZnZ2fen/tg7r256efp3tJYljgXEZc//6fvfuvHX7j888/c+v31v5z/RtJs8932fvx/hg+sbX6f+TjTtsjGswU7lob3JkaPtsy97J8IAAD9VT8u/VB2nH8hJmLokONZAAAA4OWTfnY8/pO0rt3tM9KlHAAAAHiJ5CJiPJJcIbvfdzxyuUIhGvfwfiTO5sqVau3TS5XN9cV6XcRk5HNLK+XSdHZv62Tkk3p+ppF+kn+3LT8bEa9FxHcmRhv5wkKlvDjokx8AAABwSoy1jf//OdEc/wMAAAAnzOSgGwAAAAC8cMb/AAAAcPIZ/wMAAMCJ9qWrV+tT2nr/9eLNrc3Vys2Li6XqamFtc6GwUNm4UViuVJYbz+xbO3Blu68OXN+8XayVqrVidWv7+lplc712feXpV2ADAAAA/fPam/d/m0TEzqXRGL002igb2VP/7+w9AQNrIPDC7J6yiySbj+z/0O9ebc7/2KdGAX0xNOgGAAMzPOgGAAOTH3QDgIFLDqnvevPOr7L5J3rbHgAAoPemPvbk+v9O2/X/3IFL7hxcDRx7NmI4vVz/h9Orcf2/wy1/HTlYgBMl7wgATr3nvv5/KP+HCAAABm28MSW5QnZ6bzxyuUIh4lzjtQD5ZGmlXJqOiFcj4jcT+Vfq+ZnGksmhYwYAAAAAAAAAAAAAAAAAAAAAAAAAoClNk0gBAACAEy0i9+fkF81n+U9NvDPefn5gJPnXRGSvCL31g2vfuz1fq23M1Mv/vlte+35W/u4gzmAAAAAA7Vrj9NY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB66dHDOwutqZ9x//q5iJjsFH84zjTmZyIfEWf/kcTwnuWSiBjqQfydexHx0U7xk3qzdkN2ij/64uPHZPYtdIo/1oP4cJrdr+9/rnTa/nLxVmPeefsbjngq/6y67/9id/831GX7P3fEGK8/+Gmxa/x7Ea8Pd97/tOInXeK/fcT4X/vq9na3uvSHEVMdf3+Sp2IVa2s3itWt7Ysra/PLpeXS+uzszPtzH8y9NzddXFopl7I/O8b49sd/9vig/p/tEn/ykP6/c8T+//fB7YcfbibzneKff7tD/F/+KPvE/vi57LfvU1m6Xj/VSu8003u98ZNfv3FQ/xe79P+wv//zR+z/hS9/8w9H/CgA0AfVre3V+XK5tHFiE/VR+jFohsQxTNzdX/VmdF0qSQ5eYZqmaX2beo6GJd2j9yeR7JYMes8EAAD02pOj/0G3BAAAAAAAAAAAAAAAAAAAAE6vfjxXrD3mzm4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuJ/AQAA//8fp+fv") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0xfffffffffffffffe, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x19, &(0x7f0000000080)=0x1b, 0x4) sendto$inet6(r4, &(0x7f00000000c0)="26a757208dfd7c2e695f05eca27904afc7789197712465003a9621f6ef13b022ac2cd77c5e5ae8a304de170b9e54bf62003c0580ae9e27c53b91f70a23096a516e804dcf9b48074f4b45cab58e76826558b1df48a374ea092f13c7cfdd1c26387be3cb085135c5638d29063a0bebee88088cb70b5450c5bb265dcc2595a238ed5183fdba75006ca53c5ecf0bb12b24294d144f580c3848b3abf78718c64d6b918d17ace6c4dd09fc22e489062a2a0561cd86b9b192a963caa53ef444b5efb693a13053a25e0759ea4e6c9585f550e004e770b6a3f5e396f2412fc556c54c3d4a4282872b18b8041a", 0xe8, 0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'tunl0\x00', &(0x7f00000003c0)={'ip_vti0\x00', 0x0, 0x40, 0x10, 0x49, 0x0, {{0x14, 0x4, 0x1, 0x0, 0x50, 0x65, 0x0, 0x1, 0x4, 0x0, @local, @private=0xa010102, {[@rr={0x7, 0x3, 0xff}, @timestamp_prespec={0x44, 0x24, 0x36, 0x3, 0x1, [{@broadcast, 0x80}, {@remote, 0xa}, {@dev={0xac, 0x14, 0x14, 0x40}, 0x2}, {@local, 0xfffffffb}]}, @timestamp_addr={0x44, 0x14, 0x82, 0x1, 0xd, [{@rand_addr=0x64010100, 0x7}, {@local, 0x7}]}]}}}}}) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000040)=[{&(0x7f0000000280)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010005081000418e00000004fcff", 0x58}], 0x1) 3.859026371s ago: executing program 2 (id=485): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x7e, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)=@x86={0xa0, 0xfd, 0x5, 0x0, 0x3, 0x3, 0xb, 0x1, 0xf8, 0x19, 0x7, 0x3, 0x0, 0x9d, 0x1, 0x7, 0x6, 0x40, 0x0, '\x00', 0x4, 0xcaa}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0xea, 0x55e, 0xffffffff, 0x4, 0xfffffffffffffffd, 0x7, 0x9, 0xb, 0x4, 0x80, 0x6, 0x794, 0xa, 0x40, 0xc976, 0x6], 0x2, 0x20200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.577290903s ago: executing program 4 (id=486): syz_open_dev$tty1(0xc, 0x4, 0x3) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) syz_open_dev$video4linux(0x0, 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x26802) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) close(r3) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000a00), r4) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x28, r5, 0xd0b, 0x70bd28, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000300)={0x0, 0x0, 0x0}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000300)={{0x1, 0x1, 0x18, r6}, './file0\x00'}) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_ringparam={0x33, 0x7f, 0x20000a2e, 0x0, 0x0, 0x3, 0x2000000, 0x0, 0x3000000}}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x3a9e9908}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00') socket$key(0xf, 0x3, 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005a1000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000ac4000/0x4000)=nil) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000880)={0x2c2, 0x7d, 0x0, {{0x500, 0xfa, 0x0, 0x6a, {0x40}, 0x10000000, 0x2000000, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00'/31, 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xfb\xe1a\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x5e, '\xf8\xf6~\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x9d,;\x9e\x1dR\xc3\xd6\xda\x9b\xf1\x99V\x88\xda\xcel\xde{\xa4\xa4\x00\xb4\xb0\xb4\xdb\xe6Od\xb1\xd6?&ym\xcb\xecI\x86#\xd6\xa88\xc6\x9ai\xdf\xcc\x9c\xddY\x06\xf1t\xa6f\xa8R\x9aEw4\a\xdb\xda\xb2\x88[\xaf\x05\x00\x00\x00\x00\x00'}, 0x1b3, 'odev-n\xb1{#\x00\xf9\xda\xa1\xee#&n\xcf\x85\xfe\xa6^\xb2\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\xbd\x7f=\x7f)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x01\x00\x00\x00\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\xcf>\xe3\x88@\x02\xa9\x1cTR\x8b\x80z\x89\xca\x18M\x16d_\x06\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f)\x9f\x06\x1fu\xb7y|\xe1\xe4\x11\xea\x91\x8e\xbd\x88\x8c\x1e\x15k\x84V\x93\x1d.\xa7&\xba\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9G\x8f}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00\x00\x00\x00\x00\x00\x00ta\xb0\xcc\xaa\xa1\x93:\x0e\x8a\x82k\x14\xd4\xfc\xb2\x98\x9f\xfa\xaa\x1a\xcf\xfa\x80T\xe9U\x9d\xfa\xe4iz\xa0\v\x03\xb3\xd8\x0eU$\xf8I_\xee~\x8d\x88\xcbZ\x04\x03\x02\xac\xb0\xd1&\x0f%\x84\xdbH\xe8\xd9\x06N\x8c\xe1x\xce9n\x85\xb9~H\x86D@I\x81\x0f%\xf1\xce\xca\x97]\xebI\x1a\x12[\xf0\xd7/\x87\xcc\x10\xb0\x15N\b\x93m\xaa\xdd\x8b\x1e\x97'}}, 0x2c2) socket$inet_sctp(0x2, 0x1, 0x84) 3.377276489s ago: executing program 2 (id=487): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x75, 0x5}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='signal_generate\x00', r0}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 3.137419768s ago: executing program 2 (id=488): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0xad82, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x64, 0x1, 0x1, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) listen(0xffffffffffffffff, 0x802) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000180)=0x7a, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r3, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001280)="bb2d839f3bf337ccd0d8f3513ab30aba4b00b6f0ef506a60f4082ace5a8a10d80d8d595071f2ff529ff6996481ffc7e4de448343b85079722c4f1a1ce360836392283201a1a5ac0b6e24ccf9f075c64fe58b7a37d37019a49908876bc37c9f304eeefed8a6d8cae3ca0f81e900c8735b8b3063967b68a1567e30726f2c0edb6c85e78619700b0645b728a0c88b22d18366a6db2e391401feb630396bf42b987b102eb2d0a804e188648df6c8ddd79e0fde3893930e06e91c39cc01d239a1c20cb0cee84da924212382163c6638e798d66660c356195a56523456052c42aca7c8404e259561dfea5cbdc21a31b7e7eb73a710b68ba2ae2eff86d3d4fbda8b72014f5de839d48acbc9d217f7ac0b3362a66f3a7d04277cc4b918687ed082170f98dc54bd56f28ea3fecc4e86e1820ed811919dac4d09c18e27c4d839c7ac015d34522c7d87ae968dc872d97db81da9a4b6f631535348d9d44ca3fe846f6706fd3d3bd2f62f2d", 0x165}], 0x1}}], 0x1, 0x40000d0) sendto$inet(r3, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/fscaps', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x40, 0xbbba, 0x2, 0x0, 0x2, {}, {0x80004, 0x2}, {0x4004000}, {0x0, 0x8}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0x800f, 0x2, 0x20000000, 0x80, 0x0, 0x11}) mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bdb000/0x3000)=nil, 0x3000, &(0x7f0000000000)='permhat ') madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) 1.929304695s ago: executing program 2 (id=489): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) umount2(&(0x7f0000000000)='./file0\x00', 0x3) 1.287032667s ago: executing program 0 (id=490): syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x40002) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = socket(0x840000000002, 0x3, 0xff) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) sendmmsg$inet(r1, &(0x7f0000000240)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e150451160200000064c6", 0x15}, {&(0x7f0000000000)="17460081ba60ccbb9d000000000000", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000780)="5825be06000000000000007ca2746314d1787b351f0dda2d3d656bc3a2a75e0d", 0x20}], 0x1}}], 0x2, 0x4004040) r3 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet6(r3, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001bc0)=[@hoplimit={{0x14, 0x29, 0x34, 0x5}}, @hoplimit={{0x14, 0x29, 0x34, 0x200006}}], 0x30}}], 0x1, 0x4000000) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xc00, 0x0) ioctl$BTRFS_IOC_SEND(r3, 0x40489426, &(0x7f0000000300)={{r4}, 0x4, &(0x7f00000001c0)=[0x0, 0x8, 0x80000000, 0x5], 0x0, 0x7}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @local}, "380086ddffffffff"}}}}}, 0x0) ioctl$USBDEVFS_CLAIMINTERFACE(r6, 0x8004550f, 0x0) 1.240672011s ago: executing program 1 (id=491): creat(&(0x7f0000000200)='./file2\x00', 0x102) r0 = getpid() prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x88b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r6 = gettid() process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x229, 0x0) 1.075114054s ago: executing program 0 (id=492): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x3f, 0x2000000000000033, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r0}, 0x18) syz_clone(0x500, 0x0, 0x0, 0x0, 0x0, 0x0) 958.841793ms ago: executing program 2 (id=493): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, 0x0, 0x0) 957.657683ms ago: executing program 3 (id=494): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @socket={{0xb}, @void}}]}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, ']'}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x20004049}, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x7, &(0x7f00000000c0)={0x0, 0x0, 0x4}) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) getdents(0xffffffffffffffff, 0xffffffffffffffff, 0x5a) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x6, 0x0, &(0x7f0000000380)) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r2, 0x40045402, &(0x7f0000000140)) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, &(0x7f0000000340), &(0x7f0000000280)) r3 = openat2$dir(0xffffff9c, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x101c00, 0x4c}, 0x18) read(r3, &(0x7f0000000440)=""/147, 0x93) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f00000000c0)=0x2000) 729.762311ms ago: executing program 0 (id=495): openat$sysfs(0xffffffffffffff9c, 0x0, 0x101a02, 0x0) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$MRT_ASSERT(r0, 0x0, 0xcf, &(0x7f0000000280), 0x4) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) 351.042032ms ago: executing program 3 (id=496): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008413, &(0x7f0000000000)={[{@noblock_validity}, {@barrier}]}, 0x0, 0x517, &(0x7f00000000c0)="$eJzs3c9vG1kdAPDvOHG2adJNFjjASuwu7KK0gtrJRrsb9VCKhOBUCSj3EhIniuLEVey0TVTRVPwBSAgBEie4cEHiD0BClbhwREiV4AwCBELQwgEk6CDb4zR17CS0rp0mn480nffDM9/33M543sx0JoBT60o2PU7T9EJETGTluWz6ZD2zE/FWRDx6eGehPiWRptf+lkSSlbXWlTa8EmPNRRor+MoXI76e7I9b3dpenS+XSxtZvlhbu1Gsbm1fXFmbXy4tl9ZnZ2fen/tg7r256efp3tJYljgXEZc//6fvfuvHX7j888/c+v31v5z/RtJs8932fvx/hg+sbX6f+TjTtsjGswU7lob3JkaPtsy97J8IAAD9VT8u/VB2nH8hJmLokONZAAAA4OWTfnY8/pO0rt3tM9KlHAAAAHiJ5CJiPJJcIbvfdzxyuUIhGvfwfiTO5sqVau3TS5XN9cV6XcRk5HNLK+XSdHZv62Tkk3p+ppF+kn+3LT8bEa9FxHcmRhv5wkKlvDjokx8AAABwSoy1jf//OdEc/wMAAAAnzOSgGwAAAAC8cMb/AAAAcPIZ/wMAAMCJ9qWrV+tT2nr/9eLNrc3Vys2Li6XqamFtc6GwUNm4UViuVJYbz+xbO3Blu68OXN+8XayVqrVidWv7+lplc712feXpV2ADAAAA/fPam/d/m0TEzqXRGL002igb2VP/7+w9AQNrIPDC7J6yiySbj+z/0O9ebc7/2KdGAX0xNOgGAAMzPOgGAAOTH3QDgIFLDqnvevPOr7L5J3rbHgAAoPemPvbk+v9O2/X/3IFL7hxcDRx7NmI4vVz/h9Orcf2/wy1/HTlYgBMl7wgATr3nvv5/KP+HCAAABm28MSW5QnZ6bzxyuUIh4lzjtQD5ZGmlXJqOiFcj4jcT+Vfq+ZnGksmhYwYAAAAAAAAAAAAAAAAAAAAAAAAAoClNk0gBAACAEy0i9+fkF81n+U9NvDPefn5gJPnXRGSvCL31g2vfuz1fq23M1Mv/vlte+35W/u4gzmAAAAAA7Vrj9NY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB66dHDOwutqZ9x//q5iJjsFH84zjTmZyIfEWf/kcTwnuWSiBjqQfydexHx0U7xk3qzdkN2ij/64uPHZPYtdIo/1oP4cJrdr+9/rnTa/nLxVmPeefsbjngq/6y67/9id/831GX7P3fEGK8/+Gmxa/x7Ea8Pd97/tOInXeK/fcT4X/vq9na3uvSHEVMdf3+Sp2IVa2s3itWt7Ysra/PLpeXS+uzszPtzH8y9NzddXFopl7I/O8b49sd/9vig/p/tEn/ykP6/c8T+//fB7YcfbibzneKff7tD/F/+KPvE/vi57LfvU1m6Xj/VSu8003u98ZNfv3FQ/xe79P+wv//zR+z/hS9/8w9H/CgA0AfVre3V+XK5tHFiE/VR+jFohsQxTNzdX/VmdF0qSQ5eYZqmaX2beo6GJd2j9yeR7JYMes8EAAD02pOj/0G3BAAAAAAAAAAAAAAAAAAAAE6vfjxXrD3mzm4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuJ/AQAA//8fp+fv") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0xfffffffffffffffe, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x19, &(0x7f0000000080)=0x1b, 0x4) sendto$inet6(r4, &(0x7f00000000c0)="26a757208dfd7c2e695f05eca27904afc7789197712465003a9621f6ef13b022ac2cd77c5e5ae8a304de170b9e54bf62003c0580ae9e27c53b91f70a23096a516e804dcf9b48074f4b45cab58e76826558b1df48a374ea092f13c7cfdd1c26387be3cb085135c5638d29063a0bebee88088cb70b5450c5bb265dcc2595a238ed5183fdba75006ca53c5ecf0bb12b24294d144f580c3848b3abf78718c64d6b918d17ace6c4dd09fc22e489062a2a0561cd86b9b192a963caa53ef444b5efb693a13053a25e0759ea4e6c9585f550e004e770b6a3f5e396f2412fc556c54c3d4a4282872b18b8041a", 0xe8, 0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'tunl0\x00', &(0x7f00000003c0)={'ip_vti0\x00', 0x0, 0x40, 0x10, 0x49, 0x0, {{0x14, 0x4, 0x1, 0x0, 0x50, 0x65, 0x0, 0x1, 0x4, 0x0, @local, @private=0xa010102, {[@rr={0x7, 0x3, 0xff}, @timestamp_prespec={0x44, 0x24, 0x36, 0x3, 0x1, [{@broadcast, 0x80}, {@remote, 0xa}, {@dev={0xac, 0x14, 0x14, 0x40}, 0x2}, {@local, 0xfffffffb}]}, @timestamp_addr={0x44, 0x14, 0x82, 0x1, 0xd, [{@rand_addr=0x64010100, 0x7}, {@local, 0x7}]}]}}}}}) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000040)=[{&(0x7f0000000280)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010005081000418e00000004fcff", 0x58}], 0x1) 331.205453ms ago: executing program 4 (id=497): syz_open_dev$vim2m(0x0, 0x1, 0x2) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) syz_open_dev$vbi(0x0, 0x0, 0x2) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0x0) socket$kcm(0x2, 0xa, 0x2) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) openat$nvram(0xffffff9c, &(0x7f00000001c0), 0x80400, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x10) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r6, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x5}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc}]}}]}]}]}}]}, 0x6c}}, 0x0) 50.789246ms ago: executing program 1 (id=498): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x75, 0x5}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='signal_generate\x00', r0}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 0s ago: executing program 2 (id=499): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='syzkaller\x00'}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) kernel console output (not intermixed with test programs): tdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.436785][ T4275] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.446402][ T4275] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.456870][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.465759][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.474303][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.483574][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.492990][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.501888][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.511495][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.520875][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.529542][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.538513][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.550579][ T4268] device veth0_macvtap entered promiscuous mode [ 73.558948][ T4282] device veth0_macvtap entered promiscuous mode [ 73.568987][ T4266] device veth0_macvtap entered promiscuous mode [ 73.585425][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.593849][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.602960][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.615029][ T4268] device veth1_macvtap entered promiscuous mode [ 73.625850][ T4282] device