last executing test programs: 6m20.438202419s ago: executing program 1 (id=36): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1", 0x83}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009e", 0x88}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e", 0xb6}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d", 0x54}, {&(0x7f0000000600)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb555c80dbd2bc9694e862a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec4898205a8d177ffe437570e15e55c72edfd43f3b828ce3dc05ea68517cf917ddc1fa4e5ad006f90fe2d02aa344b9f671f7a4683a945a1f547d2f9b381ef34c62bd754127361576a083cf5a37b03b062076d99189a", 0xff}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6c", 0x3f}, {&(0x7f00000000c0)}], 0x7}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, 0x0}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 6m19.972334436s ago: executing program 1 (id=40): memfd_create(&(0x7f00000000c0)=',\xea\xc9t\x8b\xb7\x04\x1d^s^\t5\xa1i\x01\x00\xd4\xd7\x02\x8dmbs\x0f3\x92\'\x94N\b\xe0m\xa4\x01\x00\xe5\x00\x00\x00\x00\x00-\xb3\x8d\xa1v\xe5\x8a0\x05\x00\xa4\xed\x94 \x15Y\x1f\xccY\xff\xb4\xa2\xa62:\xfa\xf9\xb7\x05q\xa4d\xda0y\xd3\xd6\x98\x9f\x11\n\xf44Q\xff\xff)\xb3|\x04\x00\x00\x80FD\xb8\xc2\x8a\x99Y\xf6:\xfeT\xa1', 0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='schedstat\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6m19.157630652s ago: executing program 1 (id=43): memfd_create(&(0x7f00000000c0)=',\xea\xc9t\x8b\xb7\x04\x1d^s^\t5\xa1i\x01\x00\xd4\xd7\x02\x8dmbs\x0f3\x92\'\x94N\b\xe0m\xa4\x01\x00\xe5\x00\x00\x00\x00\x00-\xb3\x8d\xa1v\xe5\x8a0\x05\x00\xa4\xed\x94 \x15Y\x1f\xccY\xff\xb4\xa2\xa62:\xfa\xf9\xb7\x05q\xa4d\xda0y\xd3\xd6\x98\x9f\x11\n\xf44Q\xff\xff)\xb3|\x04\x00\x00\x80FD\xb8\xc2\x8a\x99Y\xf6:\xfeT\xa1', 0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='schedstat\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6m14.677203577s ago: executing program 1 (id=47): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000210c0009800800014000000005600000000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a300000000034000380300000802c000180250001002130404c6bfef3a31e2587ebd76200"], 0xf0}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) socket$netlink(0x10, 0x3, 0x10) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 6m11.573432622s ago: executing program 1 (id=52): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f000001a400)=""/102384, 0x18ff0) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@private0, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x9, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x7, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x1c) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) 6m8.850526617s ago: executing program 1 (id=54): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x16) r4 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29"], 0x6c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4) 5m51.30915272s ago: executing program 32 (id=54): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x16) r4 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29"], 0x6c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4) 52.327344637s ago: executing program 0 (id=573): r0 = socket(0x10, 0x3, 0x9) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={{0x14, 0x3ec, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x28}}, 0x0) 51.909501637s ago: executing program 0 (id=574): syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000100)={[{@nomblk_io_submit}, {@jqfmt_vfsv0}, {@min_batch_time={'min_batch_time', 0x3d, 0x3ff}}, {@noload}, {@grpjquota_path={'grpjquota', 0x3d, '.\x02'}}, {@noblock_validity}, {@resgid}, {@nombcache}, {@errors_continue}]}, 0xfa, 0x49c, &(0x7f00000013c0)="$eJzs3MtvFVUYAPBvbh8UEFsRHyBIFY3ER0vLQxZuNJqw0MREFxhXtS2kUqihNRFCtLrApSFxT9z6FxhXujHqRhO3ujckxLAB0cWYuTNjL7f39kFvuYX7+yW3PWfmtOd8M3NmzsyZNoCONZh9SSLui4jfI6I/z95aYDD/duPahfG/r10YTyJN3/orqZa7fu3CeFm0/LmteSZNi3xfg3ovvhsxNj09ebbID8+d/mB49tz5F6ZOj52cPDl5ZvTo0UMH9/QeGT3ckjj7YyCu7/p4ZvfOY+9cemP8+KX3fkoqkccddXG0ymC+dRt6utWVtdm2mnTSHTV7fe8vC2s23eFWsZyuiMh2V0+1//dHV2z+f11/vPZZWxsHrKs0TdMlzsrzKXAPS6LdLQDao7zQZ/e/5ecODT02hKsv5zdAWdw3ik++pjsqeWJvT939bSsNRsTx+ZuXs0+s03MIAIBa32Xjn+cbjf8q8XCe6M2+3F/MDQ1ExAMRsT0iHoyIHRHxUES17CMR8egq66+fIVk8/qlcue3gViAb/71UzG3dOv6rlEUGuorctmr8PcmJqenJA8U22R89m05MJZMjS9Tx/au/fdFsXXX8Vw7G529ezuovx4JFO6501z2gmxibG1tLzLWufhqxq7tR/El1XiCKeb2dEbHrNuuYera76bra8e/xhvEvofmvXbH0q4hn8v0/H3Xxl5Km85MjLx4ZPTzcF9OTB4bLo2Kxn3+9+Gaz+tcUfwtk+3/LwvH/b5qm9fEPJH0Rs+fOn6rO186uvo6Lf3ze9J5m+fhvOf6PbSuO/97k7eqC3mLFR2Nzc2dHInqT1xcvH134bWW+LJ/Fv39f4/6/PRa2xGMRsTsi9kTE49lNYdH2JyLiyYjYt0T8P77y1Purj7/xU/meJeq5HVn8Ew3PfzX7P2r3/+oTXad++Hb5+Psiotn+P1RN7S+WrOT8t9IGrmXbAQAAwN0ifwc+qQwtpJOhofwd/h2xpTI9Mzv33ImZD89M5O/KD0RPpXzS1V/zPHSkeDZc5kfr8geL58Zfdm2u5ofGZ6Yn2h08dLiti/p/pZL1/8yfXe1uHbDuWjCPBtyl9H/oXPo/dKZk2f7f6leOgI3E9R86V6P+/0nT0kPfrGtjgDvK9R861wr6/3z+rfmoALg7uf5D59L/oSM1/dv4ypr+5L+liT1f521dqsw/xb9QKZYk8xul8fdsIiobohn3fqJ7xf/MolmiZ3FfTvvzPpUt2dTwp9p6WgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGiZ/wIAAP//J3zmTg==") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000007100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x0, 0x68, 0x0, &(0x7f0000000140)="c9228e1bb95d02ff4284860186dd", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 50.519287912s ago: executing program 0 (id=578): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xc03, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="2e41d16cd5f466b822000f00d0460f06f245dd48f526263ef2a585f6b92e030000b800000000ba008000000f3041ab0fc73a0fc71f", 0x35}], 0x1, 0x70, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x81a00000c}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 48.72746282s ago: executing program 0 (id=587): syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x880, &(0x7f0000000240)={[{@time_offset={'time_offset', 0x3d, 0x6}}, {@fmask={'fmask', 0x3d, 0x10000004}}, {@utf8}, {@allow_utime={'allow_utime', 0x3d, 0xd}}, {@discard}, {}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@utf8}, {@dmask={'dmask', 0x3d, 0x2}}, {@dmask={'dmask', 0x3d, 0x101}}]}, 0x1, 0x1548, &(0x7f0000003300)="$eJzs3AuYTlXbOPD7XmvtMSSeJjkMa6178ySHRZLkkCSHJEmSJKfklCZ5JSExhCQNSUgOQxJDSA4Tk8b5fD4kJEmTJCE5Jet/Tbi8vdW/vq++1/e9c/+ua1+z7mfve+21n3s/z7P2npnnm65DazauVa0hEcFfghd+JAJALAAMBIDcABAAQLm4cnGZ67NLTPxrO2F/rwdTrvQI2JXE9c/auP5ZG9c/a+P6Z21c/6yN65+1cf2zNq4/Y1nZpmkFruEl6y58////uNi/ksyf//9BMkqN/WJNqeu6AcT8ia2zA9c/y+P6/8cK/sxGXP+sjeufVf2laSP7P+DpP7ENv/6zgmy/u4brn7Vx/RnLyq70/ec/vyAA/P39QuR/2XNwJPuFwvyb9nelzz/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY1nDaX+ZAoBL7Ss9LsYYY4wxxhhjjP19fLYrPQLGGGOMMcYYY4z9z0MQIEFBADGQDWIhO+QAAQBXQy7IDRG4BuLgWsgD10FeyAf5oQDEQ0EoBBoMWCAIoTAUgShcD0XhBigGxaEElAQHpaA03Ahl4CYoCzdDObgFysOtUAEqQiWoDLdBFbgdqsIdUA3uhOpQA2pCLbgLasPdUAfugbpwL9SD+6A+3A8N4AFoCA9CI3gIGsPD0AQegabQDJpDC2j5+/ntEOB38p+DnvA89ILekAh9oC+8AP2gPwyAF2EgvASD4GUYDK9AEgyBofAqDIPXYDi8DiNgJIyCN2A0vAljYCyMg/GQDBNgIrwFk+BtmAzvwBSYCikwDabDuzADZsIseA9mw/swB+bCPJgPqfABLICFkAYfwiL4CNJhMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22ww74GHbCJ7ALdsMe+BT2wmf/xfxT/5LfDQEBBQpUqDAGYzAWYzEH5sCcmBNzYS6MYATjMA7zYB7Mi3kxP+bHeIzHQlgIDRokJCyMhTGKUSyKRbEYFsMSWAIdOiyNpbEM3oRlsSyWw3JYHstjBayIFbEyVsYqWAWrYlWshtWwOlbHmlgT78K7sA/WwTpYF+tiPax36fYUNsSG2AgbYWNsjE2wCTbFptgcm2NLbImtsBW2xtbYFttie2yPHbADJmACdsSO2Ak7YWfsjF2wC3bFrtgNu2P3jOeyAT6Pz2NvrC76YF/si/0wKdsAfBFfxJdwEL6ML+MrmIRDcCi+iq/iazgcT+IIHImjcBRWEW/iGByLJMZjMibjRJyIk3BS5ukG7+BUTMFpOB2n4wyciTPxPZyN7+P7OBfn4nxMxVRcgAsxDdNwEZ7CdFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9GBYCf4G7cjUm4F/fiPtyH+3E/HsADmIEZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/CZ+K8afVx8dRKITEooESNiRKyIFTlEDpFT5BS5RC4RERERJ+JEHpFH5BV5RX6RX8SLeFFIFBJGGEEijAEAERVRUVQUFcVEMVFClBBOOFFalBZlRBlRVpQV5cQtory4VVQQFUUbV1lUFlVEW1dV3CGqiWqiuqghaopaopaoLWqLOqKOqCvqinqinqgv7hcNRB8cgA+KzMo0FkOwiRiKTUUzIS++g7USw7G1aCPainZiJI7ADqKVSxBPio5iDHYS/xBj8WnRRYzHruJZ0U10Fz3Ec6KnaO16id5iMvYRfcVU7Cf6iwHiRTEDa4j3cHb2muIVkSSGiKHiVTEfXxPDxetihBgpRok3so8Wb4oxYqwYJ8aLZDFBTBRviUnibTFZvCOmiKkiRUwT08W7YoaYKWaJ98Rs8b6YI+aKeWK+SBUfiAVioUgTH4pF4iORLhaLJWKpWCaWixVipVglVos1Yq1YJ9aLDWKj2CQ2iy1iq9gmtosd4mOxU3widondYo/4VOwVn4l94nOxX3whDogvRYb4ShwUX4tD4htxWHwrjojvxFFxTBwX34sT4gdxUpwSp8UZcVb8KM6Jn8R54QVIlEJKqWQgY2Q2GSuzyxzyKplTBhef3WtknLxW5pHXybwyn8wvC8h4WVAWkloaaSXJUBaWRWRUXi+LyhtkMVlclpAlpZOlZGl5oywjb5Jl5c2ynLxFlpe3ygqyoqwkK8vbZBV5u4TIhX1UlzVkTVlL3iUT4W5ZR94j68p7ZT15n6wv75cN5AOyoXxQNpIPycbyYdlEPiKbymayuWwhW8pHZSv5mGwt28i2sp1sLx+XHeQTMkE+KTtKf/EUeVp2kc/IrvJZ2U12lz3kT/K89LKX7C2hD8i+8gXZT/aXA2IBQL4kB8mX5WD5ikySQ+RQ+aocJl+Tw+XrcoQcKUfJN+Ro+aYcI8fKcXK8TJYT5ET5lpwk35aT5TtyipwqU+Q0OUAO/LmnWVL+Yf5bv5E/+Oe9b5Sb5Ga5RW6V2+R2uUN+LHfKnXKX3CX3yD1yr9wr98l9cr/cLw/IAzJDZsiD8qA8JA/Jw/KwPCKPyKPymDwjv5cn5A/ypDwlT8kz8qw8K89dfA5AoRJKKqUCFaOyqViVXeVQV6mc6mqVS+VWEXWNist8F1bXqbwqn8qvCqh4VVAVUloZZRWpUBVWRVRUXY8XTxhVQpVUTpVSpdWNF/LVtSrPH+erouoGVUwV/0X+pfEl/s74WqqWqpVqpVqr1qqtaqvaq/aqg+qgElSC6qg6qk6qk+qsOqsuqovqqrqqbqqb6qF6qJ6qp+qleqlElaj6qhdUP9VfDVAvqoHqJTVIDVKD1WCVpJLUUDVUDVPD1HA1XI1QI9QoNUqNVqPVGDVGjVPjVLJKVhPVRDVJTVKT1WQ1RU1RKSpFTVfT1Qw1Q81Ss9RsNVvNUXPUPDVPpapUtUAtUGkqTS1Si1S6WqwWq6VqqVqulquVaqVarVartWqtWq/Wq3S1SW1SW9QWtU1tUzvUDrVT7VS71C61R+1Re9VetU/tU/vVfnVAHVAZKkMdVAfVIXVIHVaH1RF1RB1VR9VxdVydUCfUSXVSnVan1Vl1Vp1T59R5dT5z2heIQAQqUEFMEBPEBrFBjiBHkDPIGeQKcgWRIBLEBXFBnuC6IG+QL8gfFAjig4JBoUAHJrCBuFj0aHB9UDS4ISgWFA9KBCUDF5QKSgc3BmWCm4Kywc1BueCWoHxwa1AhqBhUCioHtwVVgtuDqsEdQbXgzqB6UCOoGdQK7gpqB3cHdYJ7grrBvUG94L6gfnB/0CB4IGgYPBg0Ch4KGgcPB02CR4KmQbOgedAiaPm39u/9yXyPuV66t07UfXRf/YLup/vrAfpFPVC/pAfpl/Vg/YpO0kP0UP2qHqZf08P163qEHqlH6Tf0aP2mHqPH6nF6vE7WE/RE/ZaepN/Wk/U7eoqeqlP0ND1dv6tn6Jl6ln5Pz9bv6zl6rp6n5+tU/YFeoBfqNP2hXqQ/0ul6sV6il+plerleoVfqVXq1XqPX6nV6vQK9UW/Sm/UWvVVv09v1Dv2x3qk/0bv0br1Hf6r36s/0Pv253q+/0Af0lzpDf6UP6q/1If2NPqy/1Uf0d/qoPqaP6+/1Cf2DPqlP6dP6jD6rf9Tn9E/6vPaZk/vMj3ejjDIxJsbEmliTw+QwOU1Ok8vkMhETMXEmzuQxeUxek9fkN/lNvIk3hUwhk4kMmcKmsImaqClqippippgpYUoYZ5wpbUqbMqaMKWvKmnKmnClvypsKpoKpZCqZ28xt5nZzu7nD3GHuNHeaGqaGqWVqmdqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpYpqYpqapaW6am5ampWllWpnWprVpa9qa9qa96WA6mASTYDqajqaT6WQ6m86mi+liupquppvpZnqYHqan6Wl6mV4m0SSavqav6Wf6mQFmgBloBppBZpAZbAabJJNkhpqhZpgZZoab4WaEGWlGZU5UzZtmjBlrxpnxJtkkm4lmoplkJpnJZrKZYqaYFJNippvpZoaZYWaZWWa2mW3mmDlmnplnUk2qWWAWmDSTZhaZRSbdpJslZolZZpaZFWaFWWVWmTVmjVkH68wGs8FsMpvMFrPFbDPbzA6zw+w0O80us8vsMXvMXrPXI4DZb/abA+aAyTAZ5qA5aA6ZQ+awOWyOmCPmqDlqjpvj5oQ5YU6ak+a0OW3OmnwXPy+9ibXZbQ57lc1pr7a5bG77r3F+W8DG24K2kNU2r833i9hYa4vZ4raELWmdLWVL2xt/FVewFW0lW9neZqvY223VX8W17d22jr3H1rX32lr2rl/E9ex9tr592DZABLDNbCPbwja2D9sm9hHb1DazzW0L294+bjvYJ2yCfdJ2tE/9Kl5gF9pVdrVdY9faXXa3PW3P2EP2G3vW/mh72d52oH3JDrIv28H2FZtkh/wqHmXfsKPtm3aMHWvH2fG/iqfYqTbFTrPT7bt2hp35qzjVfmBn2zQ7x8618+z8n+PMMaXZD+0i+5FNtwEssUvtMrvcrrArL43V57br7Qa70e60n9gtdqvdZrfbHZcmwna33WM/tXvtZ/ag/drut1/YA/awzbBf/RxnHt9h+609Yr+zR+0xe9x+b0/YH9Sl7Mxj/97+ZM9bb4GQgCQpCiiGslEsZaccdBXlpKspF+WmCF1DcXQt5aHrKC/lo/xUgOKpIBUiTYYsEYVUmIpQlK6nS8MrQSXJUSkqTTdSGbqJytLNVI5uofJ0K1WgilSJKtNtVIVup6p0B1WjO6k61aCaVIvuotp0N9Whe6gu3Uv16D6qT/dTA3qAGtKD1Igeosb0MDWhR6gpNaPm1IJa0qPUih6j1tSG2lI7ak+PUwd6ghLoSepIT1En+gd1pqepCz1DXelZ6kbdqQc9Rz3peepFvSmR+lBfeoH6UX8aQC/SQHqJBtHLNJheoSQaQkPpVRpGr9Fwep1G0EgaRW/QaHqTxtBYGkfjKZkm0ER6iybR2zSZ3qEpNJVSaBpNp3dpBs2kWfQezab3aQ7NpXk0n1LpA1pACymNPqRF9BGl02JaQktpGS2nFbSSVtFqWkNraR2tpw20kTbRZtpCW2kbbacd9DHtpE9oF+2mPfQp7aXPaB99TvvpCzpAX1IGfUUH6Ws6RN/QYfrW96bv6Cgdo+P0PZ2gH+gknaLTdIbO0o90jn6i8+QJQgxFKEMVBmFMmC2MDbOHOcKrwpzh1WGuMHcYCa8J48JrwzzhdWHeMF+YPywQxocFw0KhDk1oQwrDsHBYJIyG14dFwxvCYmHxsERYMnRhqbB0eGNYJrwpLBveHJYLbwnLh7eGFcKK4cP3Vg5vC6uEt4dVwzvCauGdYfWwRlgzrBXeFdYO7w7rhPeEdcN7w7LhfWH98P6wQfhA2DB8MGwUPhQ2Dh8Om4SPhE3DZmHzsEXYMnw0bBU+FrYO24Rtw3Zh+/DxsEP4RJgQPhl2DJ/6ef19C39/fWLYJ+wbvhC+EHp/j5wXnR9NjX4QXRBdGE2LfhhdFP0omh5dHF0SXRpdFl0eXRFdGV0VXR1dE10bXRddH90Q3Rj1vlY2cOiEk065wMW4bC7WZXc53FUup7va5XK5XcRd4+LctS6Pu87ldflcflfAxbuCrpDTzjjryIWusCviou56V9Td4Iq54q6EK+mcK+VKuxaupWvpWrnHXGvXxrV17Vw797h73D3hnnBPuo7uKdfJ/cN1dk+7Lu4Z94x71nVz3V0P95zr6SbkuvCaTHR9XV/Xz/VzA9wAN9ANdIPcIDfYDXZJLskNdUPdMDfMDXfD3Qg3wo1yo9xoN9qNcWPcODfOJbtkN9FNdJPcJDfZTXZT3BSX4lLcdDfdzXAzXJWZF/Yyx81x89w8l+pS3QKXOWdMc4vcIpfu0t0St8Qtc8vcCrfCrXKr3Bq3xq1z69wGt8FtcpvcFrfFbXPb3A63w+10O90un/tCp26v2+f2uf1uvzvgvnQZ7it30H3tDrlv3GH3rTvivnNH3TF33H3vTrgf3El3yp12Z9xZ96M7535y5513yZEJkYmRtyKTIm9HJkfeiUyJTI2kRKZFpkfejcyIzIzMirwXmR15PzInMjcyLzI/khr5ILIgsjCSFvkwsijyUSQ9sjiyJLI0siyyPOJ9wS2hL+yL+Ki/3hf1N/hivrgv4Ut650v50v5GX8bf5Mv6m305f4sv72/1FXxFX8k/4pv6Zr65b+Fb+kd9K/+Yb+3b+La+nW/vH/cd/BM+wT/pO/qnfCf/D9/ZP+27+Gd8V/+s7+a7+x7+Od/TP+97+d4+0ffxff0Lvp/v7wf4F/1A/5If5F/2g/0rPskP8UP9q36Yf80P96/7EX6kHxXzhh996RIZxvtkP8FP9G/5Sf5tP9m/46f4qT7FT/PT/bt+hp/pZ/n3/Gz/vp/j5/p5fr5P9R/4BX6hT/Mf+kX+I5/uF1+6qexX+JV+lV/t1/i1fp1f7zf4jX6T3+y3+K1+m9/ud/iP/U7/id/ld/s9/lO/13/m9/nP/X7/hT/gv/QZ/it/0H/tD/lv/GH/rT/iv/NH/TF/3H/vT/gf/El/yp/2Z/xZ/6M/53/y5/l/1hhjjDHG/pQJl5vil2su3M7v8xs54p827gsAV28tkPHP6zNnlOvyXmj3F/HtIwDwZO+uD15aqldPTEy8uG26hKDIXIBLvwnKFAOX48XQFh6HBGgDZX5z/P1F97P0B/1HbwHI8U85sXA5vtz/5wCY+Bv9P9pu1ILy4em4/0//cwGKFbmckx0ux4uh7c/3V9pA2d8Zf75WfzD+7F8kA7T+p5yccCk+ePHbGjLHXxoeg6cg4RdbMsYYY4wxxhhjF/QXlTpfuv689Befv3V9Hq8u52SDy/EfXZ8zxhhjjDHGGGPsynu6e48nHk1IaNP5v96o+t/K+tONJvA/1TM3frPhPcClRxQA/MUOATIb8t95FJv/LftKuvjS+ddVy874AP53lPLvaFzhNybGGGOMMcbY3+7ypP+Xj6srNSDGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYywL+nd8ndiVPkbGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGPsSvt/AQAA///BeAKt") mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0x110) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x200e1, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES64, @ANYRES16=0x0, @ANYRESDEC=r2, @ANYRES64=0x0, @ANYRES32=r1, @ANYRESHEX=r2, @ANYRESHEX], 0x0, 0x0, &(0x7f0000000000)) socket(0x80000000000000a, 0x2, 0x0) r3 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, 0x0, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r4, 0x8922, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x16) getdents64(r5, &(0x7f0000000040)=""/125, 0x7d) 48.5353599s ago: executing program 4 (id=588): r0 = epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x17a, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000000)={0xa, 0x7ffffffe, 0x2, 0x10000000000006, 0xf, 0x8, 0x80000002, 0x8}, 0x0, 0x0, 0x0, 0x0) 47.985571191s ago: executing program 3 (id=590): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180)) 45.663696176s ago: executing program 3 (id=591): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) ioctl$KVM_SET_TSS_ADDR(r0, 0xae47, 0xd000) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @pic={0x2, 0x4, 0x2, 0x1c, 0x10, 0x93, 0x6, 0x4, 0x8, 0x9c, 0xa, 0x0, 0x6, 0x6, 0x3, 0x3}}) 44.072084314s ago: executing program 0 (id=593): syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x4, &(0x7f0000000300)=ANY=[], 0x1, 0x19e, &(0x7f0000000800)="$eJzsmLFO+lAUxr/bUhrIP+G/6qKJJOBgaYsaGRyYHTQx0bhJpBK0iIEOwGZ8CGefwJm48B46qJODujk51Ny2wAWsxESFxPMbDl/vPRzOPdx8JIAgiD/Lw/3r3VUqGeP6H5JQg/VHuZ8jCfntxNviTXnz+kJ/uW13NnLD9RgA1w37tP2RlQiATl6GEzy77uC7k4AiaI4i7u+CQetVl7ATaAsMe4E+EnSV52vaYdm2tIOqXeRC58HgweQhO9zf8xlDUeiPCfv1Zuu4YNtW7QdF2DR7/eUlrAv9id9XdzY6pO78YECCEegsGLYDvQa1Oxt/JML5ZyP9+vIvn3+KBb8KY3JmEmPqKJj0KUh865Xg4ikGTEc/kxJ9f3IvGVKCP0UE/8g4ldNMvdlaKlcKJatknZhmdlVf1vUVM+MZkR8/8b+Y509xob4SkhtlUTQKjlMz/Nh7NhsqnJr5keNGPf+TkF7wu2bBmoj3e/CfzfOXtBzH+cCuGto7QRAEQRAEQRAEQRAEQRDE15gD8/4FHSA3smRuednvAQAA//8iB3Am") r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x112) getdents(r0, 0x0, 0x0) 43.333952968s ago: executing program 3 (id=594): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000000102030000000000000000000a0000013c0001800c00028005d30100610000002c00018014000300fe8000000000000000000000000000aa14000400fc0200000000000000000000000000010c000380"], 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x14) 38.429717313s ago: executing program 3 (id=596): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000080)=0xf, 0x4) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x80003, 0x5) socket$inet_tcp(0x2, 0x1, 0x0) fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e24, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x11}, 0x5}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 36.544234884s ago: executing program 0 (id=597): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8d32}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000c00)=ANY=[@ANYBLOB="0a0088a8ffffffffffffaaaaaaaaaaaa86dd62a79c5b0064110120010000000000000000000000000002ff020000000000000000000000000001"], 0x9e) 36.421343394s ago: executing program 4 (id=598): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="000022f041"], 0x56) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 36.085967784s ago: executing program 4 (id=599): syz_emit_ethernet(0x1e6, &(0x7f00000006c0)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\b\x00', 0x1b0, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x20}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x3, 0x1, "020000000400000126000400"}, {0x18, 0x1, '\x00\x00\x00\x00\x00\x00'}, {0x18, 0x27, "7c5fedeead5d05b87f9a168ce9fa5053c7dba3f0bfbdedf001ccf4f4c7e10fdfa608dbd75df7cd7eeab451ca0a9ee0f0146904f6d1d709ba556b75cb6cb259f3cf09c554b9ca2ceafb4e1735936011a5fb6caedf2de4d3d66ef12adef12a2e51ee8dbcc44a35c94addd32e245f8bb0ef39b811d2b15fbba865ede9c4b62806d93140e62eec2ca5a8c75f5cc4f8ed50c13bb26c028a5cdd2cf899b3148284e3222371ba62f7b1afe63ab3faf2bc3abec71702eac1cf699c0baebfe17151513feeb93840af33b8f81f386fbc7a8e2ebcc074c56d6b004a1073d621f2851c011797f4b34f63f997313fd14672d5d9e0eb5c2d34d2401742ac4f622a1dbcbfd52a5ec35544d09934fc28bdb748ddc3d2cd5f868ec4c3c40ef296f82dacf877d1cc0aeb8736ab354931710c88b4e0781652cbb4c81bf134b1"}]}}}}}}, 0x0) 35.81453743s ago: executing program 4 (id=600): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000540)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="0006f2000000f22158"], 0x0, 0x0, 0x0}, 0x0) 34.738591742s ago: executing program 3 (id=601): r0 = syz_open_dev$loop(&(0x7f0000000000), 0xa259, 0x42540) ioctl$BLKPG(r0, 0x1269, &(0x7f0000000100)={0x1, 0x0, 0x98, &(0x7f0000000040)={0x2, 0x9, 0x6}}) 34.637975434s ago: executing program 3 (id=602): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = syz_clone3(&(0x7f0000000440)={0x80080, &(0x7f0000000000), &(0x7f00000000c0), 0x0, {0x1d}, &(0x7f0000000300)=""/114, 0x72, 0x0, &(0x7f0000000400)=[0xffffffffffffffff], 0x1}, 0x58) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x83) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000007c0)=@v1={0x0, @aes256, 0x3, @desc2}) openat$cgroup_subtree(r1, 0x0, 0x2, 0x0) prlimit64(r0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xb4, 0x30, 0xffff, 0x70bd27, 0x0, {}, [{0xa0, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x10000, 0x0, 0x0, 0x1000000, 0x0, {0x0, 0x2, 0x0, 0x0, 0xfffe}, {0x0, 0x0, 0x0, 0x0, 0xfffd}}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 33.48021192s ago: executing program 4 (id=603): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000140)='syz0\x00') 33.36509367s ago: executing program 4 (id=604): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000002c0)) write$ppp(r0, 0x0, 0x0) 20.607666508s ago: executing program 33 (id=597): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8d32}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000c00)=ANY=[@ANYBLOB="0a0088a8ffffffffffffaaaaaaaaaaaa86dd62a79c5b0064110120010000000000000000000000000002ff020000000000000000000000000001"], 0x9e) 19.072702049s ago: executing program 34 (id=602): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = syz_clone3(&(0x7f0000000440)={0x80080, &(0x7f0000000000), &(0x7f00000000c0), 0x0, {0x1d}, &(0x7f0000000300)=""/114, 0x72, 0x0, &(0x7f0000000400)=[0xffffffffffffffff], 0x1}, 0x58) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x83) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000007c0)=@v1={0x0, @aes256, 0x3, @desc2}) openat$cgroup_subtree(r1, 0x0, 0x2, 0x0) prlimit64(r0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xb4, 0x30, 0xffff, 0x70bd27, 0x0, {}, [{0xa0, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x10000, 0x0, 0x0, 0x1000000, 0x0, {0x0, 0x2, 0x0, 0x0, 0xfffe}, {0x0, 0x0, 0x0, 0x0, 0xfffd}}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 18.079172698s ago: executing program 35 (id=604): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000002c0)) write$ppp(r0, 0x0, 0x0) 6.916991184s ago: executing program 2 (id=624): syz_emit_ethernet(0x0, 0x0, 0x0) syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000040)='./file2/../file0\x00', 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="756d61736b3d30303030303030300000000030303030303030333737372c616c6c6f775f7574696d653d30303030303030332c000000000083ec4c0d6e84de0249d09f31ef580c3d00000000"], 0x0, 0x1c0, &(0x7f00000004c0)="$eJzs3UFr02AcBvB/u5hV8bCzeAh4EQ9F/QRV2WAYEJQc9KQwvWwiuEv0tG/hN/Cr+HGUnnarrG9ZGEZQXBq7/H6XPuRJ875vCn1PTV/ffn948OH43ddvX2IyGUU2i1mcjmInxrEVyUlcMGo9CgBsjNPFIn4skj84/fEapgQAdOwv938A4Aqw/wPA8Nj/AWB4Xrx89fRRWe4+L4pJxPykruoqvaZ+b7/cvV8s7TTvmtd1tXXeP0h9cbG/FjdW/cPWPo+7d1J/1j15Vo6XVZbOqKvtOGib8GzUwV0AAAAAAAAAAAAAAAAAAAAAAID1mhbnWp/vM53mv+lT2tvPV8ea5/vcW/ZZ3MpaBsw7WggAAAAAAAAAAAAAAAAAAABssONPnw/fHB29/fhv4fslXactzDu78kaHm5f7CbaE7dUIfa/0vwrXI6KD+9z7un4JPX4pAQAAAAAAAAAAAAAAAADAQDU/+u17JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQn+b//7sLZ+OM+14oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACD9jMAAP//h4VCzg==") close(0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000710033000000000095000300"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x21) 5.687935857s ago: executing program 2 (id=625): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fcntl$lock(r1, 0x25, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4af84000) syz_open_procfs(r0, &(0x7f0000000000)='comm\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0x3, &(0x7f0000000000)=@raw=[@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x40}, @jmp={0x5, 0x0, 0xd}, @exit], &(0x7f0000000280)='GPL\x00'}, 0x80) 4.120515455s ago: executing program 2 (id=626): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x2) epoll_create(0x7) keyctl$clear(0x3, 0xfffffffffffffffd) recvmmsg(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000003c0)=""/6, 0x6}], 0x1}, 0x6}], 0x1, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(r3, &(0x7f00000044c0), 0x4000000000001c0, 0x0) recvfrom(r4, &(0x7f0000000040)=""/60, 0x3c, 0x40, 0x0, 0x0) 2.827404306s ago: executing program 2 (id=627): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) syz_open_procfs(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x80003, 0x5) socket$inet_tcp(0x2, 0x1, 0x0) r4 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x80) r6 = openat$cgroup_procs(r5, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000001c00), 0x12) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e24, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x11}, 0x5}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 1.03408924s ago: executing program 2 (id=628): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b7000000000000006111900000000000c6000000000000009516690000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) r0 = socket$inet6(0xa, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x8, &(0x7f0000000180)=ANY=[], 0xfc, 0x2b8, &(0x7f0000001540)="$eJzs3EFr02AYwPGnXbt2HVt7EhTEB73oJWz1ExTZQCwocxX1IGQu1dLYjqZWKuJ2E29+juHRm+D8Art48y5ehiB42UEWadLYtBQ3Z7vM7f+DkWd53yfvmzYbTwJ5d+6+eVItO0bZbEo8rRIX2ZBdkVwn6opJwtvGvXhSwjbkyvSPz+dv37t/o1AsLiypLhaWr+ZVdfbCh2cv3l782Jy+8272fUq2cw92vue/bJ/ZPruztxwcvd5UU1fq9aa5Ylu6WnGqhuot2zIdSys1x2r0tZft+tpaW83a6kxmrWE5jpq1tlattjbr2my01XxkVmpqGIbOZOS0mfjrjNLm0pJZGMtkEIWpYTsbjYI54TfGJBZuKW0e2cwAAMCxcbD63zfK+v9xxdGKo7X96v+4UP+Pj1f/7w0tGnEyJDs3AAUz0/377Uf9DwAAAAAAAAAAAAAAAAAAAADA/2DXdbOu62aDbfCTEpG0iAS/Rz1PjMchvv9YhNPFiIVe3EuL2K9apVbJ3/rthbJUxBZL5pIiP73rocuPF68XF+bUk5Mte72b770kmAryA7nh+fN+voby11ulpGTC4+f99w6H5ecH8pMi0ipNyuVLoXxDsvLpodTFllXvOL38l/Oq124WB8af8voBAAAAAHASGPpbrv/+119N0jA0WDZkoN3f2Xs+INl9ng+obE1KLz8h5xLRnTcAAAAAAKeJ035eNW3banQCSYg0+vaMPpge25GPNhj46AaC18dghqMPjLR/0fyxs+u6651O/z5oXEQiOtNvInL0n3NKRMY6xNen/hd4kM5R/lcCAAAAMA69oj/qmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHoddPGwoP9h1h4LDTcRzVkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8OvAAAA//8XzBeO") prctl$PR_CAPBSET_DROP(0x18, 0x5) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000001200)=0xcdb, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x8001}]}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='reno', 0x4) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000440)={'ip6tnl0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x2f, 0x6, 0xc2, 0x3, 0x6, @empty, @empty, 0x80, 0x10, 0x1, 0x2}}) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='.\x00', 0x0, 0x10}, 0x18) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0xa003, 0x0) ioctl$TIOCMSET(r2, 0x5418, &(0x7f0000000100)=0x15b5c080) syz_clone(0x18000200, &(0x7f0000000000)="18e6e8113fea3c845a4c2be8576aaba9135682866b5588c6d83e0dadd46b4f433950817ce3d8b5e021e93428fbc99e9fa50c9101cbeb916655a629b89188c41f1c3ffe9c639ccfc39a69d3c84bed1b66b2ba3e96a105dd33f6823ba7988cad7d3ed5b917fee41f70d15af9158acf9732d17ce4544c049775fb03d28b66c7277ed7445fd851ed6df04f7034bd9b143b04422d", 0x92, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000180)="c6a580c28b02b85cc3858ab434e2d653e6a634c13af10be9393a1161c6d20870b61b8e6525a9a0bdf7b35eea674a9e52cdadf338d6647be4d90dc973256190") 0s ago: executing program 2 (id=629): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) futex(&(0x7f0000000200)=0x1, 0x6, 0x0, &(0x7f0000000240)={0x77359400}, 0x0, 0x1) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) kernel console output (not intermixed with test programs): 191.973047][ T5608] syz-executor: attempt to access beyond end of device [ 191.973047][ T5608] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 192.064113][ T5608] CPU: 0 UID: 0 PID: 5608 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 192.064143][ T5608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 192.064155][ T5608] Call Trace: [ 192.064164][ T5608] [ 192.064173][ T5608] dump_stack_lvl+0xe8/0x150 [ 192.064202][ T5608] f2fs_stop_checkpoint+0x383/0x540 [ 192.064227][ T5608] f2fs_write_end_io+0x1274/0x1740 [ 192.064255][ T5608] __submit_merged_bio+0x256/0x6a0 [ 192.064272][ T5608] __submit_merged_write_cond+0x3c9/0x4e0 [ 192.064297][ T5608] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 192.064331][ T5608] f2fs_write_data_pages+0x287e/0x34f0 [ 192.064368][ T5608] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 192.064413][ T5608] ? do_raw_spin_lock+0x12b/0x2f0 [ 192.064437][ T5608] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 192.064454][ T5608] ? lockdep_hardirqs_on+0x7a/0x110 [ 192.064469][ T5608] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 192.064485][ T5608] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 192.064499][ T5608] ? reacquire_held_locks+0x104/0x190 [ 192.064511][ T5608] ? rt_spin_lock+0x1e0/0x400 [ 192.064528][ T5608] ? rt_spin_unlock+0x14f/0x200 [ 192.064543][ T5608] ? rt_spin_unlock+0x160/0x200 [ 192.064555][ T5608] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 192.064570][ T5608] do_writepages+0x32e/0x550 [ 192.064585][ T5608] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 192.064599][ T5608] ? rt_spin_unlock+0x14f/0x200 [ 192.064618][ T5608] filemap_fdatawrite+0x1ec/0x2f0 [ 192.064634][ T5608] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 192.064676][ T5608] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 192.064691][ T5608] ? __rcu_read_unlock+0x83/0xe0 [ 192.064708][ T5608] ? rt_spin_unlock+0x160/0x200 [ 192.064725][ T5608] f2fs_sync_dirty_inodes+0x30e/0x830 [ 192.064751][ T5608] f2fs_write_checkpoint+0x9df/0x26a0 [ 192.064766][ T5608] ? __lock_acquire+0x6b5/0x2d10 [ 192.064803][ T5608] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 192.064852][ T5608] kill_f2fs_super+0x314/0x730 [ 192.064871][ T5608] ? __pfx_kill_f2fs_super+0x10/0x10 [ 192.064894][ T5608] ? lockdep_hardirqs_on+0x7a/0x110 [ 192.064918][ T5608] deactivate_locked_super+0xbc/0x130 [ 192.064934][ T5608] cleanup_mnt+0x437/0x4d0 [ 192.064950][ T5608] ? _raw_spin_unlock_irq+0x23/0x50 [ 192.064968][ T5608] task_work_run+0x1d9/0x270 [ 192.064991][ T5608] ? __pfx_task_work_run+0x10/0x10 [ 192.065008][ T5608] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.065021][ T5608] exit_to_user_mode_loop+0xed/0x480 [ 192.065038][ T5608] ? rcu_is_watching+0x15/0xb0 [ 192.065051][ T5608] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.065064][ T5608] do_syscall_64+0x33e/0xf80 [ 192.065080][ T5608] ? trace_irq_disable+0x3b/0x140 [ 192.065096][ T5608] ? clear_bhb_loop+0x40/0x90 [ 192.065111][ T5608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.065123][ T5608] RIP: 0033:0x7f1af60ee017 [ 192.065137][ T5608] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 192.065147][ T5608] RSP: 002b:00007ffd966fac88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 192.065162][ T5608] RAX: 0000000000000000 RBX: 00007f1af6182120 RCX: 00007f1af60ee017 [ 192.065170][ T5608] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd966fad40 [ 192.065177][ T5608] RBP: 00007ffd966fad40 R08: 00007ffd966fbd40 R09: 00000000ffffffff [ 192.065185][ T5608] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd966fbdd0 [ 192.065192][ T5608] R13: 00007f1af6182120 R14: 000000000002ea8d R15: 00007ffd966fbe10 [ 192.065212][ T5608] [ 192.065228][ T5608] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 192.832120][ T5630] Bluetooth: hci1: command 0x2016 tx timeout [ 194.593840][ T6279] loop4: detected capacity change from 0 to 32768 [ 194.678527][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.678652][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.804899][ T6281] loop3: detected capacity change from 0 to 32768 [ 194.911468][ T6279] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 194.971405][ T6281] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 195.005113][ T6279] XFS (loop4): Ending clean mount [ 195.013146][ T6279] XFS (loop4): Quotacheck needed: Please wait. [ 195.167207][ T6281] XFS (loop3): Ending clean mount [ 195.194806][ T6281] XFS (loop3): Quotacheck needed: Please wait. [ 195.532035][ T6279] XFS (loop4): Quotacheck: Done. [ 195.904826][ T6281] XFS (loop3): Quotacheck: Done. [ 196.996936][ T38] audit: type=1800 audit(1777454746.673:3): pid=6310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.99" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=4429 res=0 errno=0 [ 197.083787][ T5611] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 197.249369][ T5608] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 197.310046][ T3360] bridge_slave_1: left allmulticast mode [ 197.310235][ T3360] bridge_slave_1: left promiscuous mode [ 197.337982][ T3360] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.772405][ T3360] bridge_slave_0: left allmulticast mode [ 197.772445][ T3360] bridge_slave_0: left promiscuous mode [ 197.820338][ T3360] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.260815][ T6319] netlink: 20 bytes leftover after parsing attributes in process `syz.3.107'. [ 200.208573][ T6193] udevd[6193]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 200.318749][ T6303] udevd[6303]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 201.233535][ T6333] netlink: 20 bytes leftover after parsing attributes in process `syz.3.111'. [ 201.312488][ T5629] Bluetooth: hci1: command 0x2016 tx timeout [ 202.374201][ T6303] udevd[6303]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 202.758933][ T3360] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.833535][ T3360] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.876226][ T3360] bond0 (unregistering): Released all slaves [ 203.393250][ T5630] Bluetooth: hci1: command 0x2016 tx timeout [ 205.021588][ T6375] netlink: 76 bytes leftover after parsing attributes in process `syz.4.118'. [ 207.677791][ T5275] 8021q: adding VLAN 0 to HW filter on device eth1 [ 209.076599][ T6405] netlink: 20 bytes leftover after parsing attributes in process `syz.3.122'. [ 212.481941][ T5629] Bluetooth: hci1: command 0x2016 tx timeout [ 212.494707][ T5629] Bluetooth: hci2: command 0x2016 tx timeout [ 212.494797][ T5629] Bluetooth: hci3: command 0x0406 tx timeout [ 212.926712][ T5629] Bluetooth: hci0: command 0x0406 tx timeout [ 213.245032][ T6415] netlink: 76 bytes leftover after parsing attributes in process `syz.0.128'. [ 214.340434][ T6303] udevd[6303]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 214.528358][ T6303] udevd[6303]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 214.999279][ T6131] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.999705][ T6131] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.000086][ T6131] bridge_slave_0: entered allmulticast mode [ 215.037545][ T6131] bridge_slave_0: entered promiscuous mode [ 215.462174][ T6439] loop2: detected capacity change from 0 to 32768 [ 215.525857][ T6439] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 215.609287][ T6439] XFS (loop2): Ending clean mount [ 215.644945][ T6439] XFS (loop2): Quotacheck needed: Please wait. [ 215.655901][ T3360] hsr_slave_0: left promiscuous mode [ 215.696181][ T3360] hsr_slave_1: left promiscuous mode [ 215.739840][ T3360] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 215.739937][ T3360] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 215.797916][ T3360] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 215.797948][ T3360] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 216.004492][ T3360] veth1_macvtap: left promiscuous mode [ 216.004803][ T3360] veth0_macvtap: left promiscuous mode [ 216.047747][ T3360] veth1_vlan: left promiscuous mode [ 216.072530][ T3360] veth0_vlan: left promiscuous mode [ 218.937495][ T6439] XFS (loop2): Quotacheck: Done. [ 219.326496][ T5610] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 219.837771][ T6464] loop4: detected capacity change from 0 to 32768 [ 219.924945][ T6464] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 220.895172][ T6464] XFS (loop4): Ending clean mount [ 221.037425][ T6464] XFS (loop4): Quotacheck needed: Please wait. [ 221.134877][ T6482] netlink: 20 bytes leftover after parsing attributes in process `syz.0.143'. [ 221.142572][ T5630] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 221.222663][ T5630] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 221.225309][ T5630] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 221.288750][ T5630] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 221.310587][ T5630] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 224.639117][ T5627] Bluetooth: hci4: command tx timeout [ 225.003416][ T6464] XFS (loop4): Quotacheck: Done. [ 225.143267][ T5611] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 