veth1_macvtap entered promiscuous mode [ 73.649667][ T4266] device veth1_macvtap entered promiscuous mode [ 73.675416][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.687979][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.694096][ T4282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.707593][ T4282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.717931][ T4282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.729253][ T4282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.742351][ T4282] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.763222][ T4266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.774075][ T4266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.784225][ T4266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.795718][ T4266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.806420][ T4266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.817263][ T4266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.831668][ T4266] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.839225][ T4365] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.847942][ T4365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.857082][ T4365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.866043][ T4365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.874966][ T4365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.885578][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.896852][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.906770][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.917755][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.928269][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.939361][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.949462][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.961972][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.973515][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.995167][ T4282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.009351][ T4282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.021987][ T4282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.032533][ T4282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.044437][ T4282] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.055822][ T4312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.065968][ T4312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.079560][ T4312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.089985][ T4312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.102967][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.113751][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.126130][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.137430][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.148139][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.158721][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.170238][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.181440][ T4266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.192481][ T4266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.203969][ T4266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.214651][ T4266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.224701][ T4266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.235447][ T4266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.245439][ T4266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.255997][ T4266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.267316][ T4266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.277421][ T4282] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.287364][ T4282] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.297295][ T4282] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.306628][ T4282] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.320177][ T4365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.328933][ T4365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.343823][ T4365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.354406][ T4365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.378591][ T4268] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.400562][ T4268] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.411849][ T4268] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.421102][ T4268] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.441199][ T4266] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.450796][ T4266] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.459611][ T4266] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.468640][ T4266] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.487178][ T4385] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.495251][ T4385] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.530573][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.542843][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.544105][ T4386] device bridge_slave_1 left promiscuous mode [ 74.558632][ T4386] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.569070][ T4386] device bridge_slave_0 left promiscuous mode [ 74.575583][ T4386] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.675115][ T4312] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.738613][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.776391][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.805934][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 74.836053][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.859988][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.890428][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.942961][ T4365] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.953424][ T4365] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.975700][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.977535][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.996980][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.021146][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.035847][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.049501][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.157165][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.468926][ T4276] Bluetooth: hci1: command 0x0419 tx timeout [ 75.477125][ T4276] Bluetooth: hci4: command 0x0419 tx timeout [ 75.496660][ T4278] Bluetooth: hci2: command 0x0419 tx timeout [ 75.504022][ T4278] Bluetooth: hci3: command 0x0419 tx timeout [ 75.510958][ T4278] Bluetooth: hci0: command 0x0419 tx timeout [ 75.801498][ T4399] input: syz0 as /devices/virtual/input/input5 [ 76.520516][ T4376] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.528554][ T4376] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.551187][ T4363] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.559636][ T4363] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.611861][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.649203][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.880920][ T27] audit: type=1326 audit(1755138802.909:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4413 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6df38ebe9 code=0x7ffc0000 [ 76.913116][ T27] audit: type=1326 audit(1755138802.929:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4413 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6df38ebe9 code=0x7ffc0000 [ 77.147980][ T27] audit: type=1326 audit(1755138802.929:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4413 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6df38ebe9 code=0x7ffc0000 [ 77.510730][ T27] audit: type=1326 audit(1755138802.929:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4413 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6df38ebe9 code=0x7ffc0000 [ 77.564207][ T27] audit: type=1326 audit(1755138802.929:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4413 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6df38ebe9 code=0x7ffc0000 [ 77.588779][ T27] audit: type=1326 audit(1755138802.929:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4413 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6df38ebe9 code=0x7ffc0000 [ 77.626110][ T27] audit: type=1326 audit(1755138802.929:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4413 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6df38ebe9 code=0x7ffc0000 [ 77.705820][ T27] audit: type=1326 audit(1755138802.939:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4413 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb6df38ebe9 code=0x7ffc0000 [ 77.716773][ T4420] loop2: detected capacity change from 0 to 512 [ 77.747557][ T27] audit: type=1326 audit(1755138802.939:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4413 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6df38ebe9 code=0x7ffc0000 [ 77.858057][ T27] audit: type=1326 audit(1755138802.939:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4413 comm="syz.3.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fb6df38ebe9 code=0x7ffc0000 [ 77.889369][ T4420] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.3: bad orphan inode 13 [ 77.924382][ T4420] ext4_test_bit(bit=12, block=4) = 1 [ 77.940576][ T4420] is_bad_inode(inode)=0 [ 77.960425][ T952] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 77.974124][ T4420] NEXT_ORPHAN(inode)=0 [ 77.978290][ T4420] max_ino=32 [ 77.996118][ T4420] i_nlink=1 [ 78.009312][ T4420] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 78.026806][ T4431] loop0: detected capacity change from 0 to 512 [ 78.063707][ T4431] ======================================================= [ 78.063707][ T4431] WARNING: The mand mount option has been deprecated and [ 78.063707][ T4431] and is ignored by this kernel. Remove the mand [ 78.063707][ T4431] option from the mount to silence this warning. [ 78.063707][ T4431] ======================================================= [ 78.104420][ T4420] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.3: Unrecognised inode hash code 20 [ 78.108982][ T4433] loop1: detected capacity change from 0 to 512 [ 78.125112][ T4420] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.3: Corrupt directory, running e2fsck is recommended [ 78.134087][ T4429] loop4: detected capacity change from 0 to 4096 [ 78.150514][ T4420] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.3: Unrecognised inode hash code 20 [ 78.179668][ T4420] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.3: Corrupt directory, running e2fsck is recommended [ 78.195910][ T4420] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.3: corrupted in-inode xattr [ 78.220307][ T952] usb 4-1: Using ep0 maxpacket: 16 [ 78.247157][ T952] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 78.257209][ T4429] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 78.295887][ T952] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 78.321004][ T4439] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.3: Unrecognised inode hash code 20 [ 78.339715][ T4275] EXT4-fs (loop4): unmounting filesystem. [ 78.360381][ T4439] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.3: Corrupt directory, running e2fsck is recommended [ 78.384710][ T4439] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.3: corrupted in-inode xattr [ 78.403924][ T952] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 78.444351][ T952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.477349][ T4420] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.3: Unrecognised inode hash code 20 [ 78.507546][ T4420] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.3: Corrupt directory, running e2fsck is recommended [ 78.509972][ T952] usb 4-1: Product: syz [ 78.531140][ T4433] EXT4-fs (loop1): Test dummy encryption mode enabled [ 78.538057][ T4433] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 78.545923][ T952] usb 4-1: Manufacturer: syz [ 78.574324][ T4420] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.3: corrupted in-inode xattr [ 78.586520][ T4433] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 78.595474][ T952] usb 4-1: SerialNumber: syz [ 78.598757][ T4439] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.3: Unrecognised inode hash code 20 [ 78.602446][ T4431] EXT4-fs: Ignoring removed nomblk_io_submit option [ 78.779435][ T4439] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.3: Corrupt directory, running e2fsck is recommended [ 78.894945][ T4431] EXT4-fs (loop0): Test dummy encryption mode enabled [ 79.666572][ T4439] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #2: block 13: comm syz.2.3: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 79.828646][ T4431] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2818: Unable to expand inode 17. Delete some EAs or run e2fsck. [ 79.859233][ T4431] EXT4-fs (loop0): 1 truncate cleaned up [ 79.868471][ T4431] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 79.999757][ C1] sched: RT throttling activated [ 80.023964][ T4433] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.16: bad orphan inode 131083 [ 80.248568][ T4433] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 81.071830][ T4266] EXT4-fs (loop0): unmounting filesystem. [ 81.204534][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 81.307946][ T952] usb 4-1: 0:2 : does not exist [ 81.342446][ T952] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 81.436100][ T4454] loop0: detected capacity change from 0 to 128 [ 81.462280][ T4454] EXT4-fs: Ignoring removed nobh option [ 81.482515][ T952] usb 4-1: USB disconnect, device number 2 [ 81.497608][ T4454] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 82.267653][ T4464] loop3: detected capacity change from 0 to 512 [ 84.019319][ T14] cfg80211: failed to load regulatory.db [ 84.039067][ T4454] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 84.120050][ T4464] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 84.713215][ T4465] loop4: detected capacity change from 0 to 256 [ 85.490093][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 85.524603][ T4464] EXT4-fs: failed to create workqueue [ 85.532751][ T4464] EXT4-fs (loop3): mount failed [ 85.774486][ T4434] udevd[4434]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 85.946460][ T4266] EXT4-fs (loop0): unmounting filesystem. [ 88.307898][ T4486] loop1: detected capacity change from 0 to 4096 [ 88.465863][ T4486] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 88.706040][ T4498] syz.3.29[4498] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 88.708512][ T4498] syz.3.29[4498] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 88.724821][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 89.060634][ T4507] loop2: detected capacity change from 0 to 128 [ 89.092148][ T4507] EXT4-fs: Ignoring removed nobh option [ 89.132694][ T4507] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 89.178222][ T4511] netlink: 'syz.3.36': attribute type 10 has an invalid length. [ 89.186588][ T4507] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 89.198537][ T4511] netlink: 40 bytes leftover after parsing attributes in process `syz.3.36'. [ 89.208281][ T4511] device dummy0 entered promiscuous mode [ 89.215540][ T4511] bridge0: port 3(dummy0) entered blocking state [ 89.224439][ T4511] bridge0: port 3(dummy0) entered disabled state [ 89.244623][ T4511] bridge0: port 3(dummy0) entered blocking state [ 89.251371][ T4511] bridge0: port 3(dummy0) entered forwarding state [ 89.324421][ T4515] loop4: detected capacity change from 0 to 512 [ 89.461724][ T4515] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 89.593719][ T4515] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 89.602510][ T4515] System zones: 1-12 [ 89.619923][ T4515] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2195: inode #15: comm syz.4.35: corrupted in-inode xattr [ 89.637490][ T4515] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.35: couldn't read orphan inode 15 (err -117) [ 89.654574][ T4515] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 92.605062][ T4526] loop0: detected capacity change from 0 to 256 [ 93.446489][ T4522] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 93.468982][ T4275] EXT4-fs (loop4): unmounting filesystem. [ 93.487343][ T4522] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 93.498268][ T4522] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 93.720069][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 93.801846][ T4522] syz.3.38 (4522) used greatest stack depth: 18248 bytes left [ 94.876200][ T4563] netlink: 48 bytes leftover after parsing attributes in process `syz.1.55'. [ 95.173474][ T4574] netlink: 'syz.3.61': attribute type 10 has an invalid length. [ 95.211971][ T4574] bridge0: port 3(dummy0) entered disabled state [ 95.236495][ T4572] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 97.169593][ T4582] netlink: 'syz.0.64': attribute type 10 has an invalid length. [ 97.225300][ T4582] netlink: 164 bytes leftover after parsing attributes in process `syz.0.64'. [ 97.736590][ T4607] loop4: detected capacity change from 0 to 512 [ 97.764093][ T4607] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 97.778911][ T4607] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 97.827332][ T4607] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 97.884382][ T4607] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 97.920173][ T4607] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 98.019571][ T4607] EXT4-fs (loop4): orphan cleanup on readonly fs [ 98.065234][ T4607] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.75: bg 0: block 34: padding at end of block bitmap is not set [ 98.112765][ T4607] __quota_error: 43 callbacks suppressed [ 98.112783][ T4607] Quota error (device loop4): write_blk: dquota write failed [ 98.148045][ T4607] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 98.168027][ T4607] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.75: Failed to acquire dquot type 1 [ 98.214703][ T4607] EXT4-fs (loop4): 1 truncate cleaned up [ 98.249980][ T4607] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 98.331360][ T4622] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.80'. [ 99.256948][ T4275] EXT4-fs (loop4): unmounting filesystem. [ 100.571879][ T27] audit: type=1804 audit(1755138825.999:55): pid=4656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.97" name="/newroot/20/bus/bus" dev="overlay" ino=133 res=1 errno=0 [ 100.765926][ T4660] loop1: detected capacity change from 0 to 512 [ 100.784966][ T4660] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 100.829966][ T4660] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 100.851084][ T4660] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 100.890261][ T4660] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 100.899455][ T4662] device wg2 entered promiscuous mode [ 100.935895][ T4660] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 100.999611][ T4660] EXT4-fs (loop1): orphan cleanup on readonly fs [ 101.100171][ T4660] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.98: bg 0: block 34: padding at end of block bitmap is not set [ 101.185563][ T4660] Quota error (device loop1): write_blk: dquota write failed [ 101.236010][ T4660] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 101.276572][ T4670] device syzkaller0 entered promiscuous mode [ 101.290127][ T4660] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.98: Failed to acquire dquot type 1 [ 101.369912][ T4660] EXT4-fs (loop1): 1 truncate cleaned up [ 101.412479][ T4660] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 102.269462][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 103.380505][ T27] audit: type=1804 audit(1755138828.639:56): pid=4699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.113" name="/newroot/25/bus/bus" dev="overlay" ino=156 res=1 errno=0 [ 107.504960][ T4729] loop3: detected capacity change from 0 to 512 [ 107.548045][ T4729] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 107.573944][ T4732] netlink: 830 bytes leftover after parsing attributes in process `syz.2.124'. [ 107.660931][ T4729] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 107.695298][ T4735] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 107.702436][ T4735] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 107.711331][ T4729] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 107.774173][ T4729] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 108.610065][ T27] audit: type=1804 audit(1755138833.909:57): pid=4741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.125" name="/newroot/19/bus/bus" dev="overlay" ino=125 res=1 errno=0 [ 108.707909][ T4729] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 108.759025][ T4729] EXT4-fs (loop3): orphan cleanup on readonly fs [ 108.777705][ T4729] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.123: bg 0: block 34: padding at end of block bitmap is not set [ 108.805484][ T4729] Quota error (device loop3): write_blk: dquota write failed [ 108.859920][ T4729] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 108.890026][ T4729] EXT4-fs error (device loop3): ext4_acquire_dquot:6814: comm syz.3.123: Failed to acquire dquot type 1 [ 108.925873][ T4729] EXT4-fs (loop3): 1 truncate cleaned up [ 108.965362][ T4729] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 109.815229][ T4282] EXT4-fs (loop3): unmounting filesystem. [ 109.871160][ T4768] netlink: 'syz.3.138': attribute type 6 has an invalid length. [ 109.879303][ T4768] netlink: 127868 bytes leftover after parsing attributes in process `syz.3.138'. [ 111.089908][ T27] audit: type=1804 audit(1755138836.349:58): pid=4782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.142" name="/newroot/37/bus/bus" dev="overlay" ino=227 res=1 errno=0 [ 111.952345][ T4792] loop2: detected capacity change from 0 to 512 [ 111.966900][ T4792] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 111.982201][ T4792] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 112.001336][ T4792] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 112.048368][ T4792] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 112.068625][ T4792] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 112.078622][ T4792] EXT4-fs (loop2): orphan cleanup on readonly fs [ 112.090337][ T4792] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.149: bg 0: block 34: padding at end of block bitmap is not set [ 112.118033][ T4792] Quota error (device loop2): write_blk: dquota write failed [ 112.127474][ T4792] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 112.145392][ T4792] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.149: Failed to acquire dquot type 1 [ 112.158823][ T4792] EXT4-fs (loop2): 1 truncate cleaned up [ 112.174223][ T4792] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 113.139576][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 115.638525][ T4881] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 115.672485][ T4881] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 115.874319][ T4889] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 115.880978][ T4889] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 116.066966][ T4892] fuse: Bad value for 'fd' [ 116.728730][ T4897] loop2: detected capacity change from 0 to 512 [ 116.795717][ T4897] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 116.817735][ T4897] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 116.841093][ T4897] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 116.862975][ T4903] Â: renamed from pim6reg1 [ 116.894248][ T4897] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 116.906627][ T4897] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 116.916767][ T4897] EXT4-fs (loop2): orphan cleanup on readonly fs [ 116.951781][ T4897] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.163: bg 0: block 34: padding at end of block bitmap is not set [ 116.976839][ T4897] Quota error (device loop2): write_blk: dquota write failed [ 117.023494][ T4897] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 117.055251][ T4911] netlink: 'syz.4.169': attribute type 3 has an invalid length. [ 117.089946][ T4897] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.163: Failed to acquire dquot type 1 [ 117.141028][ T4897] EXT4-fs (loop2): 1 truncate cleaned up [ 117.181992][ T4897] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 117.890186][ T4937] fuse: Bad value for 'fd' [ 117.926362][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 118.458077][ T4939] netlink: 65055 bytes leftover after parsing attributes in process `syz.3.179'. [ 118.668763][ T4948] Â: renamed from pim6reg1 [ 118.710569][ T4946] device syzkaller0 entered promiscuous mode [ 119.059931][ T4314] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 119.136474][ T4965] loop0: detected capacity change from 0 to 512 [ 119.187085][ T4965] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 119.198472][ T4965] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 119.209845][ T4965] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 119.249575][ T4965] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 119.259483][ T4965] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 119.272162][ T4314] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 119.281310][ T4965] EXT4-fs (loop0): orphan cleanup on readonly fs [ 119.295138][ T4314] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 119.308708][ T4965] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.190: bg 0: block 34: padding at end of block bitmap is not set [ 119.328371][ T4314] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 119.328547][ T4965] Quota error (device loop0): write_blk: dquota write failed [ 119.352140][ T4314] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0xF7, skipping [ 119.352153][ T4965] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 119.352184][ T4965] EXT4-fs error (device loop0): ext4_acquire_dquot:6814: comm syz.0.190: Failed to acquire dquot type 1 [ 119.395897][ T4965] EXT4-fs (loop0): 1 truncate cleaned up [ 119.399395][ T4314] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 119.426044][ T4962] mmap: syz.1.188 (4962) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 119.426082][ T4314] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 119.448773][ T4314] usb 3-1: Product: syz [ 119.453136][ T4314] usb 3-1: Manufacturer: syz [ 119.466672][ T4965] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 119.475918][ T4314] cdc_wdm 3-1:1.0: skipping garbage [ 119.487370][ T4314] cdc_wdm 3-1:1.0: skipping garbage [ 119.494556][ T4314] cdc_wdm: probe of 3-1:1.0 failed with error -22 [ 119.570101][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 119.578664][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 119.587048][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 119.595545][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 119.603954][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 119.612441][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 119.620924][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 119.629781][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 119.639794][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 119.649782][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 119.739585][ T4314] usb 3-1: USB disconnect, device number 2 [ 120.016907][ T4266] EXT4-fs (loop0): unmounting filesystem. [ 120.366205][ T4973] syz.0.191 uses obsolete (PF_INET,SOCK_PACKET) [ 122.595307][ T4979] netlink: 4 bytes leftover after parsing attributes in process `syz.0.191'. [ 122.605832][ T4981] netlink: 12 bytes leftover after parsing attributes in process `syz.0.191'. [ 123.078526][ T27] audit: type=1804 audit(1755138849.099:59): pid=5009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.197" name="file0" dev="ramfs" ino=35403 res=1 errno=0 [ 123.179955][ T26] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 123.217547][ T5015] netlink: 196 bytes leftover after parsing attributes in process `syz.0.196'. [ 123.245289][ T5015] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 123.287105][ T5015] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.310342][ T7] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 123.334475][ T5015] device batadv_slave_0 entered promiscuous mode [ 123.369902][ T26] usb 4-1: Using ep0 maxpacket: 32 [ 123.377773][ T26] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 123.428340][ T26] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 123.463423][ T26] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 123.494418][ T5015] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 123.512042][ T7] usb 3-1: Using ep0 maxpacket: 32 [ 123.522240][ T7] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 123.523730][ T26] usb 4-1: Product: syz [ 123.551251][ T7] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 123.576401][ T7] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 123.588756][ T26] usb 4-1: Manufacturer: syz [ 123.597315][ T26] usb 4-1: SerialNumber: syz [ 123.609686][ T26] usb 4-1: config 0 descriptor?? [ 123.612481][ T5022] netlink: 'syz.0.196': attribute type 8 has an invalid length. [ 123.623334][ T7] usb 3-1: Product: syz [ 123.628081][ T4999] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 123.645029][ T7] usb 3-1: Manufacturer: syz [ 123.669477][ T7] usb 3-1: SerialNumber: syz [ 123.707789][ T7] usb 3-1: config 0 descriptor?? [ 123.732952][ T5011] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 123.749585][ T7] chaoskey 3-1:0.0: Unable to register with hwrng [ 123.941295][ T26] usb 4-1: USB disconnect, device number 3 [ 124.003045][ T7] usb 3-1: USB disconnect, device number 3 [ 124.902479][ T5031] loop2: detected capacity change from 0 to 512 [ 124.930660][ T5031] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 124.971548][ T5033] Driver unsupported XDP return value 0 on prog (id 105) dev N/A, expect packet loss! [ 124.987019][ T5031] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 125.015763][ T5031] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 125.078132][ T5031] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 125.092366][ T5031] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 125.161580][ T5031] EXT4-fs (loop2): orphan cleanup on readonly fs [ 125.185958][ T5031] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.201: bg 0: block 34: padding at end of block bitmap is not set [ 125.210635][ T5031] Quota error (device loop2): write_blk: dquota write failed [ 125.249308][ T5031] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 125.260593][ T5031] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.201: Failed to acquire dquot type 1 [ 125.335559][ T5031] EXT4-fs (loop2): 1 truncate cleaned up [ 125.391421][ T5031] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 125.443345][ T5045] device syzkaller0 entered promiscuous mode [ 125.830656][ T5048] netlink: 4 bytes leftover after parsing attributes in process `syz.3.205'. [ 125.844520][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 125.958099][ T5050] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 126.008218][ T5048] netlink: 12 bytes leftover after parsing attributes in process `syz.3.205'. [ 126.959853][ T952] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 127.012899][ T5068] netlink: 196 bytes leftover after parsing attributes in process `syz.1.210'. [ 127.038108][ T5068] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 127.169834][ T952] usb 5-1: Using ep0 maxpacket: 32 [ 127.177456][ T952] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 127.220919][ T952] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 127.248082][ T5068] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.276104][ T5068] device batadv_slave_0 entered promiscuous mode [ 127.320955][ T952] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 127.335698][ T5068] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 127.357278][ T5074] netlink: 'syz.1.210': attribute type 8 has an invalid length. [ 127.384112][ T952] usb 5-1: Product: syz [ 127.395962][ T952] usb 5-1: Manufacturer: syz [ 127.409388][ T952] usb 5-1: SerialNumber: syz [ 127.435551][ T952] usb 5-1: config 0 descriptor?? [ 127.460700][ T5063] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 127.675551][ T5079] netlink: 196 bytes leftover after parsing attributes in process `syz.0.214'. [ 127.756584][ T5079] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 127.768943][ T26] usb 5-1: USB disconnect, device number 2 [ 127.929836][ T5079] netlink: 32 bytes leftover after parsing attributes in process `syz.0.214'. [ 128.919948][ T4335] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 128.930989][ T5091] loop2: detected capacity change from 0 to 512 [ 129.068891][ T5091] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 129.112324][ T5091] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 129.159881][ T5091] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 129.159914][ T4335] usb 5-1: Using ep0 maxpacket: 8 [ 129.202640][ T5091] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 129.220303][ T5091] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 129.245374][ T5091] EXT4-fs (loop2): orphan cleanup on readonly fs [ 129.290761][ T4335] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 129.305251][ T5091] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.218: bg 0: block 34: padding at end of block bitmap is not set [ 129.418302][ T5091] Quota error (device loop2): write_blk: dquota write failed [ 129.430020][ T5091] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 129.480542][ T5091] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.218: Failed to acquire dquot type 1 [ 129.493559][ T4335] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 129.545861][ T5095] device syzkaller0 entered promiscuous mode [ 129.561759][ T5091] EXT4-fs (loop2): 1 truncate cleaned up [ 129.616732][ T4335] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 129.666341][ T4335] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 129.688734][ T4335] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 129.706851][ T4335] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.730337][ T5091] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 130.076414][ T4335] usb 5-1: GET_CAPABILITIES returned 0 [ 130.082242][ T4335] usbtmc 5-1:16.0: can't read capabilities [ 130.286231][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 130.529901][ T7] usb 5-1: USB disconnect, device number 3 [ 130.832810][ T5119] vivid-000: ================= START STATUS ================= [ 130.844799][ T5119] vivid-000: Test Pattern: 75% Colorbar [ 130.864392][ T5119] vivid-000: Fill Percentage of Frame: 100 [ 130.884183][ T5119] vivid-000: Horizontal Movement: No Movement [ 130.900022][ T952] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 130.908129][ T5119] vivid-000: Vertical Movement: No Movement [ 130.918367][ T5119] vivid-000: OSD Text Mode: All [ 131.044599][ T5119] vivid-000: Show Border: false [ 131.099899][ T5119] vivid-000: Show Square: false [ 131.141552][ T5119] vivid-000: Sensor Flipped Horizontally: false [ 131.142686][ T952] usb 2-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df [ 131.200871][ T952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.257506][ T952] usb 2-1: config 0 descriptor?? [ 131.285652][ T952] gspca_main: benq-2.14.0 probing 04a5:3035 [ 131.640015][ T5119] vivid-000: Sensor Flipped Vertically: false [ 131.666728][ T5119] vivid-000: Insert SAV Code in Image: false [ 131.684777][ T5119] vivid-000: Insert EAV Code in Image: false [ 131.704320][ T5119] vivid-000: Insert Video Guard Band: false [ 131.714505][ T5119] vivid-000: Reduced Framerate: false [ 131.724673][ T5119] vivid-000: Enable Capture Cropping: true [ 131.744016][ T5119] vivid-000: Enable Capture Composing: true [ 131.756203][ T5119] vivid-000: Enable Capture Scaler: true [ 131.775337][ T5119] vivid-000: Timestamp Source: End of Frame [ 131.788250][ T5119] vivid-000: Colorspace: sRGB [ 131.816412][ T5119] vivid-000: Transfer Function: Default [ 131.824727][ T5119] vivid-000: Y'CbCr Encoding: Default [ 131.831859][ T5119] vivid-000: HSV Encoding: Hue 0-179 [ 131.847055][ T5119] vivid-000: Quantization: Default [ 131.952666][ T5119] vivid-000: Apply Alpha To Red Only: false [ 132.049996][ T5119] vivid-000: Standard Aspect Ratio: 4x3 [ 132.237716][ T5119] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 132.284890][ T5119] vivid-000: DV Timings: 640x480p59 inactive [ 132.349221][ T5119] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 132.396946][ T5119] vivid-000: Maximum EDID Blocks: 2 [ 132.435301][ T5119] vivid-000: Limited RGB Range (16-235): false [ 132.536804][ T5119] vivid-000: Rx RGB Quantization Range: Automatic [ 132.572542][ T5119] vivid-000: Power Present: 0x00000001 [ 132.600004][ T5119] tpg source WxH: 640x360 (Y'CbCr) [ 132.620500][ T5119] tpg field: 1 [ 132.628905][ T5119] tpg crop: 640x360@0x0 [ 132.679889][ T5119] tpg compose: 640x360@0x0 [ 132.685079][ T5119] tpg colorspace: 8 [ 132.699300][ T5119] tpg transfer function: 0/0 [ 132.705490][ T5119] tpg Y'CbCr encoding: 0/0 [ 132.714186][ T5119] tpg quantization: 0/0 [ 132.723915][ T5119] tpg RGB range: 0/2 [ 132.765642][ T5119] vivid-000: ================== END STATUS ================== [ 133.019205][ T5130] netlink: 28 bytes leftover after parsing attributes in process `syz.4.228'. [ 133.074081][ T5130] netlink: 8 bytes leftover after parsing attributes in process `syz.4.228'. [ 133.085632][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.085703][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.139059][ T26] usb 2-1: USB disconnect, device number 2 [ 133.621426][ T5138] device syzkaller0 entered promiscuous mode [ 134.083204][ T5147] loop0: detected capacity change from 0 to 512 [ 134.149237][ T5147] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 134.172736][ T5147] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 134.196794][ T5147] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 134.213371][ T5147] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 134.228630][ T5147] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 134.249247][ T5147] EXT4-fs (loop0): orphan cleanup on readonly fs [ 134.258801][ T5147] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.233: bg 0: block 34: padding at end of block bitmap is not set [ 134.280616][ T5147] Quota error (device loop0): write_blk: dquota write failed [ 134.293869][ T5147] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 134.329891][ T5147] EXT4-fs error (device loop0): ext4_acquire_dquot:6814: comm syz.0.233: Failed to acquire dquot type 1 [ 134.380271][ T5147] EXT4-fs (loop0): 1 truncate cleaned up [ 134.422875][ T5147] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 134.642929][ T5155] netlink: 4 bytes leftover after parsing attributes in process `syz.4.235'. [ 134.747857][ T5155] netlink: 12 bytes leftover after parsing attributes in process `syz.4.235'. [ 134.937061][ T4266] EXT4-fs (loop0): unmounting filesystem. [ 135.001388][ T4400] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 135.189812][ T4400] usb 2-1: Using ep0 maxpacket: 32 [ 135.197243][ T4400] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 135.294430][ T4400] usb 2-1: config 0 has no interfaces? [ 135.322886][ T4400] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 135.390791][ T4400] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 135.390818][ T4400] usb 2-1: Product: syz [ 135.390831][ T4400] usb 2-1: Manufacturer: syz [ 135.390845][ T4400] usb 2-1: SerialNumber: syz [ 135.411326][ T4400] usb 2-1: config 0 descriptor?? [ 135.615033][ T4400] usb 2-1: USB disconnect, device number 3 [ 136.247587][ T5173] netlink: 4 bytes leftover after parsing attributes in process `syz.3.239'. [ 139.258354][ T27] audit: type=1804 audit(1755138862.409:60): pid=5177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.240" name="/newroot/63/bus/bus" dev="overlay" ino=367 res=1 errno=0 [ 139.767302][ T5193] device syzkaller0 entered promiscuous mode [ 140.209902][ T4400] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 140.434262][ T4400] usb 1-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df [ 140.484791][ T4400] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.552572][ T4400] usb 1-1: config 0 descriptor?? [ 140.595612][ T4400] gspca_main: benq-2.14.0 probing 04a5:3035 [ 141.116918][ T5216] vivid-000: ================= START STATUS ================= [ 141.152136][ T5216] vivid-000: Test Pattern: 75% Colorbar [ 141.158562][ T5216] vivid-000: Fill Percentage of Frame: 100 [ 141.176377][ T5216] vivid-000: Horizontal Movement: No Movement [ 141.185452][ T5216] vivid-000: Vertical Movement: No Movement [ 141.197030][ T5216] vivid-000: OSD Text Mode: All [ 141.204021][ T5216] vivid-000: Show Border: false [ 141.236154][ T5216] vivid-000: Show Square: false [ 141.265877][ T5216] vivid-000: Sensor Flipped Horizontally: false [ 141.275309][ T5216] vivid-000: Sensor Flipped Vertically: false [ 141.297215][ T5216] vivid-000: Insert SAV Code in Image: false [ 141.313921][ T5216] vivid-000: Insert EAV Code in Image: false [ 141.328391][ T5216] vivid-000: Insert Video Guard Band: false [ 141.354667][ T5216] vivid-000: Reduced Framerate: false [ 141.383972][ T5216] vivid-000: Enable Capture Cropping: true [ 141.569974][ T5216] vivid-000: Enable Capture Composing: true [ 141.589241][ T5216] vivid-000: Enable Capture Scaler: true [ 141.623695][ T5216] vivid-000: Timestamp Source: End of Frame [ 141.663110][ T5216] vivid-000: Colorspace: sRGB [ 141.686187][ T5216] vivid-000: Transfer Function: Default [ 141.693539][ T5216] vivid-000: Y'CbCr Encoding: Default [ 141.703611][ T5216] vivid-000: HSV Encoding: Hue 0-179 [ 141.862080][ T5216] vivid-000: Quantization: Default [ 141.904122][ T5216] vivid-000: Apply Alpha To Red Only: false [ 141.914316][ T5216] vivid-000: Standard Aspect Ratio: 4x3 [ 141.926730][ T5216] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 141.944263][ T5216] vivid-000: DV Timings: 640x480p59 inactive [ 141.968982][ T5216] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 141.999585][ T5216] vivid-000: Maximum EDID Blocks: 2 [ 142.006658][ T5216] vivid-000: Limited RGB Range (16-235): false [ 142.025281][ T5216] vivid-000: Rx RGB Quantization Range: Automatic [ 142.032996][ T5216] vivid-000: Power Present: 0x00000001 [ 142.039054][ T5216] tpg source WxH: 640x360 (Y'CbCr) [ 142.056666][ T5216] tpg field: 1 [ 142.060894][ T5216] tpg crop: 640x360@0x0 [ 142.066889][ T5216] tpg compose: 640x360@0x0 [ 142.076531][ T5216] tpg colorspace: 8 [ 142.081817][ T5216] tpg transfer function: 0/0 [ 142.086825][ T5216] tpg Y'CbCr encoding: 0/0 [ 142.092637][ T5216] tpg quantization: 0/0 [ 142.107640][ T5216] tpg RGB range: 0/2 [ 142.124107][ T5216] vivid-000: ================== END STATUS ================== [ 142.481732][ T4400] usb 1-1: USB disconnect, device number 2 [ 143.529987][ T4400] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 143.721492][ T4400] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 143.738565][ T4400] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 143.789870][ T4400] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 143.840151][ T4400] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 14129, setting to 64 [ 143.904919][ T4400] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 143.925879][ T27] audit: type=1804 audit(1755138869.949:61): pid=5254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.253" name="file0" dev="ramfs" ino=36155 res=1 errno=0 [ 143.981970][ T4400] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 144.023477][ T4400] usb 5-1: Product: syz [ 144.032985][ T4400] usb 5-1: Manufacturer: syz [ 144.064898][ T4400] cdc_wdm 5-1:1.0: skipping garbage [ 144.089962][ T4400] cdc_wdm 5-1:1.0: skipping garbage [ 144.100526][ T4400] cdc_wdm: probe of 5-1:1.0 failed with error -22 [ 144.273092][ T5265] netlink: 4 bytes leftover after parsing attributes in process `syz.2.254'. [ 144.347362][ T4400] usb 5-1: USB disconnect, device number 4 [ 145.068635][ T5278] loop3: detected capacity change from 0 to 256 [ 146.945578][ T5278] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x23633d53, utbl_chksum : 0xe619d30d) [ 147.872973][ T5284] netlink: 'syz.3.257': attribute type 6 has an invalid length. [ 147.921666][ T5284] netlink: 127868 bytes leftover after parsing attributes in process `syz.3.257'. [ 149.169915][ T4400] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 149.189871][ T26] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 149.372596][ T4400] usb 2-1: unable to get BOS descriptor or descriptor too short [ 149.396128][ T4400] usb 2-1: not running at top speed; connect to a high speed hub [ 149.409867][ T26] usb 4-1: Using ep0 maxpacket: 8 [ 149.425685][ T26] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 149.468174][ T4400] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 149.500251][ T26] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 149.532064][ T4400] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 149.551776][ T26] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 149.646242][ T4400] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 149.655438][ T5316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.264'. [ 149.683409][ T26] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 149.892982][ T4400] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 149.935905][ T26] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 149.982439][ T4400] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.015795][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.028890][ T4400] usb 2-1: Product: syz [ 150.061730][ T4400] usb 2-1: Manufacturer: syz [ 150.072915][ T5316] netlink: 12 bytes leftover after parsing attributes in process `syz.0.264'. [ 150.099403][ T4400] usb 2-1: SerialNumber: syz [ 150.347815][ T4400] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 150.361933][ T4400] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 150.379153][ T26] usb 4-1: GET_CAPABILITIES returned 0 [ 150.386477][ T26] usbtmc 4-1:16.0: can't read capabilities [ 150.437202][ T4400] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 150.553356][ T4400] usb 2-1: USB disconnect, device number 4 [ 150.733836][ T4335] usb 4-1: USB disconnect, device number 4 [ 151.374483][ T5345] ptrace attach of "./syz-executor exec"[4267] was attempted by "./syz-executor exec"[5345] [ 151.595133][ T5348] netlink: 'syz.1.265': attribute type 1 has an invalid length. [ 152.301949][ T5368] netlink: 196 bytes leftover after parsing attributes in process `syz.4.266'. [ 152.419186][ T5368] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 152.527772][ T5369] ptrace attach of "./syz-executor exec"[4268] was attempted by "./syz-executor exec"[5369] [ 152.581872][ T5367] netlink: 'syz.2.267': attribute type 1 has an invalid length. [ 152.598299][ T5368] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.704116][ T5368] device batadv_slave_0 entered promiscuous mode [ 152.836186][ T5368] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 152.904265][ T5371] netlink: 'syz.4.266': attribute type 8 has an invalid length. [ 155.737970][ T27] audit: type=1804 audit(1755138879.059:62): pid=5376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.268" name="/newroot/43/bus/bus" dev="overlay" ino=259 res=1 errno=0 [ 156.682001][ T4314] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 156.872965][ T4314] usb 1-1: unable to get BOS descriptor or descriptor too short [ 156.889468][ T4314] usb 1-1: not running at top speed; connect to a high speed hub [ 156.926637][ T4314] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 156.965920][ T4314] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 157.077495][ T4314] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 157.101639][ T27] audit: type=1804 audit(1755138883.129:63): pid=5401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.273" name="file0" dev="ramfs" ino=36889 res=1 errno=0 [ 157.145967][ T4314] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 157.156653][ T5400] netlink: 196 bytes leftover after parsing attributes in process `syz.1.283'. [ 157.166900][ T4314] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.176110][ T5400] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 157.205965][ T4314] usb 1-1: Product: syz [ 157.209626][ T5402] netlink: 'syz.1.283': attribute type 8 has an invalid length. [ 157.224083][ T4314] usb 1-1: Manufacturer: syz [ 157.229182][ T4314] usb 1-1: SerialNumber: syz [ 157.459803][ T4314] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 157.484013][ T4314] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 157.516768][ T4314] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 157.614256][ T4314] usb 1-1: USB disconnect, device number 3 [ 158.559503][ T5417] netlink: 196 bytes leftover after parsing attributes in process `syz.4.278'. [ 158.633574][ T5417] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 158.812109][ T5417] netlink: 'syz.4.278': attribute type 8 has an invalid length. [ 159.479815][ T7] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 159.670084][ T7] usb 4-1: Using ep0 maxpacket: 8 [ 159.675899][ T4400] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 159.696595][ T7] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 159.717529][ T7] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 159.789805][ T7] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 159.819948][ T7] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 159.866586][ T7] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 159.883852][ T4400] usb 2-1: unable to get BOS descriptor or descriptor too short [ 159.904516][ T4400] usb 2-1: not running at top speed; connect to a high speed hub [ 159.932881][ T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.934293][ T4400] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 159.984856][ T4400] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 160.019906][ T4400] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 160.081561][ T4400] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 160.109889][ T4400] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.149037][ T4400] usb 2-1: Product: syz [ 160.159238][ T4400] usb 2-1: Manufacturer: syz [ 160.174648][ T4400] usb 2-1: SerialNumber: syz [ 160.207044][ T7] usb 4-1: GET_CAPABILITIES returned 0 [ 160.213256][ T7] usbtmc 4-1:16.0: can't read capabilities [ 160.435858][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 160.446601][ T4400] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 160.470289][ T4400] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 160.499303][ C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 160.503051][ T7] usb 4-1: USB disconnect, device number 5 [ 160.508475][ C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 160.523706][ C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 160.535366][ T5440] Â: renamed from pim6reg1 [ 160.583536][ T4400] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 160.684817][ T4400] usb 2-1: USB disconnect, device number 5 [ 161.451119][ T5454] loop2: detected capacity change from 0 to 512 [ 161.493293][ T5454] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 161.555641][ T5454] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 161.602738][ T5460] netlink: 4 bytes leftover after parsing attributes in process `syz.3.287'. [ 161.644722][ T5454] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 161.700847][ T5454] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 161.727281][ T5454] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 161.736199][ T5454] EXT4-fs (loop2): orphan cleanup on readonly fs [ 161.754589][ T5454] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.288: bg 0: block 34: padding at end of block bitmap is not set [ 161.777349][ T5454] Quota error (device loop2): write_blk: dquota write failed [ 161.790010][ T5454] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 161.810799][ T5454] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.288: Failed to acquire dquot type 1 [ 161.848404][ T5454] EXT4-fs (loop2): 1 truncate cleaned up [ 161.873333][ T5454] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 162.155855][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 162.616792][ T5471] netlink: 196 bytes leftover after parsing attributes in process `syz.2.291'. [ 162.646953][ T5471] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 162.749861][ T5473] netlink: 'syz.3.292': attribute type 6 has an invalid length. [ 162.839960][ T5473] netlink: 127868 bytes leftover after parsing attributes in process `syz.3.292'. [ 162.955830][ T5471] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.024278][ T5471] device batadv_slave_0 entered promiscuous mode [ 163.094071][ T5471] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 163.191009][ T5476] netlink: 'syz.2.291': attribute type 8 has an invalid length. [ 163.269814][ T4400] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 163.469819][ T4400] usb 5-1: Using ep0 maxpacket: 8 [ 163.478902][ T4400] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 163.492491][ T4400] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 163.513451][ T4400] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 163.539234][ T4400] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 163.559925][ T7] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 163.582575][ T4400] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 163.605793][ T4400] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.819857][ T7] usb 4-1: Using ep0 maxpacket: 8 [ 163.841159][ T7] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 163.844562][ T4400] usb 5-1: GET_CAPABILITIES returned 0 [ 163.861918][ T4400] usbtmc 5-1:16.0: can't read capabilities [ 163.875782][ T7] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 163.903704][ T7] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 163.931890][ T7] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 163.976689][ T7] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 164.004120][ T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.095989][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.105301][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.114512][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.123738][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.133032][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.142146][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.151256][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.160644][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.208241][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.208525][ T4314] usb 5-1: USB disconnect, device number 5 [ 164.217499][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.217539][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.217571][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.217604][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 164.503955][ T7] usb 4-1: GET_CAPABILITIES returned 0 [ 164.509566][ T7] usbtmc 4-1:16.0: can't read capabilities [ 164.691039][ T4400] usb 4-1: USB disconnect, device number 6 [ 165.259827][ T4400] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 165.449972][ T4400] usb 3-1: Using ep0 maxpacket: 8 [ 165.463067][ T4400] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 165.497700][ T4400] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 165.535256][ T4400] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 165.565646][ T4400] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 165.617747][ T4400] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 165.658585][ T4400] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.769934][ T4314] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 165.904162][ T4400] usb 3-1: GET_CAPABILITIES returned 0 [ 165.909691][ T4400] usbtmc 3-1:16.0: can't read capabilities [ 165.966188][ T4314] usb 5-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df [ 165.989209][ T4314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.027170][ T4314] usb 5-1: config 0 descriptor?? [ 166.069199][ T4314] gspca_main: benq-2.14.0 probing 04a5:3035 [ 166.200028][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.209777][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.220386][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.229523][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.238741][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.247971][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.257275][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.266650][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.275774][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.285043][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.456170][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.458715][ T4349] usb 3-1: USB disconnect, device number 4 [ 166.465386][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.480743][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.489863][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.499056][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.508121][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 166.700736][ T5512] loop0: detected capacity change from 0 to 512 [ 166.742406][ T5512] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 166.782755][ T5512] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 166.815471][ T5512] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 166.847312][ T5512] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 166.974945][ T5512] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 166.988371][ T5512] EXT4-fs (loop0): orphan cleanup on readonly fs [ 167.006480][ T5512] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.301: bg 0: block 34: padding at end of block bitmap is not set [ 167.029513][ T5512] Quota error (device loop0): write_blk: dquota write failed [ 167.063743][ T5512] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 167.078958][ T5512] EXT4-fs error (device loop0): ext4_acquire_dquot:6814: comm syz.0.301: Failed to acquire dquot type 1 [ 167.095400][ T5512] EXT4-fs (loop0): 1 truncate cleaned up [ 167.108802][ T5512] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 167.327497][ T4266] EXT4-fs (loop0): unmounting filesystem. [ 167.499336][ T5522] netlink: 60 bytes leftover after parsing attributes in process `syz.0.304'. [ 167.691879][ T5526] netlink: 'syz.0.306': attribute type 6 has an invalid length. [ 167.750372][ T5526] netlink: 127868 bytes leftover after parsing attributes in process `syz.0.306'. [ 168.217990][ T4349] usb 5-1: USB disconnect, device number 6 [ 169.036998][ T5544] loop4: detected capacity change from 0 to 256 [ 170.159176][ T5544] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x23633d53, utbl_chksum : 0xe619d30d) [ 171.131173][ T5544] 9pnet_fd: Insufficient options for proto=fd [ 172.235092][ T5557] loop3: detected capacity change from 0 to 512 [ 172.293503][ T5557] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 172.390100][ T5557] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 172.439973][ T5557] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 172.492968][ T5557] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 172.530070][ T5557] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 172.545385][ T5562] netlink: 4 bytes leftover after parsing attributes in process `syz.1.313'. [ 172.560936][ T5557] EXT4-fs (loop3): orphan cleanup on readonly fs [ 172.605521][ T5557] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.314: bg 0: block 34: padding at end of block bitmap is not set [ 172.679894][ T5557] Quota error (device loop3): write_blk: dquota write failed [ 172.713991][ T5557] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 172.755794][ T5557] EXT4-fs error (device loop3): ext4_acquire_dquot:6814: comm syz.3.314: Failed to acquire dquot type 1 [ 172.800247][ T5557] EXT4-fs (loop3): 1 truncate cleaned up [ 172.860441][ T5557] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 173.220617][ T4282] EXT4-fs (loop3): unmounting filesystem. [ 173.446038][ T5571] device syzkaller0 entered promiscuous mode [ 173.974424][ T5584] netlink: 'syz.3.319': attribute type 6 has an invalid length. [ 174.047365][ T5584] netlink: 127868 bytes leftover after parsing attributes in process `syz.3.319'. [ 174.363448][ T5587] netlink: 60 bytes leftover after parsing attributes in process `syz.3.321'. [ 174.780363][ T7] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 174.920093][ T4400] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 174.929864][ T26] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 174.982838][ T7] usb 1-1: Using ep0 maxpacket: 8 [ 175.006577][ T7] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 175.026969][ T7] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 175.059112][ T7] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 175.079517][ T7] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 175.103174][ T7] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 175.115878][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.145119][ T5602] netlink: 4 bytes leftover after parsing attributes in process `syz.4.324'. [ 175.156197][ T4400] usb 2-1: Using ep0 maxpacket: 8 [ 175.163238][ T26] usb 4-1: unable to get BOS descriptor or descriptor too short [ 175.188690][ T4400] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 175.200877][ T26] usb 4-1: not running at top speed; connect to a high speed hub [ 175.219620][ T4400] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 175.237754][ T26] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 175.274204][ T4400] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 175.288885][ T26] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 175.304958][ T5602] netlink: 12 bytes leftover after parsing attributes in process `syz.4.324'. [ 175.322294][ T4400] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 175.346229][ T26] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 175.366814][ T7] usb 1-1: GET_CAPABILITIES returned 0 [ 175.375299][ T7] usbtmc 1-1:16.0: can't read capabilities [ 175.381318][ T4400] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 175.392662][ T26] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 175.439118][ T4400] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.447302][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.476858][ T26] usb 4-1: Product: syz [ 175.502863][ T26] usb 4-1: Manufacturer: syz [ 175.519650][ T26] usb 4-1: SerialNumber: syz [ 175.661428][ T4349] usb 1-1: USB disconnect, device number 4 [ 175.694859][ T4400] usb 2-1: GET_CAPABILITIES returned 0 [ 175.701219][ T4400] usbtmc 2-1:16.0: can't read capabilities [ 175.761800][ T26] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 175.776738][ T26] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 175.805971][ T26] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 175.876604][ T26] usb 4-1: USB disconnect, device number 7 [ 175.955853][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 175.965156][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 175.974275][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 175.983563][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 175.992829][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.001897][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.011087][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.020211][ C1] vkms_vblank_simulate: vblank timer overrun [ 176.033571][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.042809][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.052147][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.061990][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.071606][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.083181][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.092949][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.102059][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.111469][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 176.146087][ T4349] usb 2-1: USB disconnect, device number 6 [ 177.221960][ T5618] loop1: detected capacity change from 0 to 512 [ 177.347132][ T5618] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 177.371817][ T5618] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 177.397878][ T5618] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 177.516909][ T5618] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 177.534721][ T5618] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 177.548544][ T5618] EXT4-fs (loop1): orphan cleanup on readonly fs [ 177.585798][ T5618] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.327: bg 0: block 34: padding at end of block bitmap is not set [ 177.602107][ T5618] Quota error (device loop1): write_blk: dquota write failed [ 177.609650][ T5618] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 177.622507][ T5618] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.327: Failed to acquire