225.234947][ T6176] udevd[6176]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 225.314883][ T6303] udevd[6303]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 226.684607][ T5630] Bluetooth: hci4: command tx timeout [ 228.756283][ T5627] Bluetooth: hci4: command tx timeout [ 228.950911][ T5627] Bluetooth: hci1: command 0x2016 tx timeout [ 230.530000][ T3360] team0 (unregistering): Port device team_slave_1 removed [ 231.296103][ T5630] Bluetooth: hci4: command tx timeout [ 231.296542][ T5630] Bluetooth: hci1: command 0x2016 tx timeout [ 231.483071][ T3360] team0 (unregistering): Port device team_slave_0 removed [ 232.174438][ T6131] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.174780][ T6131] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.175112][ T6131] bridge_slave_1: entered allmulticast mode [ 232.178655][ T6131] bridge_slave_1: entered promiscuous mode [ 232.554464][ T6538] loop4: detected capacity change from 0 to 32768 [ 232.683588][ T6538] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 232.822980][ T6538] XFS (loop4): Ending clean mount [ 232.842032][ T6538] XFS (loop4): Quotacheck needed: Please wait. [ 233.346358][ T6563] netlink: 20 bytes leftover after parsing attributes in process `syz.3.160'. [ 237.512141][ T5627] Bluetooth: hci1: command 0x2016 tx timeout [ 238.361167][ T6538] XFS (loop4): Quotacheck: Done. [ 238.656952][ T5611] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 239.556900][ T5630] Bluetooth: hci1: command 0x2016 tx timeout [ 239.771787][ T6486] udevd[6486]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 244.641727][ T5275] 8021q: adding VLAN 0 to HW filter on device eth2 [ 246.167622][ T6641] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 246.167807][ T6641] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 246.767881][ T6641] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 246.798871][ T6641] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 246.918678][ T6641] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 246.918774][ T6641] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 247.023876][ T6641] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 247.023994][ T6641] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 247.110570][ T6641] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 247.111269][ T6641] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 247.142461][ T3360] bridge_slave_1: left allmulticast mode [ 247.142500][ T3360] bridge_slave_1: left promiscuous mode [ 247.148730][ T3360] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.225303][ T6641] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 247.283387][ T3360] bridge_slave_0: left allmulticast mode [ 247.283415][ T3360] bridge_slave_0: left promiscuous mode [ 247.283696][ T3360] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.854375][ T6681] loop0: detected capacity change from 0 to 32768 [ 247.855559][ T6681] ======================================================= [ 247.855559][ T6681] WARNING: The mand mount option has been deprecated and [ 247.855559][ T6681] and is ignored by this kernel. Remove the mand [ 247.855559][ T6681] option from the mount to silence this warning. [ 247.855559][ T6681] ======================================================= [ 248.100443][ T3360] bond0 (unregistering): Released all slaves [ 248.207746][ T6681] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 248.213469][ T5627] Bluetooth: hci2: command 0x2016 tx timeout [ 248.568873][ T5275] 8021q: adding VLAN 0 to HW filter on device eth3 [ 249.062120][ T38] audit: type=1800 audit(1777454798.503:4): pid=6687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.173" name=".log" dev="loop0" ino=17059 res=0 errno=0 [ 249.179224][ T5630] Bluetooth: hci0: command 0x0406 tx timeout [ 249.179342][ T5630] Bluetooth: hci3: command 0x0406 tx timeout [ 249.179374][ T5630] Bluetooth: hci4: command 0x0c1a tx timeout [ 249.179647][ T5627] Bluetooth: hci1: command 0x2016 tx timeout [ 249.264394][ T5793] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 249.516781][ T5793] usb 3-1: Using ep0 maxpacket: 32 [ 249.565906][ T5793] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 249.565939][ T5793] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.674381][ T5793] usb 3-1: config 0 descriptor?? [ 250.186938][ T5793] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 250.274023][ T5625] Bluetooth: hci2: command 0x2016 tx timeout [ 250.558273][ T5793] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 250.565033][ T5793] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 250.565132][ T5793] usb 3-1: media controller created [ 250.593873][ T5793] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 250.760159][ T5609] ocfs2: Unmounting device (7,0) on (node local) [ 251.065240][ T5793] az6027: usb out operation failed. (-71) [ 251.078821][ T5793] az6027: usb out operation failed. (-71) [ 251.078842][ T5793] stb0899_attach: Driver disabled by Kconfig [ 251.078850][ T5793] az6027: no front-end attached [ 251.078850][ T5793] [ 251.079945][ T5793] az6027: usb out operation failed. (-71) [ 251.079959][ T5793] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 251.258291][ T5625] Bluetooth: hci1: command 0x2016 tx timeout [ 251.258336][ T5625] Bluetooth: hci4: command 0x0c1a tx timeout [ 251.258371][ T5625] Bluetooth: hci3: command 0x0406 tx timeout [ 251.258397][ T5625] Bluetooth: hci0: command 0x0406 tx timeout [ 251.582984][ T5793] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 251.859547][ T6713] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 253.310504][ T5793] dvb-usb: schedule remote query interval to 400 msecs. [ 253.310531][ T5793] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 253.313588][ T5627] Bluetooth: hci4: command 0x0c1a tx timeout [ 253.495774][ T5793] usb 3-1: USB disconnect, device number 2 [ 253.794931][ T6730] loop2: detected capacity change from 0 to 32768 [ 254.137940][ T6730] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 255.416171][ T38] audit: type=1800 audit(1777454804.303:5): pid=6752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.184" name=".log" dev="loop2" ino=17059 res=0 errno=0 [ 255.770451][ T6748] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present [ 255.770819][ T6467] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.771076][ T6467] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.771306][ T6467] bridge_slave_0: entered allmulticast mode [ 255.848697][ T6467] bridge_slave_0: entered promiscuous mode [ 255.958891][ T6467] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.959083][ T6467] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.959296][ T6467] bridge_slave_1: entered allmulticast mode [ 256.020349][ T5793] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 256.098859][ T6467] bridge_slave_1: entered promiscuous mode [ 256.136880][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.136984][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.407630][ T5275] 8021q: adding VLAN 0 to HW filter on device eth4 [ 256.621328][ T6467] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 256.684564][ T6467] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 256.938367][ T5610] ocfs2: Unmounting device (7,2) on (node local) [ 257.159270][ T6467] team0: Port device team_slave_0 added [ 257.263220][ T6467] team0: Port device team_slave_1 added [ 257.450329][ T6770] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present [ 257.841000][ T6467] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.841014][ T6467] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 257.841029][ T6467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.853274][ T6467] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.853315][ T6467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 257.853340][ T6467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 258.510075][ T6467] hsr_slave_0: entered promiscuous mode [ 258.718736][ T6467] hsr_slave_1: entered promiscuous mode [ 258.831167][ T6782] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 259.107195][ T6778] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 259.122011][ T6778] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 259.139547][ T6778] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 259.148858][ T6778] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 259.149152][ T6778] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 260.678052][ T5627] Bluetooth: hci2: command 0x2016 tx timeout [ 261.168316][ T5627] Bluetooth: hci0: command 0x0406 tx timeout [ 261.168359][ T5630] Bluetooth: hci4: command 0x0c1a tx timeout [ 261.168373][ T5627] Bluetooth: hci3: command 0x0406 tx timeout [ 261.169321][ T5625] Bluetooth: hci1: command 0x2016 tx timeout [ 261.984475][ T820] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 262.929901][ T820] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 262.929935][ T820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.929956][ T820] usb 4-1: Product: syz [ 262.929972][ T820] usb 4-1: Manufacturer: syz [ 262.929987][ T820] usb 4-1: SerialNumber: syz [ 263.590296][ T820] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 263.590342][ T820] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 264.951585][ T820] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000118. ret = -EPROTO [ 264.951647][ T820] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 265.108733][ T820] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 265.240375][ T820] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 265.684948][ T820] usb 4-1: USB disconnect, device number 2 [ 265.748768][ T6467] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 265.824022][ T6467] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 265.825648][ T6467] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 265.912657][ T6826] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 265.913024][ T6826] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 265.913341][ T6826] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 265.913644][ T6826] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 265.915447][ T6826] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 266.161897][ T6467] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 266.174654][ T6467] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 266.305126][ T6467] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 266.334162][ T6467] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 266.628160][ T6467] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 266.940086][ T820] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 267.853110][ T820] usb 4-1: Using ep0 maxpacket: 16 [ 267.926714][ T5625] Bluetooth: hci2: command 0x2016 tx timeout [ 267.977820][ T5630] Bluetooth: hci0: command 0x0406 tx timeout [ 267.996849][ T5615] Bluetooth: hci3: command 0x0406 tx timeout [ 268.002591][ T5627] Bluetooth: hci1: command 0x2016 tx timeout [ 268.003711][ T5625] Bluetooth: hci4: command 0x0c1a tx timeout [ 268.229583][ T820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 268.235329][ T820] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 268.235358][ T820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.235377][ T820] usb 4-1: Product: syz [ 268.235389][ T820] usb 4-1: Manufacturer: syz [ 268.235402][ T820] usb 4-1: SerialNumber: syz [ 268.311492][ T820] usb 4-1: config 0 descriptor?? [ 268.380849][ T820] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 268.380887][ T820] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 269.031321][ T820] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 269.553093][ T6467] 8021q: adding VLAN 0 to HW filter on device bond0 [ 269.948773][ T820] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 269.948808][ T820] em28xx 4-1:0.0: board has no eeprom [ 270.882404][ T6467] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.591841][ T6841] em28xx 4-1:0.0: reading from i2c device at 0x482c failed (error=-5) [ 271.880206][ T820] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 271.880250][ T820] em28xx 4-1:0.0: dvb set to bulk mode. [ 272.593119][ T5630] Bluetooth: hci0: command 0x0406 tx timeout [ 273.545429][ T5879] em28xx 4-1:0.0: Binding DVB extension [ 273.643642][ T6033] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.643838][ T6033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 273.860351][ T820] usb 4-1: USB disconnect, device number 3 [ 273.878634][ T1189] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.878819][ T1189] bridge0: port 2(bridge_slave_1) entered forwarding state [ 273.951396][ T820] em28xx 4-1:0.0: Disconnecting em28xx [ 274.672365][ T5630] Bluetooth: hci0: command 0x0406 tx timeout [ 274.719651][ T5879] em28xx 4-1:0.0: Registering input extension [ 274.797362][ T820] em28xx 4-1:0.0: Closing input extension [ 277.389501][ T820] em28xx 4-1:0.0: Freeing device [ 277.983984][ T6936] netlink: 20 bytes leftover after parsing attributes in process `syz.3.232'. [ 282.550648][ T820] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 282.770750][ T820] usb 3-1: Using ep0 maxpacket: 16 [ 282.778865][ T820] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 282.792059][ T820] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 282.792089][ T820] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.792109][ T820] usb 3-1: Product: syz [ 282.792124][ T820] usb 3-1: Manufacturer: syz [ 282.792138][ T820] usb 3-1: SerialNumber: syz [ 282.891348][ T820] usb 3-1: config 0 descriptor?? [ 282.940407][ T820] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 282.940445][ T820] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 283.309127][ T6303] udevd[6303]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 283.626171][ T820] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 283.829560][ T6979] loop4: detected capacity change from 0 to 32768 [ 283.911704][ T5627] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 283.933727][ T5627] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 283.938070][ T5627] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 283.946832][ T5627] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 283.950891][ T5627] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 284.005804][ T6979] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 284.032480][ T5627] Bluetooth: hci1: command 0x2016 tx timeout [ 284.089717][ T6979] XFS (loop4): Ending clean mount [ 284.114027][ T6979] XFS (loop4): Quotacheck needed: Please wait. [ 284.221116][ T820] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 284.221160][ T820] em28xx 3-1:0.0: board has no eeprom [ 284.511516][ T6979] XFS (loop4): Quotacheck: Done. [ 284.612045][ T820] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 284.612079][ T820] em28xx 3-1:0.0: dvb set to bulk mode. [ 285.032212][ T38] audit: type=1800 audit(1777454834.703:6): pid=7004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.243" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=4429 res=0 errno=0 [ 285.125908][ T5879] em28xx 3-1:0.0: Binding DVB extension [ 285.708374][ T6956] em28xx 3-1:0.0: reading from i2c device at 0x482c failed (error=-5) [ 285.781779][ T5611] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 285.890952][ T820] usb 3-1: USB disconnect, device number 3 [ 285.900393][ T820] em28xx 3-1:0.0: Disconnecting em28xx [ 286.113229][ T5630] Bluetooth: hci1: command 0x2016 tx timeout [ 286.188582][ T5879] em28xx 3-1:0.0: Registering input extension [ 286.203876][ T5630] Bluetooth: hci5: command tx timeout [ 286.204870][ T820] em28xx 3-1:0.0: Closing input extension [ 286.696199][ T820] em28xx 3-1:0.0: Freeing device [ 288.272196][ T5630] Bluetooth: hci5: command tx timeout [ 288.849004][ T7050] loop0: detected capacity change from 0 to 32768 [ 288.986592][ T7050] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 289.083510][ T7050] XFS (loop0): Ending clean mount [ 289.088876][ T7050] XFS (loop0): Quotacheck needed: Please wait. [ 289.436936][ T7050] XFS (loop0): Quotacheck: Done. [ 290.526724][ T5630] Bluetooth: hci5: command tx timeout [ 290.626707][ T5609] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 292.618145][ T5630] Bluetooth: hci5: command tx timeout [ 294.398470][ T5736] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 294.594396][ T5736] usb 5-1: Using ep0 maxpacket: 16 [ 294.598038][ T5736] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 294.613267][ T5736] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 294.613299][ T5736] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.613319][ T5736] usb 5-1: Product: syz [ 294.613334][ T5736] usb 5-1: Manufacturer: syz [ 294.613349][ T5736] usb 5-1: SerialNumber: syz [ 294.834623][ T5736] usb 5-1: config 0 descriptor?? [ 294.904999][ T5736] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 294.905038][ T5736] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 295.488813][ T5736] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 295.823661][ T823] bridge_slave_1: left allmulticast mode [ 295.823722][ T823] bridge_slave_1: left promiscuous mode [ 295.824062][ T823] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.978051][ T823] bridge_slave_0: left allmulticast mode [ 295.978089][ T823] bridge_slave_0: left promiscuous mode [ 295.978402][ T823] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.018783][ T5736] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 296.018818][ T5736] em28xx 5-1:0.0: board has no eeprom [ 296.332071][ T5736] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 296.332102][ T5736] em28xx 5-1:0.0: dvb set to bulk mode. [ 296.338006][ T32] em28xx 5-1:0.0: Binding DVB extension [ 296.620305][ T5736] usb 5-1: USB disconnect, device number 2 [ 296.629774][ T32] em28xx 5-1:0.0: Registering input extension [ 296.708715][ T5736] em28xx 5-1:0.0: Disconnecting em28xx [ 296.708746][ T5736] em28xx 5-1:0.0: Closing input extension [ 296.939348][ T7164] overlayfs: missing 'lowerdir' [ 296.947058][ T5736] em28xx 5-1:0.0: Freeing device [ 297.200829][ T5630] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 297.476047][ T5879] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 297.652320][ T5879] usb 3-1: Using ep0 maxpacket: 16 [ 297.698143][ T5879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 297.700900][ T5879] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 297.700931][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.700946][ T5879] usb 3-1: Product: syz [ 297.700955][ T5879] usb 3-1: Manufacturer: syz [ 297.700963][ T5879] usb 3-1: SerialNumber: syz [ 297.786069][ T5879] usb 3-1: config 0 descriptor?? [ 297.814293][ T5879] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 297.814330][ T5879] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 297.856036][ T823] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 297.933161][ T823] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 297.976021][ T823] bond0 (unregistering): Released all slaves [ 298.147174][ T5275] 8021q: adding VLAN 0 to HW filter on device eth5 [ 298.447907][ T5879] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 298.919723][ T5879] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 298.919756][ T5879] em28xx 3-1:0.0: board has no eeprom [ 299.170857][ T823] hsr_slave_0: left promiscuous mode [ 299.202148][ T823] hsr_slave_1: left promiscuous mode [ 299.203605][ T823] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 299.251484][ T823] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 299.330778][ T5879] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 299.330809][ T5879] em28xx 3-1:0.0: dvb set to bulk mode. [ 299.332320][ T820] em28xx 3-1:0.0: Binding DVB extension [ 299.456232][ T5879] usb 3-1: USB disconnect, device number 4 [ 299.497785][ T5879] em28xx 3-1:0.0: Disconnecting em28xx [ 299.514225][ T820] em28xx 3-1:0.0: Registering input extension [ 299.514499][ T5879] em28xx 3-1:0.0: Closing input extension [ 299.597937][ T5879] em28xx 3-1:0.0: Freeing device [ 300.211876][ T7192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.285'. [ 301.456004][ T7192] nbd: socks must be embedded in a SOCK_ITEM attr [ 302.192466][ T5627] Bluetooth: hci2: command 0x2016 tx timeout [ 304.226710][ T6486] udevd[6486]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 304.253756][ T6303] udevd[6303]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 304.272396][ T5625] Bluetooth: hci2: command 0x2016 tx timeout [ 304.988028][ T7200] loop0: detected capacity change from 0 to 32768 [ 305.026550][ T823] team0 (unregistering): Port device team_slave_1 removed [ 305.057800][ T7200] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 305.322293][ T823] team0 (unregistering): Port device team_slave_0 removed [ 305.604561][ T38] audit: type=1800 audit(1777454855.203:7): pid=7204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.287" name=".log" dev="loop0" ino=17059 res=0 errno=0 [ 306.306175][ T6974] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.306464][ T6974] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.306771][ T6974] bridge_slave_0: entered allmulticast mode [ 306.367670][ T6974] bridge_slave_0: entered promiscuous mode [ 306.421302][ T6974] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.432152][ T6974] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.432503][ T6974] bridge_slave_1: entered allmulticast mode [ 306.461859][ T6974] bridge_slave_1: entered promiscuous mode [ 306.813384][ T5609] ocfs2: Unmounting device (7,0) on (node local) [ 306.861817][ T6974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 306.885300][ T6974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 307.508086][ T7218] loop2: detected capacity change from 0 to 32768 [ 307.645620][ T7218] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 307.766785][ T7215] loop3: detected capacity change from 0 to 32768 [ 307.841161][ T7215] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 307.871990][ T7218] XFS (loop2): Ending clean mount [ 307.927227][ T7218] XFS (loop2): Quotacheck needed: Please wait. [ 307.983970][ T7215] XFS (loop3): Ending clean mount [ 307.999076][ T7215] XFS (loop3): Quotacheck needed: Please wait. [ 308.157495][ T6974] team0: Port device team_slave_0 added [ 308.217515][ T6974] team0: Port device team_slave_1 added [ 308.302868][ T6974] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 308.302888][ T6974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 308.302916][ T6974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 308.308275][ T6974] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 308.308292][ T6974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 308.308315][ T6974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 309.220727][ T7218] XFS (loop2): Quotacheck: Done. [ 309.241780][ T7215] XFS (loop3): Quotacheck: Done. [ 310.223593][ T38] audit: type=1800 audit(1777454859.903:8): pid=7248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.293" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=4429 res=0 errno=0 [ 310.223668][ T38] audit: type=1800 audit(1777454859.903:9): pid=7249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.292" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=4429 res=0 errno=0 [ 310.534850][ T5610] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 310.612418][ T6974] hsr_slave_0: entered promiscuous mode [ 310.613994][ T5608] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 310.692065][ T6974] hsr_slave_1: entered promiscuous mode [ 311.713400][ T5879] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 311.988230][ T5879] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 311.988263][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.988283][ T5879] usb 3-1: Product: syz [ 311.988298][ T5879] usb 3-1: Manufacturer: syz [ 311.988311][ T5879] usb 3-1: SerialNumber: syz [ 312.567090][ T5879] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 312.567153][ T5879] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 313.081768][ T820] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 313.252923][ T5275] 8021q: adding VLAN 0 to HW filter on device eth6 [ 313.363486][ T820] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 313.363519][ T820] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.363597][ T820] usb 1-1: Product: syz [ 313.363611][ T820] usb 1-1: Manufacturer: syz [ 313.363626][ T820] usb 1-1: SerialNumber: syz [ 314.244787][ T5879] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000118. ret = -EPROTO [ 314.244855][ T5879] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 314.257760][ T5879] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 314.285753][ T5879] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 314.593771][ T5879] usb 3-1: USB disconnect, device number 5 [ 314.750326][ T820] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 314.750407][ T820] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 315.249301][ T7284] loop3: detected capacity change from 0 to 32768 [ 315.278848][ T7284] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 315.487391][ T7284] XFS (loop3): Ending clean mount [ 315.495302][ T7284] XFS (loop3): Quotacheck needed: Please wait. [ 315.772740][ T820] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000118. ret = -EPROTO [ 315.772806][ T820] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 315.789722][ T820] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 315.847062][ T820] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71 [ 316.081190][ T820] usb 1-1: USB disconnect, device number 2 [ 316.154684][ T7284] XFS (loop3): Quotacheck: Done. [ 317.307833][ T38] audit: type=1800 audit(1777454866.383:10): pid=7307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.306" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=4429 res=0 errno=0 [ 317.423757][ T5608] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 317.568752][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.568879][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.551514][ T7325] bridge0: port 3(netdevsim0) entered blocking state [ 319.553349][ T7325] bridge0: port 3(netdevsim0) entered disabled state [ 319.555732][ T7325] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 319.569626][ T7325] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 319.570934][ T7325] bridge0: port 3(netdevsim0) entered blocking state [ 319.571074][ T7325] bridge0: port 3(netdevsim0) entered forwarding state [ 320.276204][ T7331] loop3: detected capacity change from 0 to 32768 [ 322.828038][ T7331] JBD2: journal reset failed [ 322.828054][ T7331] (syz.3.310,7331,1):ocfs2_journal_load:1162 ERROR: Failed to load journal! [ 322.828101][ T7331] (syz.3.310,7331,1):ocfs2_check_volume:2376 ERROR: ocfs2 journal load failed! -4 [ 323.625258][ T7345] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 324.361535][ T6974] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 324.385023][ T7360] loop0: detected capacity change from 0 to 32768 [ 324.450283][ T7360] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 324.582370][ T6974] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 324.585959][ T6974] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 324.632316][ T7360] XFS (loop0): Ending clean mount [ 324.638135][ T7360] XFS (loop0): Quotacheck needed: Please wait. [ 324.747041][ T6974] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 324.757150][ T6974] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 324.849100][ T6974] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 324.861299][ T6974] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 325.224352][ T6974] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 326.080902][ T7360] XFS (loop0): Quotacheck: Done. [ 326.556994][ T38] audit: type=1800 audit(1777454876.093:11): pid=7405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.319" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=4429 res=0 errno=0 [ 326.669324][ T7406] netlink: 12 bytes leftover after parsing attributes in process `syz.2.326'. [ 327.056579][ T5609] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 327.142639][ T7406] netlink: 12 bytes leftover after parsing attributes in process `syz.2.326'. [ 327.925535][ T6974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.267207][ T5736] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 328.305785][ T6974] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.424739][ T5736] usb 3-1: Using ep0 maxpacket: 16 [ 328.432509][ T3360] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.432800][ T3360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.436219][ T5736] usb 3-1: config 0 has no interfaces? [ 328.491026][ T5736] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 328.491060][ T5736] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.491089][ T5736] usb 3-1: Product: syz [ 328.491103][ T5736] usb 3-1: Manufacturer: syz [ 328.491117][ T5736] usb 3-1: SerialNumber: syz [ 328.599292][ T5736] usb 3-1: config 0 descriptor?? [ 328.690865][ T3337] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.691050][ T3337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.112218][ T32] usb 3-1: USB disconnect, device number 6 [ 331.485193][ T7456] comedi comedi0: Minor 3 could not be opened [ 332.334875][ T32] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 332.494983][ T32] usb 3-1: Using ep0 maxpacket: 16 [ 332.516974][ T32] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 332.521124][ T32] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 332.521157][ T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.521178][ T32] usb 3-1: Product: syz [ 332.521193][ T32] usb 3-1: Manufacturer: syz [ 332.521208][ T32] usb 3-1: SerialNumber: syz [ 332.844762][ T7482] cgroup2: Unknown parameter 'euid' [ 332.849452][ T32] usb 3-1: config 0 descriptor?? [ 333.058486][ T32] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 333.058525][ T32] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 333.236978][ T7485] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.344'. [ 333.541313][ T32] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 333.737992][ T6974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.137323][ T32] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 334.137357][ T32] em28xx 3-1:0.0: board has no eeprom [ 334.453295][ T32] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 334.453328][ T32] em28xx 3-1:0.0: dvb set to bulk mode. [ 334.516936][ T5969] em28xx 3-1:0.0: Binding DVB extension [ 334.632910][ T32] usb 3-1: USB disconnect, device number 7 [ 334.641039][ T32] em28xx 3-1:0.0: Disconnecting em28xx [ 334.688844][ T7521] cgroup2: Unknown parameter 'euid' [ 335.054178][ T5969] em28xx 3-1:0.0: Registering input extension [ 335.059409][ T32] em28xx 3-1:0.0: Closing input extension [ 335.555524][ T7529] comedi comedi0: Minor 2 could not be opened [ 336.457419][ T32] em28xx 3-1:0.0: Freeing device [ 336.965293][ T6974] veth0_vlan: entered promiscuous mode [ 336.982591][ T7552] trusted_key: encrypted_key: master key parameter 'defaul' is invalid [ 337.062082][ T5879] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 337.123405][ T7552] loop3: detected capacity change from 0 to 4096 [ 337.178482][ T6974] veth1_vlan: entered promiscuous mode [ 337.237301][ T5879] usb 5-1: Using ep0 maxpacket: 16 [ 337.241590][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 337.254904][ T5879] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 337.254936][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.254954][ T5879] usb 5-1: Product: syz [ 337.254968][ T5879] usb 5-1: Manufacturer: syz [ 337.254980][ T5879] usb 5-1: SerialNumber: syz [ 337.327851][ T6974] veth0_macvtap: entered promiscuous mode [ 337.370779][ T6974] veth1_macvtap: entered promiscuous mode [ 337.510457][ T6974] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 337.520363][ T5879] usb 5-1: config 0 descriptor?? [ 337.713326][ T5879] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 337.713363][ T5879] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 337.861021][ T6974] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 338.192466][ T5879] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 338.196489][ T3360] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.201133][ T3360] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.202460][ T3360] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.778673][ T7572] comedi comedi0: Minor 2 could not be opened [ 338.947842][ T3360] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.454544][ T5879] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 339.454599][ T5879] em28xx 5-1:0.0: board has no eeprom [ 339.832178][ T5879] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 339.832209][ T5879] em28xx 5-1:0.0: dvb set to bulk mode. [ 340.229691][ T9] em28xx 5-1:0.0: Binding DVB extension [ 340.255265][ T5879] usb 5-1: USB disconnect, device number 3 [ 340.256911][ T5879] em28xx 5-1:0.0: Disconnecting em28xx [ 340.955899][ T9] em28xx 5-1:0.0: Registering input extension [ 340.956200][ T5879] em28xx 5-1:0.0: Closing input extension [ 341.265139][ T7585] loop2: detected capacity change from 0 to 32768 [ 341.388052][ T5879] em28xx 5-1:0.0: Freeing device [ 341.673355][ T7585] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 342.509109][ T6033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 342.509132][ T6033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 342.509313][ T38] audit: type=1800 audit(1777454891.983:12): pid=7594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.367" name=".log" dev="loop2" ino=17059 res=0 errno=0 [ 342.771314][ T5627] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 343.539249][ T7602] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 343.659446][ T5610] ocfs2: Unmounting device (7,2) on (node local) [ 344.047334][ T5625] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 344.117467][ T5625] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 344.146746][ T5625] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 344.148221][ T5625] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 344.149174][ T5625] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 344.256004][ T7608] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 346.035440][ T5879] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 346.049445][ T2281] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.442344][ T7636] loop4: detected capacity change from 0 to 32768 [ 346.456544][ T5625] Bluetooth: hci4: command tx timeout [ 346.532010][ T5879] usb 1-1: Using ep0 maxpacket: 16 [ 346.547623][ T5879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 346.550325][ T5879] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 346.550352][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.550370][ T5879] usb 1-1: Product: syz [ 346.550382][ T5879] usb 1-1: Manufacturer: syz [ 346.550395][ T5879] usb 1-1: SerialNumber: syz [ 346.562017][ T5879] usb 1-1: config 0 descriptor?? [ 346.574723][ T7636] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 346.738004][ T5879] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 346.738052][ T5879] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 346.963935][ T5625] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 346.964158][ T5625] Bluetooth: hci0: Injecting HCI hardware error event [ 346.967663][ T5627] Bluetooth: hci0: hardware error 0x00 [ 347.184147][ T38] audit: type=1800 audit(1777454896.843:13): pid=7642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.381" name=".log" dev="loop4" ino=17059 res=0 errno=0 [ 347.755271][ T5879] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 348.198588][ T5879] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 348.198624][ T5879] em28xx 1-1:0.0: board has no eeprom [ 348.409712][ T5611] ocfs2: Unmounting device (7,4) on (node local) [ 348.513013][ T5625] Bluetooth: hci4: command tx timeout [ 348.554187][ T5879] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 348.554209][ T5879] em28xx 1-1:0.0: dvb set to bulk mode. [ 348.555081][ T5793] em28xx 1-1:0.0: Binding DVB extension [ 348.762144][ T819] usb 1-1: USB disconnect, device number 3 [ 348.765130][ T819] em28xx 1-1:0.0: Disconnecting em28xx [ 349.080221][ T2281] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.278767][ T5793] em28xx 1-1:0.0: Registering input extension [ 349.279026][ T819] em28xx 1-1:0.0: Closing input extension [ 349.718691][ T5627] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 349.765497][ T819] em28xx 1-1:0.0: Freeing device [ 350.409373][ T2281] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.592357][ T5627] Bluetooth: hci4: command tx timeout [ 351.573908][ T2281] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.677988][ T7682] cgroup2: Unknown parameter 'euid' [ 352.874812][ T5627] Bluetooth: hci4: command tx timeout [ 355.483024][ T5627] Bluetooth: hci2: command 0x2016 tx timeout [ 356.872105][ T7709] cgroup2: Unknown parameter 'euid' [ 357.326821][ T7717] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 357.560292][ T5625] Bluetooth: hci2: command 0x2016 tx timeout [ 358.061401][ T7723] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 358.213317][ T7733] comedi comedi0: Minor 3 could not be opened [ 358.833370][ T7740] netlink: 20 bytes leftover after parsing attributes in process `syz.3.409'. [ 361.025046][ T5625] Bluetooth: hci1: command 0x2016 tx timeout [ 362.712894][ T2281] bridge_slave_1: left allmulticast mode [ 362.712933][ T2281] bridge_slave_1: left promiscuous mode [ 362.739178][ T2281] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.903278][ T2281] bridge_slave_0: left allmulticast mode [ 362.903316][ T2281] bridge_slave_0: left promiscuous mode [ 363.002101][ T2281] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.072264][ T5625] Bluetooth: hci1: command 0x2016 tx timeout [ 363.076847][ T6486] udevd[6486]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 363.218440][ T6486] udevd[6486]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 364.354431][ T2281] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 364.413014][ T2281] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 364.434448][ T2281] bond0 (unregistering): Released all slaves [ 364.559913][ T5275] 8021q: adding VLAN 0 to HW filter on device eth5 [ 364.790926][ T7605] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.801669][ T7605] bridge0: port 1(bridge_slave_0) entered disabled state [ 364.803475][ T7605] bridge_slave_0: entered allmulticast mode [ 364.817062][ T7605] bridge_slave_0: entered promiscuous mode [ 364.861317][ T7767] netlink: 52 bytes leftover after parsing attributes in process `syz.0.415'. [ 364.861344][ T7767] nbd: must specify at least one socket [ 365.060562][ T7605] bridge0: port 2(bridge_slave_1) entered blocking state [ 365.060938][ T7605] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.061277][ T7605] bridge_slave_1: entered allmulticast mode [ 365.088358][ T7605] bridge_slave_1: entered promiscuous mode [ 365.328011][ T7605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 365.402133][ T5794] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 365.519238][ T7605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 365.519791][ T7779] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 365.572147][ T5794] usb 5-1: Using ep0 maxpacket: 32 [ 365.575400][ T5794] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 365.575430][ T5794] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.753929][ T5794] usb 5-1: config 0 descriptor?? [ 365.844862][ T7781] loop3: detected capacity change from 0 to 32768 [ 365.971718][ T7781] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 366.002446][ T5794] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 366.077003][ T7781] XFS (loop3): Ending clean mount [ 366.087056][ T7781] XFS (loop3): Quotacheck needed: Please wait. [ 366.151443][ T5794] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 366.171591][ T5794] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 366.171664][ T5794] usb 5-1: media controller created [ 366.218132][ T5794] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 366.907022][ T7605] team0: Port device team_slave_0 added [ 367.040822][ T5794] az6027: usb out operation failed. (-71) [ 367.041268][ T5794] az6027: usb out operation failed. (-71) [ 367.041282][ T5794] stb0899_attach: Driver disabled by Kconfig [ 367.041293][ T5794] az6027: no front-end attached [ 367.041293][ T5794] [ 367.041690][ T5794] az6027: usb out operation failed. (-71) [ 367.041704][ T5794] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 367.065472][ T7605] team0: Port device team_slave_1 added [ 367.188638][ T5794] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input13 [ 367.289994][ T7781] XFS (loop3): Quotacheck: Done. [ 367.893916][ T5794] dvb-usb: schedule remote query interval to 400 msecs. [ 367.893943][ T5794] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 367.902137][ T5794] usb 5-1: USB disconnect, device number 4 [ 367.972955][ T38] audit: type=1800 audit(1777454917.413:14): pid=7812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.421" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=4429 res=0 errno=0 [ 368.411377][ T5608] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 368.755490][ T7605] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 368.755508][ T7605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 368.755536][ T7605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 369.031326][ T7605] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 369.031345][ T7605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 369.031374][ T7605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 369.626246][ T7828] comedi comedi0: Minor 3 could not be opened [ 369.924261][ T2281] hsr_slave_0: left promiscuous mode [ 370.008236][ T2281] hsr_slave_1: left promiscuous mode [ 370.009120][ T2281] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 370.009139][ T2281] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 370.044870][ T2281] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 370.044900][ T2281] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 370.136053][ T5794] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 370.529379][ T2281] veth1_macvtap: left promiscuous mode [ 370.529448][ T2281] veth0_macvtap: left promiscuous mode [ 370.529622][ T2281] veth1_vlan: left promiscuous mode [ 370.529745][ T2281] veth0_vlan: left promiscuous mode [ 372.906390][ T7844] loop2: detected capacity change from 0 to 32768 [ 372.968470][ T7844] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 373.008061][ T7844] XFS (loop2): Ending clean mount [ 373.010934][ T7844] XFS (loop2): Quotacheck needed: Please wait. [ 373.438350][ T7844] XFS (loop2): Quotacheck: Done. [ 373.626861][ T2281] team0 (unregistering): Port device team_slave_1 removed [ 373.664293][ T2281] team0 (unregistering): Port device team_slave_0 removed [ 373.987837][ T38] audit: type=1800 audit(1777454923.583:15): pid=7854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.435" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=4429 res=0 errno=0 [ 374.519141][ T5610] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 374.590802][ T5275] 8021q: adding VLAN 0 to HW filter on device eth6 [ 374.708840][ T7605] hsr_slave_0: entered promiscuous mode [ 374.711303][ T7605] hsr_slave_1: entered promiscuous mode [ 375.435512][ T5794] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 375.604866][ T5794] usb 5-1: Using ep0 maxpacket: 16 [ 375.675260][ T5794] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 375.675290][ T5794] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 375.678732][ T5794] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 375.678764][ T5794] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.678784][ T5794] usb 5-1: Product: syz [ 375.678800][ T5794] usb 5-1: Manufacturer: syz [ 375.678815][ T5794] usb 5-1: SerialNumber: syz [ 376.058165][ T5794] usb 5-1: 0:2 : does not exist [ 376.235066][ T5794] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 376.354102][ T7883] netlink: 40 bytes leftover after parsing attributes in process `syz.0.443'. [ 376.354130][ T7883] nbd: must specify at least one socket [ 377.532676][ T5736] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 377.689061][ T5736] usb 4-1: Using ep0 maxpacket: 16 [ 377.707483][ T5736] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 377.785813][ T5736] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 377.785845][ T5736] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.785863][ T5736] usb 4-1: Product: syz [ 377.785878][ T5736] usb 4-1: Manufacturer: syz [ 377.785891][ T5736] usb 4-1: SerialNumber: syz [ 377.787642][ T7894] kvm: kvm [7893]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x166 [ 378.017566][ T5736] usb 4-1: config 0 descriptor?? [ 378.192258][ T5736] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 378.192295][ T5736] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 378.279756][ T5794] usb 5-1: USB disconnect, device number 5 [ 378.480701][ T5275] 8021q: adding VLAN 0 to HW filter on device eth7 [ 378.710999][ T5736] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 379.011724][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.011860][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.233559][ T7916] netlink: 40 bytes leftover after parsing attributes in process `syz.4.454'. [ 379.233587][ T7916] nbd: must specify at least one socket [ 379.798338][ T5736] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 379.798370][ T5736] em28xx 4-1:0.0: board has no eeprom [ 379.942106][ T5736] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 379.942136][ T5736] em28xx 4-1:0.0: dvb set to bulk mode. [ 379.942194][ T5743] em28xx 4-1:0.0: Binding DVB extension [ 380.239421][ T7920] kvm: kvm [7919]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x166 [ 380.317400][ T5736] usb 4-1: USB disconnect, device number 4 [ 380.319203][ T5736] em28xx 4-1:0.0: Disconnecting em28xx [ 380.391025][ T5743] em28xx 4-1:0.0: Registering input extension [ 380.392023][ T5736] em28xx 4-1:0.0: Closing input extension [ 380.476536][ T6303] udevd[6303]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 380.484267][ T5736] em28xx 4-1:0.0: Freeing device [ 381.202450][ T7933] loop2: detected capacity change from 0 to 32768 [ 381.243681][ T7933] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 381.307189][ T7933] XFS (loop2): Ending clean mount [ 381.312581][ T7933] XFS (loop2): Quotacheck needed: Please wait. [ 381.664501][ T7933] XFS (loop2): Quotacheck: Done. [ 382.512552][ T5610] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 383.794290][ T5743] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 383.952095][ T5743] usb 5-1: Using ep0 maxpacket: 16 [ 383.958527][ T5743] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 383.961662][ T5743] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 383.961690][ T5743] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.961704][ T5743] usb 5-1: Product: syz [ 383.961713][ T5743] usb 5-1: Manufacturer: syz [ 383.961721][ T5743] usb 5-1: SerialNumber: syz [ 384.079588][ T5743] usb 5-1: config 0 descriptor?? [ 384.097073][ T5743] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 384.097098][ T5743] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 384.366736][ T5627] Bluetooth: hci2: unexpected event for opcode 0x1804 [ 384.460049][ T7972] process 'syz.2.467' launched './file0' with NULL argv: empty string added [ 384.469671][ T7972] overlayfs: failed to resolve './file1/file0': -2 [ 385.222168][ T5969] usb 3-1: new low-speed USB device number 8 using dummy_hcd [ 385.252200][ T5743] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 385.458928][ T5969] usb 3-1: No LPM exit latency info found, disabling LPM. [ 385.479569][ T5969] usb 3-1: language id specifier not provided by device, defaulting to English [ 385.515667][ T5969] usb 3-1: New USB device found, idVendor=0582, idProduct=002b, bcdDevice= 0.40 [ 385.515702][ T5969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.835336][ T5743] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 385.835369][ T5743] em28xx 5-1:0.0: board has no eeprom [ 385.952804][ T5743] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 385.952836][ T5743] em28xx 5-1:0.0: dvb set to bulk mode. [ 385.990348][ T37] em28xx 5-1:0.0: Binding DVB extension [ 386.092721][ T5969] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 386.092868][ T5969] usb 3-1: MIDIStreaming interface descriptor not found [ 386.170715][ T5743] usb 5-1: USB disconnect, device number 6 [ 386.196149][ T5743] em28xx 5-1:0.0: Disconnecting em28xx [ 386.443882][ T37] em28xx 5-1:0.0: Registering input extension [ 386.445684][ T5743] em28xx 5-1:0.0: Closing input extension [ 386.610155][ T5743] em28xx 5-1:0.0: Freeing device [ 386.917215][ T7990] comedi comedi0: Minor 3 could not be opened [ 387.819418][ T7997] comedi comedi0: Minor 3 could not be opened [ 388.228226][ T5969] usb 3-1: USB disconnect, device number 8 [ 389.002093][ T5346] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 389.172015][ T5346] usb 4-1: Using ep0 maxpacket: 32 [ 389.261041][ T5346] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 389.261073][ T5346] usb 4-1: config 0 has no interfaces? [ 389.261107][ T5346] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 389.261132][ T5346] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.390381][ T5346] usb 4-1: config 0 descriptor?? [ 389.722212][ T8013] loop0: detected capacity change from 0 to 32768 [ 389.769588][ T8013] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 389.889816][ T5969] usb 3-1: new low-speed USB device number 9 using dummy_hcd [ 389.960728][ T8013] XFS (loop0): Ending clean mount [ 390.015900][ T8013] XFS (loop0): Quotacheck needed: Please wait. [ 390.096690][ T5969] usb 3-1: No LPM exit latency info found, disabling LPM. [ 390.101422][ T5969] usb 3-1: language id specifier not provided by device, defaulting to English [ 390.174770][ T5969] usb 3-1: New USB device found, idVendor=0582, idProduct=002b, bcdDevice= 0.40 [ 390.174807][ T5969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.847879][ T5969] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 390.847966][ T5969] usb 3-1: MIDIStreaming interface descriptor not found [ 391.433412][ T7605] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 391.651714][ T7605] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 391.756219][ T7605] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 391.928130][ T8013] XFS (loop0): Quotacheck: Done. [ 391.987766][ T5969] usb 3-1: USB disconnect, device number 9 [ 392.373364][ T38] audit: type=1800 audit(1777454942.063:16): pid=8047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.477" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=4429 res=0 errno=0 [ 392.938748][ T5609] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 393.072268][ T5743] usb 4-1: USB disconnect, device number 5 [ 393.209382][ T7605] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 393.291091][ T7605] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 393.490388][ T7605] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 393.543283][ T7605] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 393.685414][ T8052] loop3: detected capacity change from 0 to 32768 [ 393.772250][ T8052] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 393.780227][ T7605] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 394.144489][ T8052] XFS (loop3): Ending clean mount [ 394.175802][ T8052] XFS (loop3): Quotacheck needed: Please wait. [ 394.630574][ T8070] loop4: detected capacity change from 0 to 32768 [ 394.785711][ T8070] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 395.185964][ T8070] XFS (loop4): Ending clean mount [ 395.238997][ T8070] XFS (loop4): Quotacheck needed: Please wait. [ 395.446762][ T8052] XFS (loop3): Quotacheck: Done. [ 395.851715][ T7605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 396.080483][ T38] audit: type=1800 audit(1777454945.573:17): pid=8091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.484" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=4429 res=0 errno=0 [ 396.138305][ T7605] 8021q: adding VLAN 0 to HW filter on device team0 [ 396.341849][ T1506] bridge0: port 1(bridge_slave_0) entered blocking state [ 396.367618][ T1506] bridge0: port 1(bridge_slave_0) entered forwarding state [ 396.591288][ T3397] bridge0: port 2(bridge_slave_1) entered blocking state [ 396.641608][ T3397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 396.643399][ T5608] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 396.910338][ T8070] XFS (loop4): Quotacheck: Done. [ 397.663025][ T8104] loop2: detected capacity change from 0 to 32768 [ 397.870921][ T38] audit: type=1800 audit(1777454947.523:18): pid=8108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.485" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=4428 res=0 errno=0 [ 398.224222][ T8104] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 398.326909][ T5611] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 398.404238][ T8104] XFS (loop2): Ending clean mount [ 398.412042][ T8104] XFS (loop2): Quotacheck needed: Please wait. [ 399.051676][ T8119] loop0: detected capacity change from 0 to 32768 [ 399.227491][ T8119] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 399.493705][ T8104] XFS (loop2): Quotacheck: Done. [ 399.514658][ T8119] XFS (loop0): Ending clean mount [ 399.546068][ T8119] XFS (loop0): Quotacheck needed: Please wait. [ 399.959865][ T38] audit: type=1800 audit(1777454949.523:19): pid=8104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.491" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=4429 res=0 errno=0 [ 400.839548][ T8119] XFS (loop0): Quotacheck: Done. [ 401.022509][ T5610] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 402.143169][ T5609] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 403.190874][ T8159] loop4: detected capacity change from 0 to 32768 [ 403.292545][ T8159] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 403.443394][ T8159] XFS (loop4): Ending clean mount [ 403.458613][ T8159] XFS (loop4): Quotacheck needed: Please wait. [ 404.675528][ T8190] loop3: detected capacity change from 0 to 32768 [ 404.698259][ T8159] XFS (loop4): Quotacheck: Done. [ 404.776563][ T5743] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 404.952043][ T5743] usb 1-1: Using ep0 maxpacket: 16 [ 404.954713][ T5743] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 404.954740][ T5743] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 404.957821][ T5743] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 404.957850][ T5743] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.957870][ T5743] usb 1-1: Product: syz [ 404.957885][ T5743] usb 1-1: Manufacturer: syz [ 404.957899][ T5743] usb 1-1: SerialNumber: syz [ 405.372546][ T38] audit: type=1800 audit(1777454954.833:20): pid=8199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.492" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=4429 res=0 errno=0 [ 406.071226][ T8190] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 406.355146][ T5611] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 406.401327][ T5743] usb 1-1: 0:2 : does not exist [ 406.418557][ T8190] XFS (loop3): Ending clean mount [ 406.424831][ T8190] XFS (loop3): Quotacheck needed: Please wait. [ 406.535395][ T5743] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 406.691629][ T5625] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 406.765038][ T5625] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 406.859992][ T5625] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 407.018532][ T5625] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 407.044214][ T5625] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 407.526120][ T8190] XFS (loop3): Quotacheck: Done. [ 407.770430][ T5608] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 408.028449][ T8218] loop0: detected capacity change from 0 to 32768 [ 408.039142][ T5743] usb 1-1: USB disconnect, device number 4 [ 408.225509][ T8218] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 408.321385][ T8218] XFS (loop0): Ending clean mount [ 408.332555][ T8218] XFS (loop0): Quotacheck needed: Please wait. [ 409.363922][ T5625] Bluetooth: hci5: command tx timeout [ 409.454917][ T8218] XFS (loop0): Quotacheck: Done. [ 409.612075][ T8237] loop3: detected capacity change from 0 to 32768 [ 410.425553][ T38] audit: type=1800 audit(1777454959.683:21): pid=8249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.503" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=4429 res=0 errno=0 [ 410.469724][ T8237] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 410.590565][ T8237] XFS (loop3): Ending clean mount [ 410.597321][ T8237] XFS (loop3): Quotacheck needed: Please wait. [ 410.625598][ T8239] netlink: 20 bytes leftover after parsing attributes in process `syz.2.506'. [ 411.520433][ T5627] Bluetooth: hci5: command tx timeout [ 412.387684][ T5609] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 412.709203][ T5627] Bluetooth: hci2: command 0x2016 tx timeout [ 413.314693][ T8237] XFS (loop3): Quotacheck: Done. [ 413.621358][ T5627] Bluetooth: hci5: command tx timeout [ 414.424905][ T5608] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 414.467785][ T6195] udevd[6195]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 414.513595][ T6303] udevd[6303]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 414.835057][ T5625] Bluetooth: hci2: command 0x2016 tx timeout [ 415.481329][ T8259] loop2: detected capacity change from 0 to 32768 [ 415.712088][ T5625] Bluetooth: hci5: command tx timeout [ 415.754996][ T8261] loop0: detected capacity change from 0 to 32768 [ 415.804025][ T8259] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 415.860973][ T8261] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 415.933919][ T8259] XFS (loop2): Ending clean mount [ 415.941460][ T8259] XFS (loop2): Quotacheck needed: Please wait. [ 416.012445][ T8261] XFS (loop0): Ending clean mount [ 416.015370][ T8261] XFS (loop0): Quotacheck needed: Please wait. [ 416.555910][ T8261] XFS (loop0): Quotacheck: Done. [ 416.674423][ T8283] loop3: detected capacity change from 0 to 32768 [ 417.067684][ T38] audit: type=1800 audit(1777454966.713:22): pid=8288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.508" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=4428 res=0 errno=0 [ 417.306040][ T8283] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 417.959617][ T8259] XFS (loop2): Quotacheck: Done. [ 418.430599][ T38] audit: type=1800 audit(1777454967.983:23): pid=8259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.510" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=4429 res=0 errno=0 [ 418.540539][ T38] audit: type=1800 audit(1777454968.223:24): pid=8291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.512" name=".log" dev="loop3" ino=17059 res=0 errno=0 [ 418.684675][ T5610] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 418.878333][ T5609] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 419.478956][ T8293] loop4: detected capacity change from 0 to 32768 [ 419.562619][ T5608] ocfs2: Unmounting device (7,3) on (node local) [ 419.661594][ T8293] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 419.738792][ T8293] XFS (loop4): Ending clean mount [ 419.747009][ T8293] XFS (loop4): Quotacheck needed: Please wait. [ 420.688060][ T8293] XFS (loop4): Quotacheck: Done. [ 420.750492][ T8306] loop2: detected capacity change from 0 to 32768 [ 420.941103][ T8306] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 421.292562][ T38] audit: type=1800 audit(1777454970.813:25): pid=8321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.516" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=4429 res=0 errno=0 [ 421.320478][ T8306] XFS (loop2): Ending clean mount [ 421.329026][ T8306] XFS (loop2): Quotacheck needed: Please wait. [ 421.970531][ T5611] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 422.129700][ T8329] trusted_key: encrypted_key: master key parameter 'defaul' is invalid [ 422.455644][ T8306] XFS (loop2): Quotacheck: Done. [ 422.497357][ T8329] loop0: detected capacity change from 0 to 4096 [ 422.873536][ T38] audit: type=1800 audit(1777454972.563:26): pid=8332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.517" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=4429 res=0 errno=0 [ 423.665631][ T5610] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 424.669062][ T8346] loop0: detected capacity change from 0 to 32768 [ 424.826037][ T8346] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 425.339113][ T8354] loop4: detected capacity change from 0 to 32768 [ 425.741821][ T8354] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 425.839596][ T8354] XFS (loop4): Ending clean mount [ 425.849108][ T8354] XFS (loop4): Quotacheck needed: Please wait. [ 426.276960][ T8208] bridge0: port 1(bridge_slave_0) entered blocking state [ 426.277306][ T8208] bridge0: port 1(bridge_slave_0) entered disabled state [ 426.277764][ T8208] bridge_slave_0: entered allmulticast mode [ 426.339945][ T38] audit: type=1800 audit(1777454976.023:27): pid=8369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.525" name=".log" dev="loop0" ino=17059 res=0 errno=0 [ 426.411281][ T8208] bridge_slave_0: entered promiscuous mode [ 426.515246][ T8208] bridge0: port 2(bridge_slave_1) entered blocking state [ 426.515627][ T8208] bridge0: port 2(bridge_slave_1) entered disabled state [ 426.515959][ T8208] bridge_slave_1: entered allmulticast mode [ 426.559487][ T8208] bridge_slave_1: entered promiscuous mode [ 426.788913][ T8208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 427.247818][ T8208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 427.370391][ T8354] XFS (loop4): Quotacheck: Done. [ 427.774627][ T8374] loop2: detected capacity change from 0 to 32768 [ 428.112383][ T38] audit: type=1800 audit(1777454977.563:28): pid=8378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.527" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=4429 res=0 errno=0 [ 428.429053][ T8374] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 428.537942][ T8374] XFS (loop2): Ending clean mount [ 428.542180][ T8374] XFS (loop2): Quotacheck needed: Please wait. [ 428.715728][ T7991] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 428.785441][ T5609] ocfs2: Unmounting device (7,0) on (node local) [ 428.821238][ T5611] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 428.892837][ T7991] usb 4-1: Using ep0 maxpacket: 16 [ 428.895479][ T7991] usb 4-1: config 1 has an invalid descriptor of length 121, skipping remainder of the config [ 428.895507][ T7991] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 428.898387][ T7991] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 428.898418][ T7991] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 428.898438][ T7991] usb 4-1: Product: syz [ 428.898450][ T7991] usb 4-1: Manufacturer: syz [ 428.898459][ T7991] usb 4-1: SerialNumber: syz [ 429.281365][ T7991] usb 4-1: 0:2 : does not exist [ 429.289970][ T7991] usb 4-1: unit 8 not found! [ 429.828010][ T8374] XFS (loop2): Quotacheck: Done. [ 429.877300][ T8208] team0: Port device team_slave_0 added [ 429.900515][ T5275] 8021q: adding VLAN 0 to HW filter on device eth5 [ 429.940516][ T7991] usb 4-1: USB disconnect, device number 6 [ 430.386574][ T8400] loop0: detected capacity change from 0 to 32768 [ 430.566056][ T38] audit: type=1800 audit(1777454980.183:29): pid=8402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.529" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=4429 res=0 errno=0 [ 431.012400][ T8400] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 431.051724][ T5610] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 431.081164][ T2281] bridge_slave_1: left allmulticast mode [ 431.081204][ T2281] bridge_slave_1: left promiscuous mode [ 431.081512][ T2281] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.399490][ T8409] loop4: detected capacity change from 0 to 32768 [ 431.518161][ T8400] XFS (loop0): Ending clean mount [ 431.526689][ T8409] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 431.529495][ T2281] bridge_slave_0: left allmulticast mode [ 431.529574][ T2281] bridge_slave_0: left promiscuous mode [ 431.529851][ T2281] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.565871][ T8400] XFS (loop0): Quotacheck needed: Please wait. [ 431.593551][ T8409] XFS (loop4): Ending clean mount [ 431.610246][ T8409] XFS (loop4): Quotacheck needed: Please wait. [ 431.800981][ T6303] udevd[6303]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 432.294234][ T8400] XFS (loop0): Quotacheck: Done. [ 432.460127][ T8409] XFS (loop4): Quotacheck: Done. [ 433.521049][ T38] audit: type=1800 audit(1777454983.203:30): pid=8426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.532" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=4429 res=0 errno=0 [ 433.521124][ T38] audit: type=1800 audit(1777454983.203:31): pid=8424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.530" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=4429 res=0 errno=0 [ 433.919572][ T5611] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 433.956101][ T5609] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 435.102948][ T2281] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 435.253040][ T2281] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 435.285786][ T2281] bond0 (unregistering): Released all slaves [ 435.366222][ T8208] team0: Port device team_slave_1 added [ 435.654484][ T8208] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 435.654502][ T8208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 435.654531][ T8208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 435.745435][ T8208] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 435.745448][ T8208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 435.745463][ T8208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 435.964067][ T5879] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 436.132051][ T5879] usb 3-1: Using ep0 maxpacket: 16 [ 436.134769][ T5879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 436.138219][ T5879] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 436.138258][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.138278][ T5879] usb 3-1: Product: syz [ 436.138293][ T5879] usb 3-1: Manufacturer: syz [ 436.138308][ T5879] usb 3-1: SerialNumber: syz [ 436.297227][ T8445] loop0: detected capacity change from 0 to 32768 [ 436.313641][ T5879] usb 3-1: config 0 descriptor?? [ 436.339883][ T5879] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 436.339908][ T5879] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 436.354467][ T8445] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 436.412144][ T2281] hsr_slave_0: left promiscuous mode [ 436.464681][ T8445] XFS (loop0): Ending clean mount [ 436.473608][ T8445] XFS (loop0): Quotacheck needed: Please wait. [ 436.482201][ T2281] hsr_slave_1: left promiscuous mode [ 436.485667][ T2281] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 436.541779][ T2281] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 436.979994][ T8445] XFS (loop0): Quotacheck: Done. [ 436.990043][ T5879] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 437.310194][ T38] audit: type=1800 audit(1777454987.003:32): pid=8454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.541" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=4429 res=0 errno=0 [ 437.425029][ T5879] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 437.425063][ T5879] em28xx 3-1:0.0: board has no eeprom [ 437.654130][ T5609] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 437.732097][ T5879] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 437.732128][ T5879] em28xx 3-1:0.0: dvb set to bulk mode. [ 437.732523][ T9] em28xx 3-1:0.0: Binding DVB extension [ 437.932685][ T9] em28xx 3-1:0.0: Registering input extension [ 438.054603][ T5879] usb 3-1: USB disconnect, device number 10 [ 438.110754][ T5879] em28xx 3-1:0.0: Disconnecting em28xx [ 438.110787][ T5879] em28xx 3-1:0.0: Closing input extension [ 438.627923][ T5969] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 438.755089][ T5879] em28xx 3-1:0.0: Freeing device [ 438.827450][ T5969] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 438.827483][ T5969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.827504][ T5969] usb 1-1: Product: syz [ 438.827518][ T5969] usb 1-1: Manufacturer: syz [ 438.827532][ T5969] usb 1-1: SerialNumber: syz [ 439.103621][ T5969] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 439.103660][ T5969] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -32 [ 439.103672][ T5969] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 439.202622][ T5969] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -32 [ 439.205699][ T2281] team0 (unregistering): Port device team_slave_1 removed [ 