dquot type 1 [ 177.635413][ T5618] EXT4-fs (loop1): 1 truncate cleaned up [ 177.648050][ T5618] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 177.816401][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 177.951744][ T5631] device syzkaller0 entered promiscuous mode [ 177.966112][ T5622] netdevsim netdevsim3: Direct firmware load for . [ 177.966112][ T5622] failed with error -2 [ 178.034746][ T5622] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 178.034746][ T5622] [ 179.640001][ T5657] netlink: 4 bytes leftover after parsing attributes in process `syz.1.338'. [ 179.956854][ T5657] netlink: 12 bytes leftover after parsing attributes in process `syz.1.338'. [ 180.115204][ T5665] Zero length message leads to an empty skb [ 180.207324][ T4400] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 180.409851][ T4400] usb 3-1: Using ep0 maxpacket: 8 [ 180.418651][ T4400] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 180.452614][ T4400] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 180.494742][ T4400] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 180.535673][ T4400] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 180.578910][ T4400] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 180.608511][ T4400] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.844215][ T4400] usb 3-1: GET_CAPABILITIES returned 0 [ 180.850104][ T4400] usbtmc 3-1:16.0: can't read capabilities [ 181.069844][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.078976][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.088093][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.097317][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.106433][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.187193][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.196515][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.205648][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.214768][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.223962][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.233068][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.282434][ T5637] syz.4.333 (5637): drop_caches: 3 [ 181.320289][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.329430][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.338547][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.347920][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.357044][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 181.366200][ C0] vkms_vblank_simulate: vblank timer overrun [ 181.440909][ T26] usb 3-1: USB disconnect, device number 5 [ 181.752614][ T5673] loop3: detected capacity change from 0 to 512 [ 181.796690][ T5673] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 181.865915][ T5673] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 181.919436][ T5673] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 182.007475][ T5673] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 182.024785][ T5673] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 182.039549][ T5673] EXT4-fs (loop3): orphan cleanup on readonly fs [ 182.063074][ T5673] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.342: bg 0: block 34: padding at end of block bitmap is not set [ 182.087805][ T5673] Quota error (device loop3): write_blk: dquota write failed [ 182.134142][ T5673] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 182.151906][ T5673] EXT4-fs error (device loop3): ext4_acquire_dquot:6814: comm syz.3.342: Failed to acquire dquot type 1 [ 182.188133][ T5673] EXT4-fs (loop3): 1 truncate cleaned up [ 182.201754][ T5673] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 182.391098][ T4282] EXT4-fs (loop3): unmounting filesystem. [ 182.834129][ T5699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.346'. [ 182.852959][ T5698] netlink: 196 bytes leftover after parsing attributes in process `syz.2.348'. [ 182.906856][ T5698] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 182.979550][ T5698] netlink: 'syz.2.348': attribute type 8 has an invalid length. [ 185.392933][ T5722] netlink: 196 bytes leftover after parsing attributes in process `syz.3.353'. [ 185.413344][ T5722] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 185.736890][ T5722] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 185.778219][ T5722] device batadv_slave_0 entered promiscuous mode [ 185.792756][ T7] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 185.849313][ T5722] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 185.879156][ T5725] netlink: 'syz.3.353': attribute type 8 has an invalid length. [ 185.979888][ T7] usb 2-1: Using ep0 maxpacket: 32 [ 185.988019][ T7] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 186.027777][ T7] usb 2-1: config 0 has no interfaces? [ 186.052682][ T7] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 186.070926][ T7] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 186.136945][ T7] usb 2-1: Product: syz [ 186.155142][ T7] usb 2-1: Manufacturer: syz [ 186.174741][ T7] usb 2-1: SerialNumber: syz [ 186.198518][ T7] usb 2-1: config 0 descriptor?? [ 186.352233][ T5716] syz.2.352 (5716): drop_caches: 3 [ 186.471685][ T7] usb 2-1: USB disconnect, device number 7 [ 186.633366][ T5729] loop2: detected capacity change from 0 to 512 [ 186.733994][ T5729] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 186.763404][ T5729] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 186.791605][ T5727] syz.4.355 (5727): drop_caches: 3 [ 186.814118][ T5729] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 186.872769][ T5729] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 186.888202][ T5729] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 186.904414][ T5729] EXT4-fs (loop2): orphan cleanup on readonly fs [ 186.983190][ T5729] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.356: bg 0: block 34: padding at end of block bitmap is not set [ 187.083212][ T5729] Quota error (device loop2): write_blk: dquota write failed [ 187.109951][ T5729] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 187.140358][ T5729] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.356: Failed to acquire dquot type 1 [ 187.201944][ T5729] EXT4-fs (loop2): 1 truncate cleaned up [ 187.265452][ T5729] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 187.501011][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 187.635129][ T5742] vivid-000: ================= START STATUS ================= [ 187.645081][ T5742] vivid-000: Test Pattern: 75% Colorbar [ 187.654587][ T5742] vivid-000: Fill Percentage of Frame: 100 [ 187.666618][ T5742] vivid-000: Horizontal Movement: No Movement [ 187.683356][ T5742] vivid-000: Vertical Movement: No Movement [ 187.699881][ T5742] vivid-000: OSD Text Mode: All [ 187.709389][ T5742] vivid-000: Show Border: false [ 187.907301][ T5742] vivid-000: Show Square: false [ 187.919544][ T5742] vivid-000: Sensor Flipped Horizontally: false [ 187.966191][ T5742] vivid-000: Sensor Flipped Vertically: false [ 187.975645][ T5742] vivid-000: Insert SAV Code in Image: false [ 187.985031][ T5742] vivid-000: Insert EAV Code in Image: false [ 187.992339][ T5742] vivid-000: Insert Video Guard Band: false [ 187.999646][ T5742] vivid-000: Reduced Framerate: false [ 188.005896][ T5742] vivid-000: Enable Capture Cropping: true [ 188.012609][ T5742] vivid-000: Enable Capture Composing: true [ 188.020239][ T5742] vivid-000: Enable Capture Scaler: true [ 188.036161][ T5742] vivid-000: Timestamp Source: End of Frame [ 188.044695][ T5742] vivid-000: Colorspace: sRGB [ 188.050213][ T5742] vivid-000: Transfer Function: Default [ 188.057053][ T5742] vivid-000: Y'CbCr Encoding: Default [ 188.063154][ T5742] vivid-000: HSV Encoding: Hue 0-179 [ 188.068754][ T5742] vivid-000: Quantization: Default [ 188.081105][ T5742] vivid-000: Apply Alpha To Red Only: false [ 188.139583][ T5742] vivid-000: Standard Aspect Ratio: 4x3 [ 188.173004][ T5742] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 188.190479][ T5742] vivid-000: DV Timings: 640x480p59 inactive [ 188.198890][ T5742] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 188.236658][ T5742] vivid-000: Maximum EDID Blocks: 2 [ 188.287852][ T5742] vivid-000: Limited RGB Range (16-235): false [ 188.324204][ T5742] vivid-000: Rx RGB Quantization Range: Automatic [ 188.379825][ T4349] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 188.402075][ T5742] vivid-000: Power Present: 0x00000001 [ 188.408375][ T5742] tpg source WxH: 640x360 (Y'CbCr) [ 188.436083][ T5742] tpg field: 1 [ 188.442784][ T5742] tpg crop: 640x360@0x0 [ 188.457073][ T5742] tpg compose: 640x360@0x0 [ 188.464909][ T5742] tpg colorspace: 8 [ 188.472683][ T5742] tpg transfer function: 0/0 [ 188.478118][ T5742] tpg Y'CbCr encoding: 0/0 [ 188.486030][ T5742] tpg quantization: 0/0 [ 188.492978][ T5742] tpg RGB range: 0/2 [ 188.499054][ T5742] vivid-000: ================== END STATUS ================== [ 188.601749][ T4349] usb 4-1: unable to get BOS descriptor or descriptor too short [ 188.615218][ T4349] usb 4-1: not running at top speed; connect to a high speed hub [ 188.647545][ T4349] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 188.685479][ T4349] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 188.710975][ T7] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 188.743151][ T4349] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 188.786771][ T4349] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 188.815776][ T4349] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.844371][ T4349] usb 4-1: Product: syz [ 188.856629][ T4349] usb 4-1: Manufacturer: syz [ 188.874596][ T4349] usb 4-1: SerialNumber: syz [ 188.911616][ T7] usb 5-1: Using ep0 maxpacket: 32 [ 188.923912][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 188.953961][ T7] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 188.995631][ T7] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 189.018721][ T7] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 189.041305][ T7] usb 5-1: Product: syz [ 189.053160][ T7] usb 5-1: Manufacturer: syz [ 189.062152][ T7] usb 5-1: SerialNumber: syz [ 189.094128][ T7] usb 5-1: config 0 descriptor?? [ 189.107225][ T4349] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 189.129247][ T4349] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 189.177862][ T4349] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 189.268824][ T4349] usb 4-1: USB disconnect, device number 8 [ 189.329317][ T26] usb 5-1: USB disconnect, device number 7 [ 191.479873][ T4276] Bluetooth: hci4: command 0x0406 tx timeout [ 191.480000][ T4278] Bluetooth: hci2: command 0x0406 tx timeout [ 191.489566][ T4276] Bluetooth: hci0: command 0x0406 tx timeout [ 191.489604][ T4276] Bluetooth: hci3: command 0x0406 tx timeout [ 191.489630][ T4276] Bluetooth: hci1: command 0x0406 tx timeout [ 191.643168][ T5770] syz.3.366 (5770): drop_caches: 3 [ 192.014029][ T5788] loop4: detected capacity change from 0 to 512 [ 192.183428][ T5788] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 192.199961][ T26] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 192.275681][ T5788] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 192.301989][ T5788] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 192.350739][ T5788] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 192.389862][ T26] usb 1-1: Using ep0 maxpacket: 8 [ 192.407558][ T26] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 192.419901][ T5788] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 192.447971][ T5788] EXT4-fs (loop4): orphan cleanup on readonly fs [ 192.477939][ T26] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 192.521084][ T5788] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.370: bg 0: block 34: padding at end of block bitmap is not set [ 192.552839][ T26] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 192.592503][ T26] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 192.628988][ T26] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 192.655620][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.811649][ T5788] Quota error (device loop4): write_blk: dquota write failed [ 192.847699][ T5788] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 192.902964][ T5788] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.370: Failed to acquire dquot type 1 [ 192.956851][ T5788] EXT4-fs (loop4): 1 truncate cleaned up [ 193.007742][ T5788] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 193.028009][ T26] usb 1-1: GET_CAPABILITIES returned 0 [ 193.054527][ T26] usbtmc 1-1:16.0: can't read capabilities [ 193.331517][ T14] usb 1-1: USB disconnect, device number 5 [ 194.534656][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.541488][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.797941][ T4275] EXT4-fs (loop4): unmounting filesystem. [ 195.548610][ T5816] syz.4.376 (5816): drop_caches: 3 [ 196.062860][ T4400] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 196.270788][ T4400] usb 5-1: Using ep0 maxpacket: 32 [ 196.285046][ T4400] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 196.311483][ T4400] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 196.355820][ T4400] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 196.365855][ T4400] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 196.375620][ T4400] usb 5-1: Product: syz [ 196.381603][ T4400] usb 5-1: Manufacturer: syz [ 196.386488][ T4400] usb 5-1: SerialNumber: syz [ 196.393591][ T4400] usb 5-1: config 0 descriptor?? [ 196.612215][ T4400] usb 5-1: USB disconnect, device number 8 [ 197.142916][ T5825] loop3: detected capacity change from 0 to 256 [ 199.004656][ T5825] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x23633d53, utbl_chksum : 0xe619d30d) [ 199.022369][ T5825] 9pnet_fd: Insufficient options for proto=fd [ 199.820658][ T5830] netlink: 28 bytes leftover after parsing attributes in process `syz.3.381'. [ 199.850101][ T5830] netlink: 8 bytes leftover after parsing attributes in process `syz.3.381'. [ 200.030059][ T4349] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 200.146075][ T5836] netlink: 196 bytes leftover after parsing attributes in process `syz.4.382'. [ 200.190020][ T5836] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 200.273258][ T4349] usb 2-1: config 0 has an invalid interface number: 68 but max is 0 [ 203.069701][ T27] audit: type=1804 audit(1755138926.359:64): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.383" name="/newroot/80/bus/bus" dev="overlay" ino=440 res=1 errno=0 [ 203.189824][ T4349] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 203.240173][ T4349] usb 2-1: config 0 has no interface number 0 [ 203.345289][ T4349] usb 2-1: config 0 interface 68 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 203.457546][ T4349] usb 2-1: string descriptor 0 read error: -71 [ 203.513244][ T5852] loop4: detected capacity change from 0 to 512 [ 203.519987][ T4349] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 203.529256][ T4349] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.607023][ T4349] usb 2-1: config 0 descriptor?? [ 203.629561][ T4349] usb 2-1: can't set config #0, error -71 [ 203.686426][ T4349] usb 2-1: USB disconnect, device number 8 [ 203.710815][ T5852] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 203.789658][ T5852] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 203.837808][ T5852] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 203.874306][ T5852] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 203.889937][ T5852] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 203.899078][ T5852] EXT4-fs (loop4): orphan cleanup on readonly fs [ 203.956297][ T5852] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.386: bg 0: block 34: padding at end of block bitmap is not set [ 203.971443][ T952] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 204.062052][ T5852] Quota error (device loop4): write_blk: dquota write failed [ 204.117332][ T5852] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 204.192851][ T5852] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.386: Failed to acquire dquot type 1 [ 204.245997][ T5852] EXT4-fs (loop4): 1 truncate cleaned up [ 204.249889][ T952] usb 4-1: Using ep0 maxpacket: 8 [ 204.297441][ T5852] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 204.610527][ T952] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 204.642483][ T952] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 204.667404][ T5862] netdevsim netdevsim0: Direct firmware load for . [ 204.667404][ T5862] failed with error -2 [ 204.678867][ T952] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 204.678900][ T952] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.678938][ T952] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 204.916125][ T952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.270002][ T952] usb 4-1: GET_CAPABILITIES returned 0 [ 205.275540][ T952] usbtmc 4-1:16.0: can't read capabilities [ 205.660691][ T952] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 205.863660][ T952] usb 3-1: Using ep0 maxpacket: 32 [ 205.872113][ T952] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 205.907184][ T952] usb 3-1: config 0 has no interfaces? [ 205.925353][ T5877] syz.1.391 (5877): drop_caches: 3 [ 205.936642][ T952] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 205.969718][ T952] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 205.990442][ T952] usb 3-1: Product: syz [ 205.994856][ T952] usb 3-1: Manufacturer: syz [ 206.023040][ T952] usb 3-1: SerialNumber: syz [ 206.045872][ T952] usb 3-1: config 0 descriptor?? [ 206.088279][ T952] usb 4-1: USB disconnect, device number 9 [ 206.190657][ T4275] EXT4-fs (loop4): unmounting filesystem. [ 207.699056][ T5862] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 207.699056][ T5862] [ 207.748856][ T4400] usb 3-1: USB disconnect, device number 6 [ 210.681174][ T27] audit: type=1804 audit(1755138934.019:65): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.395" name="/newroot/82/bus/bus" dev="overlay" ino=459 res=1 errno=0 [ 210.730107][ T26] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 211.599415][ T5909] netlink: 'syz.0.403': attribute type 6 has an invalid length. [ 211.639915][ T5909] netlink: 127868 bytes leftover after parsing attributes in process `syz.0.403'. [ 211.898908][ T5916] loop0: detected capacity change from 0 to 512 [ 211.940196][ T5916] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 211.980483][ T5916] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 212.055499][ T5916] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 212.125609][ T5916] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 212.163228][ T5916] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 212.172708][ T5916] EXT4-fs (loop0): orphan cleanup on readonly fs [ 212.186180][ T5916] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.404: bg 0: block 34: padding at end of block bitmap is not set [ 212.210199][ T5916] Quota error (device loop0): write_blk: dquota write failed [ 212.220123][ T5916] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 212.250181][ T5916] EXT4-fs error (device loop0): ext4_acquire_dquot:6814: comm syz.0.404: Failed to acquire dquot type 1 [ 212.275846][ T5916] EXT4-fs (loop0): 1 truncate cleaned up [ 212.298524][ T5916] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 212.557297][ T5926] tipc: Started in network mode [ 212.565302][ T5926] tipc: Node identity 3e1c48f15f2a, cluster identity 4711 [ 212.573801][ T5926] tipc: Enabled bearer , priority 0 [ 212.584581][ T5926] device syzkaller0 entered promiscuous mode [ 212.640274][ T5926] tipc: Resetting bearer [ 212.696034][ T5924] tipc: Resetting bearer [ 213.507299][ T5924] tipc: Disabling bearer [ 213.681079][ T4314] tipc: Node number set to 1630947569 [ 216.669879][ T4335] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 217.740887][ T4266] EXT4-fs (loop0): unmounting filesystem. [ 217.771471][ T5946] netlink: 4 bytes leftover after parsing attributes in process `syz.1.408'. [ 217.906410][ T4335] usb 3-1: config 0 has an invalid interface number: 68 but max is 0 [ 217.919513][ T4335] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 217.939870][ T4335] usb 3-1: config 0 has no interface number 0 [ 217.960307][ T4335] usb 3-1: config 0 interface 68 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 217.992227][ T4335] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 218.080935][ T4335] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.090136][ T4335] usb 3-1: Product: syz [ 220.787358][ T27] audit: type=1804 audit(1755138944.119:66): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.412" name="/newroot/71/bus/bus" dev="overlay" ino=412 res=1 errno=0 [ 220.993860][ T4335] usb 3-1: Manufacturer: syz [ 221.063011][ T27] audit: type=1326 audit(1755138946.949:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5932 comm="syz.1.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbf138ebe9 code=0x7fc00000 [ 221.104134][ T4335] usb 3-1: SerialNumber: syz [ 221.181763][ T4335] usb 3-1: config 0 descriptor?? [ 221.219605][ T4335] usb 3-1: can't set config #0, error -71 [ 221.240945][ T4335] usb 3-1: USB disconnect, device number 7 [ 221.346410][ T5962] netlink: 'syz.0.414': attribute type 6 has an invalid length. [ 221.380126][ T5962] netlink: 127868 bytes leftover after parsing attributes in process `syz.0.414'. [ 221.772523][ T5978] netlink: 196 bytes leftover after parsing attributes in process `syz.1.417'. [ 221.784832][ T5978] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 222.829270][ T5978] netlink: 'syz.1.417': attribute type 8 has an invalid length. [ 223.072791][ T5993] vivid-000: ================= START STATUS ================= [ 223.085091][ T5993] vivid-000: Test Pattern: 75% Colorbar [ 223.110240][ T5993] vivid-000: Fill Percentage of Frame: 100 [ 223.119362][ T5993] vivid-000: Horizontal Movement: No Movement [ 223.153111][ T5993] vivid-000: Vertical Movement: No Movement [ 223.166538][ T5993] vivid-000: OSD Text Mode: All [ 223.205395][ T5993] vivid-000: Show Border: false [ 223.225253][ T5993] vivid-000: Show Square: false [ 223.231279][ T5993] vivid-000: Sensor Flipped Horizontally: false [ 223.376890][ T5993] vivid-000: Sensor Flipped Vertically: false [ 223.492849][ T5993] vivid-000: Insert SAV Code in Image: false [ 223.513318][ T5993] vivid-000: Insert EAV Code in Image: false [ 223.672884][ T5993] vivid-000: Insert Video Guard Band: false [ 223.710187][ T5993] vivid-000: Reduced Framerate: false [ 223.727637][ T5993] vivid-000: Enable Capture Cropping: true [ 223.926677][ T5998] loop0: detected capacity change from 0 to 512 [ 224.013795][ T5998] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 224.101520][ T5998] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 224.165818][ T5998] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 224.242203][ T5998] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 224.251734][ T5993] vivid-000: Enable Capture Composing: true [ 224.360465][ T5993] vivid-000: Enable Capture Scaler: true [ 224.370008][ T5998] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 224.439982][ T5993] vivid-000: Timestamp Source: End of Frame [ 224.456276][ T5993] vivid-000: Colorspace: sRGB [ 224.461336][ T5993] vivid-000: Transfer Function: Default [ 224.468253][ T5993] vivid-000: Y'CbCr Encoding: Default [ 224.474124][ T5993] vivid-000: HSV Encoding: Hue 0-179 [ 224.479539][ T5993] vivid-000: Quantization: Default [ 224.485029][ T5993] vivid-000: Apply Alpha To Red Only: false [ 224.491311][ T5993] vivid-000: Standard Aspect Ratio: 4x3 [ 224.498642][ T5998] EXT4-fs (loop0): orphan cleanup on readonly fs [ 224.506464][ T5993] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 224.514558][ T5993] vivid-000: DV Timings: 640x480p59 inactive [ 224.521161][ T5993] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 224.528550][ T5993] vivid-000: Maximum EDID Blocks: 2 [ 224.540195][ T5993] vivid-000: Limited RGB Range (16-235): false [ 224.555443][ T5998] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.423: bg 0: block 34: padding at end of block bitmap is not set [ 224.577014][ T5993] vivid-000: Rx RGB Quantization Range: Automatic [ 224.587166][ T5993] vivid-000: Power Present: 0x00000001 [ 224.598258][ T5993] tpg source WxH: 640x360 (Y'CbCr) [ 224.608429][ T5998] Quota error (device loop0): write_blk: dquota write failed [ 224.621817][ T5993] tpg field: 1 [ 224.625499][ T5993] tpg crop: 640x360@0x0 [ 224.634162][ T5993] tpg compose: 640x360@0x0 [ 224.642917][ T5993] tpg colorspace: 8 [ 224.647980][ T5993] tpg transfer function: 0/0 [ 224.656932][ T5993] tpg Y'CbCr encoding: 0/0 [ 224.657037][ T5998] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 224.677757][ T5993] tpg quantization: 0/0 [ 224.684003][ T5993] tpg RGB range: 0/2 [ 224.689486][ T5993] vivid-000: ================== END STATUS ================== [ 224.722562][ T5998] EXT4-fs error (device loop0): ext4_acquire_dquot:6814: comm syz.0.423: Failed to acquire dquot type 1 [ 224.766415][ T5998] EXT4-fs (loop0): 1 truncate cleaned up [ 224.806524][ T5998] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 225.477956][ T4266] EXT4-fs (loop0): unmounting filesystem. [ 232.354480][ T6044] netdevsim netdevsim1: Direct firmware load for . [ 232.354480][ T6044] failed with error -2 [ 232.365581][ T6044] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 232.365581][ T6044] [ 232.736469][ T4335] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 233.656390][ T6050] loop2: detected capacity change from 0 to 512 [ 233.665200][ T6047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.429'. [ 233.751699][ T6050] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 233.852823][ T6050] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 233.876523][ T6050] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 233.889493][ T4335] usb 5-1: Using ep0 maxpacket: 8 [ 233.902730][ T4335] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 233.916336][ T4335] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 233.927237][ T6050] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 233.955074][ T6050] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 233.976705][ T4335] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 233.997244][ T6050] EXT4-fs (loop2): orphan cleanup on readonly fs [ 234.022428][ T4335] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 234.053042][ T6050] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.436: bg 0: block 34: padding at end of block bitmap is not set [ 234.077920][ T27] audit: type=1326 audit(1755138960.099:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.0.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e2858ebe9 code=0x7fc00000 [ 234.100467][ C0] vkms_vblank_simulate: vblank timer overrun [ 234.142351][ T4335] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 234.186115][ T6050] Quota error (device loop2): write_blk: dquota write failed [ 234.194040][ T27] audit: type=1326 audit(1755138960.139:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.0.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5e2858ebe9 code=0x7fc00000 [ 234.216938][ C0] vkms_vblank_simulate: vblank timer overrun [ 234.268553][ T4335] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.312884][ T6050] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 234.319998][ T27] audit: type=1326 audit(1755138960.139:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.0.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e2858ebe9 code=0x7fc00000 [ 234.379415][ T6050] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.436: Failed to acquire dquot type 1 [ 234.411988][ T6050] EXT4-fs (loop2): 1 truncate cleaned up [ 234.419699][ T27] audit: type=1326 audit(1755138960.139:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.0.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e2858ebe9 code=0x7fc00000 [ 234.450034][ T27] audit: type=1326 audit(1755138960.149:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.0.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e2858ebe9 code=0x7fc00000 [ 234.477675][ T6050] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 234.551583][ T27] audit: type=1326 audit(1755138960.149:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.0.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e2858ebe9 code=0x7fc00000 [ 234.700770][ T27] audit: type=1326 audit(1755138960.149:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.0.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e2858ebe9 code=0x7fc00000 [ 234.725356][ T27] audit: type=1326 audit(1755138960.149:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.0.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e2858ebe9 code=0x7fc00000 [ 235.243657][ T4268] EXT4-fs (loop2): unmounting filesystem. [ 235.509835][ T4335] usb 5-1: usb_control_msg returned -71 [ 235.515625][ T4335] usbtmc 5-1:16.0: can't read capabilities [ 235.561553][ T4335] usb 5-1: USB disconnect, device number 10 [ 235.674407][ T6061] netdevsim netdevsim3: Direct firmware load for . [ 235.674407][ T6061] failed with error -2 [ 235.727536][ T6061] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 235.727536][ T6061] [ 236.490532][ T4314] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 236.710060][ T4314] usb 5-1: Using ep0 maxpacket: 8 [ 237.612271][ T4314] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 237.700004][ T4314] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 237.719934][ T4314] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 237.730429][ T4314] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 237.748934][ T4314] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 237.881098][ T4314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.706985][ T4314] usb 5-1: can't set config #16, error -71 [ 241.738554][ T4314] usb 5-1: USB disconnect, device number 11 [ 242.407557][ T6111] netlink: 196 bytes leftover after parsing attributes in process `syz.4.447'. [ 242.416850][ T6111] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 242.543593][ T27] kauditd_printk_skb: 37 callbacks suppressed [ 242.543608][ T27] audit: type=1326 audit(1755138968.569:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6093 comm="syz.3.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6df38ebe9 code=0x7fc00000 [ 244.298523][ T6126] netlink: 196 bytes leftover after parsing attributes in process `syz.1.449'. [ 244.319351][ T6126] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 245.615435][ T6107] netlink: 4 bytes leftover after parsing attributes in process `syz.3.444'. [ 245.625719][ T6111] netlink: 'syz.4.447': attribute type 8 has an invalid length. [ 245.707815][ T6126] netlink: 'syz.1.449': attribute type 8 has an invalid length. [ 245.892573][ T6129] loop0: detected capacity change from 0 to 512 [ 246.010935][ T6129] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 246.058479][ T6129] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 246.082158][ T6129] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 246.114128][ T6129] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 246.127760][ T6129] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 246.142705][ T6129] EXT4-fs (loop0): orphan cleanup on readonly fs [ 246.152726][ T6129] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.450: bg 0: block 34: padding at end of block bitmap is not set [ 246.189990][ T6129] Quota error (device loop0): write_blk: dquota write failed [ 246.202208][ T6144] tipc: Started in network mode [ 246.206253][ T6129] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 246.207092][ T6144] tipc: Node identity feacd1a927fd, cluster identity 4711 [ 246.266543][ T6129] EXT4-fs error (device loop0): ext4_acquire_dquot:6814: comm syz.0.450: Failed to acquire dquot type 1 [ 246.292902][ T6144] tipc: Enabled bearer , priority 0 [ 246.327205][ T6148] device syzkaller0 entered promiscuous mode [ 246.339438][ T6129] EXT4-fs (loop0): 1 truncate cleaned up [ 246.369886][ T6129] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 246.436176][ T6144] tipc: Resetting bearer [ 246.438565][ T6142] tipc: Resetting bearer [ 246.552540][ T6142] tipc: Disabling bearer [ 246.879956][ T4269] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 246.880379][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 247.040050][ T4269] usb 3-1: device descriptor read/64, error -32 [ 247.319200][ T4269] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 247.319440][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 247.328132][ T4266] EXT4-fs (loop0): unmounting filesystem. [ 247.459885][ T4269] usb 3-1: device descriptor read/64, error -32 [ 247.580149][ T4269] usb usb3-port1: attempt power cycle [ 247.839810][ T6169] netlink: 4 bytes leftover after parsing attributes in process `syz.3.459'. [ 247.874039][ T6169] netlink: 12 bytes leftover after parsing attributes in process `syz.3.459'. [ 247.990074][ T4269] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 248.032388][ T4269] usb 3-1: Using ep0 maxpacket: 8 [ 248.063030][ T4269] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 248.094863][ T4269] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 248.155057][ T4269] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 248.179862][ T4335] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 248.231039][ T4269] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 248.318127][ T4269] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 248.369835][ T4335] usb 1-1: Using ep0 maxpacket: 8 [ 248.400980][ T4269] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.401974][ T4335] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 248.450065][ T4335] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 248.486824][ T4335] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 248.517000][ T4335] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 248.563941][ T4335] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 248.595207][ T4335] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.697536][ T4269] usb 3-1: GET_CAPABILITIES returned 0 [ 248.703180][ T4269] usbtmc 3-1:16.0: can't read capabilities [ 249.026892][ T4335] usb 1-1: GET_CAPABILITIES returned 0 [ 249.032533][ T4335] usbtmc 1-1:16.0: can't read capabilities [ 249.284117][ T4269] usb 3-1: USB disconnect, device number 10 [ 249.642381][ T4269] usb 1-1: USB disconnect, device number 6 [ 249.869936][ T4349] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 250.061230][ T4349] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 250.081558][ T4349] usb 2-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 250.109299][ T4349] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 250.119801][ T4349] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 250.137093][ T4349] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 250.164788][ T4349] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 250.182698][ T4349] usb 2-1: Product: syz [ 250.194911][ T4349] usb 2-1: Manufacturer: syz [ 250.216851][ T4349] cdc_wdm: probe of 2-1:1.0 failed with error -22 [ 250.434279][ T4269] usb 2-1: USB disconnect, device number 9 [ 251.672145][ T6196] netlink: 'syz.1.463': attribute type 8 has an invalid length. [ 252.311105][ T6209] loop3: detected capacity change from 0 to 512 [ 252.353046][ T6209] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 252.409087][ T6209] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 252.429789][ T6207] netlink: 196 bytes leftover after parsing attributes in process `syz.2.466'. [ 252.459842][ T6209] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 252.475104][ T6207] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 252.505452][ T6209] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 252.522507][ T6209] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 252.531796][ T6209] EXT4-fs (loop3): orphan cleanup on readonly fs [ 252.549171][ T6209] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.467: bg 0: block 34: padding at end of block bitmap is not set [ 252.566582][ T6209] Quota error (device loop3): write_blk: dquota write failed [ 252.577591][ T6209] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 252.587994][ T6209] EXT4-fs error (device loop3): ext4_acquire_dquot:6814: comm syz.3.467: Failed to acquire dquot type 1 [ 252.611039][ T6209] EXT4-fs (loop3): 1 truncate cleaned up [ 252.639592][ T6209] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 252.661522][ T6207] netlink: 'syz.2.466': attribute type 8 has an invalid length. [ 252.973867][ T6219] netlink: 'syz.0.469': attribute type 6 has an invalid length. [ 253.024126][ T6219] netlink: 127868 bytes leftover after parsing attributes in process `syz.0.469'. [ 254.501817][ T4282] EXT4-fs (loop3): unmounting filesystem. [ 255.961694][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.968130][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.043473][ T6267] netlink: 4 bytes leftover after parsing attributes in process `syz.2.480'. [ 258.333283][ T6269] loop4: detected capacity change from 0 to 512 [ 258.398122][ T6269] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 258.445913][ T6269] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 258.505025][ T6269] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 258.517519][ T6269] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 258.537186][ T6269] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 258.581654][ T6269] EXT4-fs (loop4): orphan cleanup on readonly fs [ 258.599208][ T6269] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.483: bg 0: block 34: padding at end of block bitmap is not set [ 258.681198][ T6269] Quota error (device loop4): write_blk: dquota write failed [ 258.712746][ T6269] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 258.744348][ T6269] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.483: Failed to acquire dquot type 1 [ 258.761574][ T6269] EXT4-fs (loop4): 1 truncate cleaned up [ 258.786602][ T6269] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 260.135453][ T6276] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 260.195460][ T4275] EXT4-fs (loop4): unmounting filesystem. [ 262.417882][ T6252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.478'. [ 262.429686][ T6253] netlink: 12 bytes leftover after parsing attributes in process `syz.3.478'. [ 262.477655][ T6281] netdevsim netdevsim4: Direct firmware load for . [ 262.477655][ T6281] failed with error -2 [ 262.537623][ T6281] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 262.537623][ T6281] [ 263.513004][ T6315] loop3: detected capacity change from 0 to 512 [ 263.524775][ T6315] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 263.534721][ T6315] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 263.545752][ T6315] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 263.576286][ T6315] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 263.586588][ T6315] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 263.596014][ T6315] EXT4-fs (loop3): orphan cleanup on readonly fs [ 263.609892][ T6315] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.496: bg 0: block 34: padding at end of block bitmap is not set [ 263.646069][ T6315] Quota error (device loop3): write_blk: dquota write failed [ 263.657053][ T6315] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 263.667529][ T6315] EXT4-fs error (device loop3): ext4_acquire_dquot:6814: comm syz.3.496: Failed to acquire dquot type 1 [ 263.686456][ T6315] EXT4-fs (loop3): 1 truncate cleaned up [ 263.705994][ T6315] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 263.927170][ T6313] netlink: 4 bytes leftover after parsing attributes in process `syz.0.495'. [ 263.959187][ T6324] netlink: 4 bytes leftover after parsing attributes in process `syz.4.497'. [ 317.411308][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.417741][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 368.989786][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 368.997832][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6324/2:b..l [ 369.006306][ C0] (detected by 0, t=10502 jiffies, g=27901, q=411 ncpus=2) [ 369.013878][ C0] task:syz.4.497 state:R running task stack:26048 pid:6324 ppid:4275 flags:0x00004000 [ 369.026498][ C0] Call Trace: [ 369.029988][ C0] [ 369.033025][ C0] __schedule+0x10ec/0x40b0 [ 369.038018][ C0] ? release_firmware_map_entry+0x18a/0x18a [ 369.044456][ C0] ? lock_chain_count+0x20/0x20 [ 369.049625][ C0] ? preempt_schedule_irq+0xa6/0x150 [ 369.055568][ C0] preempt_schedule_irq+0xb1/0x150 [ 369.061680][ C0] ? preempt_schedule_notrace+0x110/0x110 [ 369.068927][ C0] ? rcu_irq_exit_check_preempt+0xdb/0x210 [ 369.075043][ C0] irqentry_exit+0x63/0x70 [ 369.079867][ C0] asm_sysvec_reschedule_ipi+0x16/0x20 [ 369.085898][ C0] RIP: 0010:debug_lockdep_rcu_enabled+0x25/0x30 [ 369.092374][ C0] Code: 00 00 cc cc 00 31 c0 83 3d e7 24 09 04 00 74 1d 83 3d 72 58 09 04 00 74 14 65 48 8b 0d 44 47 ec 75 31 c0 83 b9 dc 0a 00 00 00 <0f> 94 c0 c3 00 00 cc cc 00 00 cc 48 8b 3c 24 e8 47 fb ff ff 66 90 [ 369.113093][ C0] RSP: 0018:ffffc9000559f208 EFLAGS: 00000246 [ 369.119391][ C0] RAX: 0000000000000000 RBX: 00007fc070990a7c RCX: ffff8880559f0000 [ 369.127853][ C0] RDX: 0000000000000000 RSI: ffffffff8a8c15e0 RDI: ffffffff8adef320 [ 369.136687][ C0] RBP: 0000000000000001 R08: dffffc0000000000 R09: fffffbfff215ba49 [ 369.145145][ C0] R10: fffffbfff215ba49 R11: 1ffffffff215ba48 R12: ffff8880559f0000 [ 369.153664][ C0] R13: ffff888018a5b280 R14: 00007fc070990a7c R15: 1ffff92000ab3e5e [ 369.162564][ C0] ? is_bpf_text_address+0x43/0x2a0 [ 369.167889][ C0] is_bpf_text_address+0x4c/0x2a0 [ 369.173163][ C0] ? is_bpf_text_address+0x22/0x2a0 [ 369.178598][ C0] kernel_text_address+0x9c/0xd0 [ 369.183817][ C0] __kernel_text_address+0x9/0x30 [ 369.189413][ C0] unwind_get_return_address+0x49/0x80 [ 369.195153][ C0] ? stack_trace_save+0xe0/0xe0 [ 369.200394][ C0] arch_stack_walk+0xf2/0x140 [ 369.205361][ C0] stack_trace_save+0x98/0xe0 [ 369.210355][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 369.215816][ C0] ? __lock_acquire+0x12e5/0x7c50 [ 369.220968][ C0] ? is_bpf_text_address+0x28b/0x2a0 [ 369.226640][ C0] kasan_set_track+0x4b/0x70 [ 369.231605][ C0] ? kasan_set_track+0x4b/0x70 [ 369.236570][ C0] ? __kasan_slab_alloc+0x6b/0x80 [ 369.242081][ C0] ? slab_post_alloc_hook+0x4b/0x480 [ 369.247523][ C0] ? kmem_cache_alloc+0x123/0x2f0 [ 369.252944][ C0] ? skb_clone+0x1e7/0x370 [ 369.257856][ C0] ? __netlink_deliver_tap+0x3ed/0x800 [ 369.263533][ C0] ? netlink_deliver_tap+0x19c/0x1b0 [ 369.269028][ C0] ? netlink_sendskb+0x64/0x130 [ 369.274091][ C0] ? netlink_ack+0xc7a/0x1100 [ 369.279838][ C0] ? netlink_rcv_skb+0x263/0x420 [ 369.284987][ C0] ? netlink_unicast+0x74d/0x8d0 [ 369.290062][ C0] ? netlink_sendmsg+0x89e/0xbc0 [ 369.295041][ C0] ? __sys_sendto+0x44f/0x5c0 [ 369.299936][ C0] ? __x64_sys_sendto+0xda/0xf0 [ 369.304909][ C0] ? do_syscall_64+0x4c/0xa0 [ 369.309628][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 369.315941][ C0] __kasan_slab_alloc+0x6b/0x80 [ 369.320937][ C0] slab_post_alloc_hook+0x4b/0x480 [ 369.327121][ C0] ? slab_pre_alloc_hook+0x59/0x310 [ 369.332690][ C0] kmem_cache_alloc+0x123/0x2f0 [ 369.337552][ C0] ? skb_clone+0x1e7/0x370 [ 369.342353][ C0] skb_clone+0x1e7/0x370 [ 369.346646][ C0] __netlink_deliver_tap+0x3ed/0x800 [ 369.352129][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 369.357353][ C0] netlink_deliver_tap+0x19c/0x1b0 [ 369.362804][ C0] netlink_sendskb+0x64/0x130 [ 369.367575][ C0] netlink_ack+0xc7a/0x1100 [ 369.372081][ C0] ? __dev_queue_xmit+0x26f/0x3760 [ 369.377227][ C0] ? netlink_dump+0xcd0/0xcd0 [ 369.382111][ C0] ? __skb_clone+0x480/0x790 [ 369.386729][ C0] netlink_rcv_skb+0x263/0x420 [ 369.391636][ C0] ? rtnetlink_bind+0x80/0x80 [ 369.397037][ C0] ? netlink_ack+0x1100/0x1100 [ 369.401910][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 369.407299][ C0] netlink_unicast+0x74d/0x8d0 [ 369.412233][ C0] netlink_sendmsg+0x89e/0xbc0 [ 369.417219][ C0] ? netlink_getsockopt+0x540/0x540 [ 369.422990][ C0] ? aa_sock_msg_perm+0x94/0x150 [ 369.428305][ C0] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 369.433699][ C0] ? security_socket_sendmsg+0x7c/0xa0 [ 369.439205][ C0] __sys_sendto+0x44f/0x5c0 [ 369.444077][ C0] ? __ia32_sys_getpeername+0x80/0x80 [ 369.450832][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 369.457624][ C0] ? lock_chain_count+0x20/0x20 [ 369.463887][ C0] __x64_sys_sendto+0xda/0xf0 [ 369.469391][ C0] do_syscall_64+0x4c/0xa0 [ 369.475500][ C0] ? clear_bhb_loop+0x60/0xb0 [ 369.481551][ C0] ? clear_bhb_loop+0x60/0xb0 [ 369.486861][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 369.493107][ C0] RIP: 0033:0x7fc070990a7c [ 369.498692][ C0] RSP: 002b:00007fc071821ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 369.507772][ C0] RAX: ffffffffffffffda RBX: 00007fc071821fc0 RCX: 00007fc070990a7c [ 369.516907][ C0] RDX: 0000000000000024 RSI: 00007fc071822010 RDI: 000000000000000a [ 369.525723][ C0] RBP: 0000000000000000 R08: 00007fc071821f14 R09: 000000000000000c [ 369.535386][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000a [ 369.544521][ C0] R13: 00007fc071821f68 R14: 00007fc071822010 R15: 0000000000000000 [ 369.553150][ C0] [ 369.556446][ C0] rcu: rcu_preempt kthread starved for 9756 jiffies! g27901 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 369.568694][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 369.578859][ C0] rcu: RCU grace-period kthread stack dump: [ 369.585522][ C0] task:rcu_preempt state:R running task stack:27040 pid:16 ppid:2 flags:0x00004000 [ 369.597025][ C0] Call Trace: [ 369.600515][ C0] [ 369.603894][ C0] __schedule+0x10ec/0x40b0 [ 369.608444][ C0] ? release_firmware_map_entry+0x18a/0x18a [ 369.614692][ C0] schedule+0xb9/0x180 [ 369.618798][ C0] schedule_timeout+0x15c/0x280 [ 369.623663][ C0] ? console_conditional_schedule+0x40/0x40 [ 369.629576][ C0] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 369.635699][ C0] ? update_process_times+0x1b0/0x1b0 [ 369.647307][ C0] ? prepare_to_swait_event+0x335/0x350 [ 369.653083][ C0] rcu_gp_fqs_loop+0x2f2/0x1310 [ 369.658053][ C0] ? rcu_gp_kthread+0x380/0x380 [ 369.662917][ C0] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 369.669267][ C0] ? rcu_gp_init+0x14b0/0x14b0 [ 369.674140][ C0] ? rcu_gp_cleanup+0xb4c/0xca0 [ 369.679041][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 369.684293][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 369.689701][ C0] rcu_gp_kthread+0x95/0x380 [ 369.694690][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 369.699834][ C0] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 369.706216][ C0] ? __kthread_parkme+0x162/0x1c0 [ 369.711824][ C0] kthread+0x29d/0x330 [ 369.716017][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 369.721351][ C0] ? kthread_blkcg+0xd0/0xd0 [ 369.726857][ C0] ret_from_fork+0x1f/0x30 [ 369.732180][ C0] [ 369.735237][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 369.742232][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.147-syzkaller #0 [ 369.750223][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 369.760474][ C0] RIP: 0010:default_idle+0xb/0x10 [ 369.765692][ C0] Code: 48 89 df e8 c7 c9 b0 f7 e9 4c ff ff ff e8 ed 07 f6 ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 66 90 0f 00 2d 67 85 66 00 fb f4 0f 1f 40 00 41 57 41 56 53 49 be 00 00 00 00 00 fc ff df 65 48 [ 369.786273][ C0] RSP: 0018:ffffffff8c807d88 EFLAGS: 000002c6 [ 369.792643][ C0] RAX: 2726aa5091547800 RBX: ffffffff8a201e87 RCX: 2726aa5091547800 [ 369.800686][ C0] RDX: 0000000000000001 RSI: ffffffff8a8c0460 RDI: ffffffff8adef320 [ 369.809174][ C0] RBP: ffffffff8c807ec0 R08: dffffc0000000000 R09: ffffed10171c6af6 [ 369.817351][ C0] R10: ffffed10171c6af6 R11: 1ffff110171c6af5 R12: 0000000000000000 [ 369.825543][ C0] R13: dffffc0000000000 R14: ffffffff8c8bc680 R15: 1ffffffff1c3e9b6 [ 369.834103][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 369.843394][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 369.849995][ C0] CR2: 00007f81c734c000 CR3: 0000000026a4b000 CR4: 00000000003506f0 [ 369.858155][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 369.866157][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 369.874138][ C0] Call Trace: [ 369.877430][ C0] [ 369.880370][ C0] default_idle_call+0x84/0xc0 [ 369.885147][ C0] do_idle+0x1fc/0x570 [ 369.889430][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 369.895005][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 369.901904][ C0] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 369.908197][ C0] ? schedule_idle+0x57/0x90 [ 369.913263][ C0] cpu_startup_entry+0x3f/0x60 [ 369.918110][ C0] rest_init+0x2dc/0x300 [ 369.923422][ C0] ? time_init+0x33/0x33 [ 369.928043][ C0] arch_call_rest_init+0xa/0xa [ 369.933178][ C0] start_kernel+0x490/0x539 [ 369.937793][ C0] secondary_startup_64_no_verify+0xcf/0xdb [ 369.944992][ C0]