439.393484][ T2281] team0 (unregistering): Port device team_slave_0 removed [ 440.216854][ T8208] hsr_slave_0: entered promiscuous mode [ 440.234987][ T8208] hsr_slave_1: entered promiscuous mode [ 440.476371][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.476447][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.486230][ T5879] usb 1-1: USB disconnect, device number 5 [ 442.231633][ T8501] trusted_key: encrypted_key: master key parameter 'defaul' is invalid [ 442.520243][ T8501] loop4: detected capacity change from 0 to 4096 [ 444.118926][ T5275] 8021q: adding VLAN 0 to HW filter on device eth6 [ 446.074170][ T8544] loop0: detected capacity change from 0 to 32768 [ 446.303833][ T8544] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 446.363351][ T8544] XFS (loop0): Ending clean mount [ 446.380298][ T8544] XFS (loop0): Quotacheck needed: Please wait. [ 446.698254][ T8558] loop2: detected capacity change from 0 to 32768 [ 446.791766][ T8544] XFS (loop0): Quotacheck: Done. [ 447.038062][ T8558] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 447.093049][ T8558] XFS (loop2): Ending clean mount [ 447.102630][ T8558] XFS (loop2): Quotacheck needed: Please wait. [ 447.216028][ T38] audit: type=1800 audit(1777454996.913:33): pid=8569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.562" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=4429 res=0 errno=0 [ 447.883699][ T8577] loop3: detected capacity change from 0 to 32768 [ 448.047423][ T8577] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 448.203234][ T8558] XFS (loop2): Quotacheck: Done. [ 448.280130][ T8577] XFS (loop3): Ending clean mount [ 448.288748][ T8577] XFS (loop3): Quotacheck needed: Please wait. [ 449.146954][ T8590] loop4: detected capacity change from 0 to 4096 [ 449.252347][ T8577] XFS (loop3): Quotacheck: Done. [ 449.435789][ T38] audit: type=1800 audit(1777454999.133:34): pid=8593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.563" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=4429 res=0 errno=0 [ 449.781696][ T38] audit: type=1800 audit(1777454999.463:35): pid=8597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.564" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=4429 res=0 errno=0 [ 450.724048][ T5608] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 450.867203][ T5609] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 451.150880][ T8602] loop4: detected capacity change from 0 to 32768 [ 451.210169][ T8602] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 452.790523][ T38] audit: type=1800 audit(1777455001.753:36): pid=8609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.568" name=".log" dev="loop4" ino=17059 res=0 errno=0 [ 455.043120][ T5611] ocfs2: Unmounting device (7,4) on (node local) [ 456.555140][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 456.735927][ T8638] loop0: detected capacity change from 0 to 512 [ 456.793327][ T8638] EXT4-fs: Ignoring removed nomblk_io_submit option [ 456.805964][ T9] usb 4-1: config index 0 descriptor too short (expected 65088, got 120) [ 456.805994][ T9] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 456.806012][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 456.806058][ T9] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 456.850099][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 456.850145][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.850164][ T9] usb 4-1: Product: syz [ 456.850177][ T9] usb 4-1: Manufacturer: syz [ 456.850191][ T9] usb 4-1: SerialNumber: syz [ 456.932233][ T5610] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 457.030354][ T9] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 457.030403][ T9] cdc_ncm 4-1:1.0: bind() failure [ 457.356715][ T5743] usb 4-1: USB disconnect, device number 7 [ 457.611250][ T8638] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 457.611295][ T8638] EXT4-fs error (device loop0): ext4_orphan_get:1423: comm syz.0.574: bad orphan inode 1048591 [ 457.611497][ T8638] loop0: lost filesystem error report for type 5 error -117 [ 457.623793][ C0] EXT4-fs (loop0): initial error at time 1777455007: ext4_orphan_get:1423 [ 457.623830][ C0] EXT4-fs (loop0): last error at time 1777455007: ext4_orphan_get:1423 [ 457.682920][ T8208] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 457.729773][ T8638] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 457.831542][ T8208] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 457.920300][ T8208] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 458.089043][ T8208] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 458.090535][ T8208] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 458.286147][ T5609] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 458.297721][ T8208] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 458.310671][ T8208] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 458.572362][ T8208] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 459.819733][ T8695] loop0: detected capacity change from 0 to 256 [ 459.821144][ T8695] exfat: Deprecated parameter 'utf8' [ 459.821237][ T8695] exfat: Deprecated parameter 'utf8' [ 460.228507][ T8701] netlink: 'syz.3.589': attribute type 21 has an invalid length. [ 460.526096][ T8695] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xffade8b4, utbl_chksum : 0xe619d30d) [ 461.220443][ T8713] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿ' [ 462.249477][ T8208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 462.695964][ T8208] 8021q: adding VLAN 0 to HW filter on device team0 [ 462.750331][ T3356] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.762902][ T3356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.878929][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.879134][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 464.258106][ T8208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 464.718596][ T8726] loop2: detected capacity change from 0 to 131072 [ 464.950487][ T8726] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 464.975141][ T8726] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 466.347273][ T38] audit: type=1804 audit(1777455015.343:37): pid=8752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.592" name="/newroot/141/file1/bus" dev="loop2" ino=10 res=1 errno=0 [ 468.199951][ T8753] F2FS-fs (loop2): access invalid blkaddr:0 [ 468.199988][ T8753] CPU: 1 UID: 0 PID: 8753 Comm: syz.2.592 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 468.200015][ T8753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 468.200114][ T8753] Call Trace: [ 468.200123][ T8753] [ 468.200134][ T8753] dump_stack_lvl+0xe8/0x150 [ 468.200171][ T8753] __f2fs_is_valid_blkaddr+0xe52/0x14f0 [ 468.200199][ T8753] ? make_kprojid+0x1dd/0x6d0 [ 468.200234][ T8753] sanity_check_extent_cache+0x1a3/0x620 [ 468.200264][ T8753] ? f2fs_sanity_check_inline_data+0x75/0x780 [ 468.200298][ T8753] ? set_nlink+0x5f/0x170 [ 468.200323][ T8753] f2fs_iget+0x3cbd/0x5a50 [ 468.200394][ T8753] f2fs_lookup+0x3ff/0x9c0 [ 468.200427][ T8753] ? irqentry_exit+0x218/0x730 [ 468.200461][ T8753] ? irqentry_exit+0x218/0x730 [ 468.200488][ T8753] ? rcu_is_watching+0x15/0xb0 [ 468.200511][ T8753] ? __pfx_f2fs_lookup+0x10/0x10 [ 468.200569][ T8753] path_openat+0x11cb/0x38a0 [ 468.200638][ T8753] ? __pfx_path_openat+0x10/0x10 [ 468.200687][ T8753] ? do_raw_spin_lock+0x12b/0x2f0 [ 468.200725][ T8753] do_file_open+0x23e/0x4a0 [ 468.200753][ T8753] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 468.200789][ T8753] ? __pfx_do_file_open+0x10/0x10 [ 468.200811][ T8753] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 468.200862][ T8753] ? alloc_fd+0x64e/0x6c0 [ 468.200897][ T8753] do_sys_openat2+0x113/0x200 [ 468.200921][ T8753] ? irqentry_exit+0x218/0x730 [ 468.200951][ T8753] ? __pfx_do_sys_openat2+0x10/0x10 [ 468.200981][ T8753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.201010][ T8753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.201044][ T8753] __x64_sys_open+0x11e/0x150 [ 468.201073][ T8753] do_syscall_64+0x15f/0xf80 [ 468.201105][ T8753] ? clear_bhb_loop+0x40/0x90 [ 468.201133][ T8753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.201156][ T8753] RIP: 0033:0x7fae629dcdd9 [ 468.201179][ T8753] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 468.201198][ T8753] RSP: 002b:00007fae607d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 468.201222][ T8753] RAX: ffffffffffffffda RBX: 00007fae62c56270 RCX: 00007fae629dcdd9 [ 468.201238][ T8753] RDX: 0000000000000002 RSI: 0000000000060840 RDI: 00002000009e1000 [ 468.201252][ T8753] RBP: 00007fae62a72d69 R08: 0000000000000000 R09: 0000000000000000 [ 468.201266][ T8753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.201278][ T8753] R13: 00007fae62c56308 R14: 00007fae62c56270 R15: 00007fff9d3e2e08 [ 468.201312][ T8753] [ 468.204141][ T8753] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 468.244514][ T8754] F2FS-fs (loop2): access invalid blkaddr:0 [ 468.244546][ T8754] CPU: 1 UID: 0 PID: 8754 Comm: syz.2.592 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 468.244569][ T8754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 468.244582][ T8754] Call Trace: [ 468.244591][ T8754] [ 468.244600][ T8754] dump_stack_lvl+0xe8/0x150 [ 468.244634][ T8754] __f2fs_is_valid_blkaddr+0xe52/0x14f0 [ 468.244661][ T8754] ? make_kprojid+0x1dd/0x6d0 [ 468.244690][ T8754] sanity_check_extent_cache+0x1a3/0x620 [ 468.244716][ T8754] ? f2fs_sanity_check_inline_data+0x75/0x780 [ 468.244746][ T8754] ? set_nlink+0x5f/0x170 [ 468.244767][ T8754] f2fs_iget+0x3cbd/0x5a50 [ 468.244827][ T8754] f2fs_lookup+0x3ff/0x9c0 [ 468.244862][ T8754] ? __pfx_f2fs_lookup+0x10/0x10 [ 468.244891][ T8754] ? __pfx_d_alloc_parallel+0x10/0x10 [ 468.244914][ T8754] ? rt_mutex_slowunlock+0x61e/0x8b0 [ 468.244948][ T8754] ? __rt_spin_lock_init+0x3e/0x50 [ 468.244974][ T8754] ? __init_waitqueue_head+0xae/0x160 [ 468.245005][ T8754] __lookup_slow+0x2d2/0x440 [ 468.245040][ T8754] ? __pfx___lookup_slow+0x10/0x10 [ 468.245060][ T8754] ? __rwbase_read_lock+0x126/0x180 [ 468.245101][ T8754] ? down_read+0x132/0x200 [ 468.245128][ T8754] ? __pfx_down_read+0x10/0x10 [ 468.245157][ T8754] ? lookup_fast+0x1a3/0x5b0 [ 468.245184][ T8754] lookup_slow+0x53/0x70 [ 468.245208][ T8754] path_lookupat+0x3f5/0x8c0 [ 468.245245][ T8754] filename_lookup+0x256/0x5d0 [ 468.245272][ T8754] ? __pfx_filename_lookup+0x10/0x10 [ 468.245319][ T8754] ? strncpy_from_user+0x150/0x2b0 [ 468.245353][ T8754] ? do_getname+0x151/0x250 [ 468.245385][ T8754] user_path_at+0x40/0x160 [ 468.245410][ T8754] __se_sys_mount+0x2dc/0x420 [ 468.245437][ T8754] ? __pfx___se_sys_mount+0x10/0x10 [ 468.245455][ T8754] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.245481][ T8754] ? __x64_sys_mount+0x20/0xc0 [ 468.245500][ T8754] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.245520][ T8754] do_syscall_64+0x15f/0xf80 [ 468.245547][ T8754] ? clear_bhb_loop+0x40/0x90 [ 468.245579][ T8754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.245599][ T8754] RIP: 0033:0x7fae629dcdd9 [ 468.245619][ T8754] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 468.245641][ T8754] RSP: 002b:00007fae603ae028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 468.245663][ T8754] RAX: ffffffffffffffda RBX: 00007fae62c56360 RCX: 00007fae629dcdd9 [ 468.245678][ T8754] RDX: 0000200000000040 RSI: 00002000000001c0 RDI: 0000000000000000 [ 468.245691][ T8754] RBP: 00007fae62a72d69 R08: 0000200000000080 R09: 0000000000000000 [ 468.245704][ T8754] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000 [ 468.245716][ T8754] R13: 00007fae62c563f8 R14: 00007fae62c56360 R15: 00007fff9d3e2e08 [ 468.245749][ T8754] [ 468.246912][ T8754] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 468.265470][ T8756] F2FS-fs (loop2): access invalid blkaddr:0 [ 468.265509][ T8756] CPU: 1 UID: 0 PID: 8756 Comm: syz.2.592 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 468.265536][ T8756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 468.265548][ T8756] Call Trace: [ 468.265558][ T8756] [ 468.265568][ T8756] dump_stack_lvl+0xe8/0x150 [ 468.265605][ T8756] __f2fs_is_valid_blkaddr+0xe52/0x14f0 [ 468.265634][ T8756] ? make_kprojid+0x1dd/0x6d0 [ 468.265670][ T8756] sanity_check_extent_cache+0x1a3/0x620 [ 468.265709][ T8756] f2fs_iget+0x3cbd/0x5a50 [ 468.265781][ T8756] f2fs_lookup+0x3ff/0x9c0 [ 468.265823][ T8756] ? __pfx_f2fs_lookup+0x10/0x10 [ 468.265860][ T8756] ? __pfx_d_alloc_parallel+0x10/0x10 [ 468.265888][ T8756] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 468.265930][ T8756] ? __rt_spin_lock_init+0x3e/0x50 [ 468.265960][ T8756] ? __init_waitqueue_head+0xae/0x160 [ 468.266011][ T8756] __lookup_slow+0x2d2/0x440 [ 468.266042][ T8756] ? __pfx___lookup_slow+0x10/0x10 [ 468.266065][ T8756] ? __rwbase_read_lock+0x126/0x180 [ 468.266113][ T8756] ? down_read+0x132/0x200 [ 468.266142][ T8756] ? __pfx_down_read+0x10/0x10 [ 468.266173][ T8756] ? lookup_fast+0x1a3/0x5b0 [ 468.266196][ T8756] lookup_slow+0x53/0x70 [ 468.266216][ T8756] path_lookupat+0x3f5/0x8c0 [ 468.266248][ T8756] filename_lookup+0x256/0x5d0 [ 468.266270][ T8756] ? __pfx_filename_lookup+0x10/0x10 [ 468.266309][ T8756] ? strncpy_from_user+0x150/0x2b0 [ 468.266339][ T8756] ? do_getname+0x151/0x250 [ 468.266367][ T8756] do_fchmodat+0xe4/0x230 [ 468.266386][ T8756] ? kfree+0x4d/0x6c0 [ 468.266405][ T8756] ? __pfx_do_fchmodat+0x10/0x10 [ 468.266426][ T8756] ? __pfx_kcov_ioctl+0x10/0x10 [ 468.266450][ T8756] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.266468][ T8756] __x64_sys_chmod+0x62/0x70 [ 468.266494][ T8756] do_syscall_64+0x15f/0xf80 [ 468.266516][ T8756] ? trace_irq_disable+0x3b/0x140 [ 468.266538][ T8756] ? clear_bhb_loop+0x40/0x90 [ 468.266559][ T8756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.266576][ T8756] RIP: 0033:0x7fae629dcdd9 [ 468.266593][ T8756] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 468.266608][ T8756] RSP: 002b:00007fae5fb68028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 468.266627][ T8756] RAX: ffffffffffffffda RBX: 00007fae62c56540 RCX: 00007fae629dcdd9 [ 468.266640][ T8756] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000200000000000 [ 468.266650][ T8756] RBP: 00007fae62a72d69 R08: 0000000000000000 R09: 0000000000000000 [ 468.266661][ T8756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.266671][ T8756] R13: 00007fae62c565d8 R14: 00007fae62c56540 R15: 00007fff9d3e2e08 [ 468.266698][ T8756] [ 468.266744][ T8756] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 468.323112][ T8755] F2FS-fs (loop2): access invalid blkaddr:0 [ 468.323174][ T8755] CPU: 1 UID: 0 PID: 8755 Comm: syz.2.592 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 468.323202][ T8755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 468.323215][ T8755] Call Trace: [ 468.323225][ T8755] [ 468.323235][ T8755] dump_stack_lvl+0xe8/0x150 [ 468.323272][ T8755] __f2fs_is_valid_blkaddr+0xe52/0x14f0 [ 468.323317][ T8755] ? make_kprojid+0x1dd/0x6d0 [ 468.323353][ T8755] sanity_check_extent_cache+0x1a3/0x620 [ 468.323383][ T8755] ? f2fs_sanity_check_inline_data+0x75/0x780 [ 468.323425][ T8755] f2fs_iget+0x3cbd/0x5a50 [ 468.323492][ T8755] f2fs_lookup+0x3ff/0x9c0 [ 468.323524][ T8755] ? __pfx_f2fs_lookup+0x10/0x10 [ 468.323551][ T8755] ? __pfx_d_alloc_parallel+0x10/0x10 [ 468.323571][ T8755] ? rt_mutex_slowunlock+0x61e/0x8b0 [ 468.323601][ T8755] ? __rt_spin_lock_init+0x3e/0x50 [ 468.323623][ T8755] ? __init_waitqueue_head+0xae/0x160 [ 468.323651][ T8755] __lookup_slow+0x2d2/0x440 [ 468.323673][ T8755] ? __pfx___lookup_slow+0x10/0x10 [ 468.323689][ T8755] ? __rwbase_read_lock+0x126/0x180 [ 468.323725][ T8755] ? down_read+0x132/0x200 [ 468.323748][ T8755] ? __pfx_down_read+0x10/0x10 [ 468.323774][ T8755] ? lookup_fast+0x1a3/0x5b0 [ 468.323799][ T8755] lookup_slow+0x53/0x70 [ 468.323818][ T8755] path_lookupat+0x3f5/0x8c0 [ 468.323850][ T8755] filename_lookup+0x256/0x5d0 [ 468.323873][ T8755] ? __pfx_filename_lookup+0x10/0x10 [ 468.323912][ T8755] ? strncpy_from_user+0x150/0x2b0 [ 468.323942][ T8755] ? do_getname+0x151/0x250 [ 468.323970][ T8755] do_fchmodat+0xe4/0x230 [ 468.323988][ T8755] ? kfree+0x4d/0x6c0 [ 468.324008][ T8755] ? __pfx_do_fchmodat+0x10/0x10 [ 468.324024][ T8755] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 468.324050][ T8755] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.324068][ T8755] __x64_sys_chmod+0x62/0x70 [ 468.324095][ T8755] do_syscall_64+0x15f/0xf80 [ 468.324118][ T8755] ? clear_bhb_loop+0x40/0x90 [ 468.324139][ T8755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.324156][ T8755] RIP: 0033:0x7fae629dcdd9 [ 468.324173][ T8755] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 468.324188][ T8755] RSP: 002b:00007fae5ff8b028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 468.324208][ T8755] RAX: ffffffffffffffda RBX: 00007fae62c56450 RCX: 00007fae629dcdd9 [ 468.324220][ T8755] RDX: 0000000000000000 RSI: 00000000000003dc RDI: 0000200000000100 [ 468.324231][ T8755] RBP: 00007fae62a72d69 R08: 0000000000000000 R09: 0000000000000000 [ 468.324241][ T8755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.324251][ T8755] R13: 00007fae62c564e8 R14: 00007fae62c56450 R15: 00007fff9d3e2e08 [ 468.324278][ T8755] [ 468.324366][ T8755] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 469.608584][ T8758] netlink: 8 bytes leftover after parsing attributes in process `syz.3.594'. [ 469.656097][ T5743] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 469.993151][ T8761] loop0: detected capacity change from 0 to 16 [ 471.094031][ T5627] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 471.148231][ T5627] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 471.166241][ T5627] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 471.176497][ T5627] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 471.211683][ T5627] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 471.418135][ T8761] erofs (device loop0): mounted with root inode @ nid 36. [ 471.739265][ T8761] erofs (device loop0): invalid de[0].nameoff 0 @ nid 36 [ 472.972155][ T5969] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 473.271953][ T5969] usb 5-1: Using ep0 maxpacket: 32 [ 473.274341][ T5969] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 473.274372][ T5969] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 473.276726][ T5969] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 473.276756][ T5969] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 473.276777][ T5969] usb 5-1: Product: syz [ 473.276791][ T5969] usb 5-1: Manufacturer: syz [ 473.359977][ T5969] hub 5-1:4.0: USB hub found [ 473.552338][ T5625] Bluetooth: hci4: command tx timeout [ 473.579542][ T5969] hub 5-1:4.0: config failed, hub has too many ports! (err -19) [ 473.903811][ T5879] usb 5-1: USB disconnect, device number 7 [ 475.480324][ T6038] af_packet: tpacket_rcv: packet too big, clamped from 66 to 4294967286. macoff=82 [ 475.660333][ T5625] Bluetooth: hci4: command tx timeout [ 476.757316][ T38] audit: type=1326 audit(1777455026.453:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8811 comm="syz.2.606" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fae629dcdd9 code=0x0 [ 477.735693][ T5625] Bluetooth: hci4: command tx timeout [ 479.792894][ T5625] Bluetooth: hci4: command tx timeout [ 488.073002][ T5627] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 488.110935][ T5627] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 488.121649][ T5627] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 488.179891][ T5627] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 488.301211][ T5627] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 489.689680][ T5627] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 489.751554][ T5627] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 489.756817][ T5627] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 489.807075][ T5627] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 489.808122][ T5627] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 490.434001][ T5625] Bluetooth: hci5: command tx timeout [ 490.625852][ T5627] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 490.760092][ T5627] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 490.761476][ T5627] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 490.792507][ T5627] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 490.819813][ T5627] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 491.158702][ T8795] netlink: 'syz.3.602': attribute type 3 has an invalid length. [ 491.159711][ T8795] netlink: 'syz.3.602': attribute type 3 has an invalid length. [ 492.112407][ T5627] Bluetooth: hci6: command tx timeout [ 492.518159][ T5627] Bluetooth: hci5: command tx timeout [ 492.692586][ T8849] capability: warning: `syz.2.612' uses deprecated v2 capabilities in a way that may be insecure [ 493.072116][ T5627] Bluetooth: hci7: command tx timeout [ 494.199334][ T5627] Bluetooth: hci6: command tx timeout [ 494.592082][ T5627] Bluetooth: hci5: command tx timeout [ 495.152293][ T5627] Bluetooth: hci7: command tx timeout [ 495.602442][ T3397] bridge_slave_1: left allmulticast mode [ 495.602485][ T3397] bridge_slave_1: left promiscuous mode [ 495.602799][ T3397] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.704140][ T3397] bridge_slave_0: left allmulticast mode [ 495.704182][ T3397] bridge_slave_0: left promiscuous mode [ 495.704485][ T3397] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.292014][ T5627] Bluetooth: hci6: command tx timeout [ 496.482697][ T3397] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 496.543412][ T3397] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 496.564518][ T3397] bond0 (unregistering): Released all slaves [ 496.672153][ T5627] Bluetooth: hci5: command tx timeout [ 497.233109][ T5627] Bluetooth: hci7: command tx timeout [ 497.342177][ T3397] hsr_slave_0: left promiscuous mode [ 497.382173][ T3397] hsr_slave_1: left promiscuous mode [ 497.383232][ T3397] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 497.438057][ T3397] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 498.052708][ T3397] team0 (unregistering): Port device team_slave_1 removed [ 498.093013][ T3397] team0 (unregistering): Port device team_slave_0 removed [ 498.351978][ T5627] Bluetooth: hci6: command tx timeout [ 498.949367][ T8765] bridge0: port 1(bridge_slave_0) entered blocking state [ 498.949559][ T8765] bridge0: port 1(bridge_slave_0) entered disabled state [ 498.949766][ T8765] bridge_slave_0: entered allmulticast mode [ 498.952084][ T8765] bridge_slave_0: entered promiscuous mode [ 499.059790][ T8765] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.060238][ T8765] bridge0: port 2(bridge_slave_1) entered disabled state [ 499.060588][ T8765] bridge_slave_1: entered allmulticast mode [ 499.072870][ T8765] bridge_slave_1: entered promiscuous mode [ 499.312709][ T5627] Bluetooth: hci7: command tx timeout [ 499.602557][ T8765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 499.722508][ T8821] bridge0: port 1(bridge_slave_0) entered blocking state [ 499.722698][ T8821] bridge0: port 1(bridge_slave_0) entered disabled state [ 499.722923][ T8821] bridge_slave_0: entered allmulticast mode [ 499.725926][ T8821] bridge_slave_0: entered promiscuous mode [ 499.747692][ T8832] bridge0: port 1(bridge_slave_0) entered blocking state [ 499.747992][ T8832] bridge0: port 1(bridge_slave_0) entered disabled state [ 499.748285][ T8832] bridge_slave_0: entered allmulticast mode [ 499.751818][ T8832] bridge_slave_0: entered promiscuous mode [ 499.937950][ T8765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 499.982620][ T5275] 8021q: adding VLAN 0 to HW filter on device eth5 [ 499.985581][ T8832] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.985814][ T8832] bridge0: port 2(bridge_slave_1) entered disabled state [ 499.986041][ T8832] bridge_slave_1: entered allmulticast mode [ 499.988234][ T8832] bridge_slave_1: entered promiscuous mode [ 499.990707][ T8821] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.991043][ T8821] bridge0: port 2(bridge_slave_1) entered disabled state [ 499.991338][ T8821] bridge_slave_1: entered allmulticast mode [ 500.051637][ T8821] bridge_slave_1: entered promiscuous mode [ 500.089789][ T8827] bridge0: port 1(bridge_slave_0) entered blocking state [ 500.089988][ T8827] bridge0: port 1(bridge_slave_0) entered disabled state [ 500.090172][ T8827] bridge_slave_0: entered allmulticast mode [ 500.114619][ T8827] bridge_slave_0: entered promiscuous mode [ 500.171212][ T8827] bridge0: port 2(bridge_slave_1) entered blocking state [ 500.171638][ T8827] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.175951][ T8827] bridge_slave_1: entered allmulticast mode [ 500.179523][ T8827] bridge_slave_1: entered promiscuous mode [ 500.251303][ T8765] team0: Port device team_slave_0 added [ 500.333677][ T8832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 500.354241][ T8821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 500.359001][ T8765] team0: Port device team_slave_1 added [ 500.407975][ T8832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 500.423375][ T8821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 500.459358][ T8827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 500.546449][ T8827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 500.604705][ T8765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 500.604719][ T8765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 500.604735][ T8765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 500.644302][ T8832] team0: Port device team_slave_0 added [ 500.654674][ T8821] team0: Port device team_slave_0 added [ 500.657721][ T8765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 500.657736][ T8765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 500.657761][ T8765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 500.961057][ T3397] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.011318][ T8832] team0: Port device team_slave_1 added [ 501.023559][ T8821] team0: Port device team_slave_1 added [ 501.328044][ T8827] team0: Port device team_slave_0 added [ 501.380484][ T8827] team0: Port device team_slave_1 added [ 501.533051][ T8934] loop2: detected capacity change from 0 to 256 [ 501.798150][ T3397] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.639370][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.639517][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.804606][ T8832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 502.804627][ T8832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 502.804657][ T8832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 502.809032][ T8821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 502.809046][ T8821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 502.809071][ T8821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 503.004832][ T8832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 503.004846][ T8832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 503.004861][ T8832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 503.006889][ T8821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 503.006899][ T8821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 503.006915][ T8821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 504.103035][ T8827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 504.103056][ T8827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 504.103086][ T8827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 505.638157][ T3397] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 506.113925][ T8765] hsr_slave_0: entered promiscuous mode [ 506.115309][ T8765] hsr_slave_1: entered promiscuous mode [ 506.118400][ T8827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 506.118411][ T8827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 506.118427][ T8827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 507.188564][ T5275] 8021q: adding VLAN 0 to HW filter on device eth6 [ 507.396670][ T8965] loop2: detected capacity change from 0 to 128 [ 507.542856][ T8965] FAT-fs (loop2): Directory bread(block 524322) failed [ 507.542900][ T8965] FAT-fs (loop2): Directory bread(block 524323) failed [ 507.542925][ T8965] FAT-fs (loop2): Directory bread(block 524324) failed [ 507.542949][ T8965] FAT-fs (loop2): Directory bread(block 524325) failed [ 507.542973][ T8965] FAT-fs (loop2): Directory bread(block 524326) failed [ 507.542995][ T8965] FAT-fs (loop2): Directory bread(block 524327) failed [ 507.543199][ T8965] FAT-fs (loop2): Directory bread(block 524328) failed [ 507.543230][ T8965] FAT-fs (loop2): Directory bread(block 524329) failed [ 507.681132][ T3397] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.898351][ T8832] hsr_slave_0: entered promiscuous mode [ 507.900481][ T8832] hsr_slave_1: entered promiscuous mode [ 507.918439][ T8832] debugfs: 'hsr0' already exists in 'hsr' [ 507.918465][ T8832] Cannot create hsr debugfs directory [ 507.940438][ T8821] hsr_slave_0: entered promiscuous mode [ 507.947443][ T8821] hsr_slave_1: entered promiscuous mode [ 507.948644][ T8821] debugfs: 'hsr0' already exists in 'hsr' [ 507.948670][ T8821] Cannot create hsr debugfs directory [ 508.034378][ T8827] hsr_slave_0: entered promiscuous mode [ 508.036552][ T8827] hsr_slave_1: entered promiscuous mode [ 508.038440][ T8827] debugfs: 'hsr0' already exists in 'hsr' [ 508.038465][ T8827] Cannot create hsr debugfs directory [ 508.895938][ T8972] ------------[ cut here ]------------ [ 508.895948][ T8972] debug_locks && !(!get_current()->pi_blocked_on) [ 508.895954][ T8972] WARNING: kernel/locking/spinlock_rt.c:40 at rt_spin_lock+0x31c/0x400, CPU#1: syz.2.629/8972 [ 508.895981][ T8972] Modules linked in: [ 508.895994][ T8972] CPU: 1 UID: 0 PID: 8972 Comm: syz.2.629 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 508.896009][ T8972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 508.896017][ T8972] RIP: 0010:rt_spin_lock+0x31c/0x400 [ 508.896031][ T8972] Code: 48 3b 44 24 60 0f 85 98 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d0 71 01 00 cc e8 5a 22 0a f6 e9 ac fe ff ff 90 <0f> 0b 90 e9 f6 fd ff ff 90 0f 0b 90 e9 3f ff ff ff e8 3e 22 0a f6 [ 508.896042][ T8972] RSP: 0018:ffffc90004897580 EFLAGS: 00010282 [ 508.896053][ T8972] RAX: 1ffff11006e5b167 RBX: 1ffff92000912eb4 RCX: 0000000000000046 [ 508.896063][ T8972] RDX: 0000000000000000 RSI: ffffffff8d88124b RDI: ffffffff8ba85de0 [ 508.896076][ T8972] RBP: ffffc90004897630 R08: ffffffff82239c54 R09: ffff88813fe33758 [ 508.896091][ T8972] R10: dffffc0000000000 R11: fffffbfff1f14dff R12: ffff8880372d8b38 [ 508.896105][ T8972] R13: dffffc0000000000 R14: ffff88813fe33700 R15: ffffc900048975c0 [ 508.896119][ T8972] FS: 00007fae60c366c0(0000) GS:ffff88812602d000(0000) knlGS:0000000000000000 [ 508.896131][ T8972] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 508.896139][ T8972] CR2: 00007fae60c14ff8 CR3: 0000000030d88000 CR4: 00000000003526f0 [ 508.896153][ T8972] Call Trace: [ 508.896159][ T8972] [ 508.896167][ T8972] ? __pfx_rt_spin_lock+0x10/0x10 [ 508.896181][ T8972] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 508.896199][ T8972] ? lockdep_hardirqs_on+0x7a/0x110 [ 508.896216][ T8972] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 508.896234][ T8972] get_from_partial_node+0x54/0x480 [ 508.896250][ T8972] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 508.896269][ T8972] ___slab_alloc+0xc2/0x920 [ 508.896282][ T8972] ? __migrate_enable+0x58/0xa0 [ 508.896302][ T8972] ? fill_pool+0x156/0x580 [ 508.896319][ T8972] kmem_cache_alloc_noprof+0xea/0x680 [ 508.896334][ T8972] ? fill_pool+0x156/0x580 [ 508.896349][ T8972] fill_pool+0x156/0x580 [ 508.896361][ T8972] ? debug_objects_fill_pool+0x6f/0xd0 [ 508.896374][ T8972] ? debug_objects_fill_pool+0x6f/0xd0 [ 508.896386][ T8972] ? __pfx_fill_pool+0x10/0x10 [ 508.896401][ T8972] ? debug_objects_fill_pool+0x6f/0xd0 [ 508.896412][ T8972] ? debug_objects_fill_pool+0x6f/0xd0 [ 508.896425][ T8972] debug_objects_fill_pool+0x97/0xd0 [ 508.896437][ T8972] debug_object_assert_init+0x65/0x300 [ 508.896455][ T8972] hrtimer_start_range_ns+0x3f/0xef0 [ 508.896474][ T8972] ? _raw_spin_unlock_irq+0x23/0x50 [ 508.896493][ T8972] futex_lock_pi+0x8df/0xb10 [ 508.896515][ T8972] ? __pfx_futex_lock_pi+0x10/0x10 [ 508.896533][ T8972] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 508.896548][ T8972] ? __lock_acquire+0x6b5/0x2d10 [ 508.896578][ T8972] ? __pfx_futex_wake_mark+0x10/0x10 [ 508.896606][ T8972] do_futex+0x292/0x420 [ 508.896622][ T8972] ? __pfx_do_futex+0x10/0x10 [ 508.896640][ T8972] __se_sys_futex+0x3a8/0x450 [ 508.896656][ T8972] ? __pfx___se_sys_futex+0x10/0x10 [ 508.896670][ T8972] ? __task_pid_nr_ns+0x28/0x470 [ 508.896692][ T8972] ? __x64_sys_futex+0x21/0xf0 [ 508.896705][ T8972] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.896719][ T8972] do_syscall_64+0x15f/0xf80 [ 508.896736][ T8972] ? clear_bhb_loop+0x40/0x90 [ 508.896752][ T8972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.896764][ T8972] RIP: 0033:0x7fae629dcdd9 [ 508.896776][ T8972] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 508.896786][ T8972] RSP: 002b:00007fae60c36028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 508.896799][ T8972] RAX: ffffffffffffffda RBX: 00007fae62c55fa0 RCX: 00007fae629dcdd9 [ 508.896807][ T8972] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000200 [ 508.896815][ T8972] RBP: 00007fae62a72d69 R08: 0000000000000000 R09: 0000000000000001 [ 508.896831][ T8972] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000 [ 508.896839][ T8972] R13: 00007fae62c56038 R14: 00007fae62c55fa0 R15: 00007fff9d3e2e08 [ 508.896857][ T8972] [ 508.896864][ T8972] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 508.896874][ T8972] CPU: 1 UID: 0 PID: 8972 Comm: syz.2.629 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 508.896888][ T8972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 508.896895][ T8972] Call Trace: [ 508.896901][ T8972] [ 508.896906][ T8972] vpanic+0x56c/0xa60 [ 508.896924][ T8972] ? __pfx__printk+0x10/0x10 [ 508.896936][ T8972] ? __pfx_vpanic+0x10/0x10 [ 508.896953][ T8972] ? is_bpf_text_address+0x292/0x2b0 [ 508.896971][ T8972] ? is_bpf_text_address+0x26/0x2b0 [ 508.896994][ T8972] panic+0xc5/0xd0 [ 508.897010][ T8972] ? __pfx_panic+0x10/0x10 [ 508.897036][ T8972] __warn+0x315/0x4c0 [ 508.897052][ T8972] ? rt_spin_lock+0x31c/0x400 [ 508.897066][ T8972] ? rt_spin_lock+0x31c/0x400 [ 508.897083][ T8972] __report_bug+0x29a/0x540 [ 508.897108][ T8972] ? rt_spin_lock+0x31c/0x400 [ 508.897121][ T8972] ? __pfx___report_bug+0x10/0x10 [ 508.897137][ T8972] ? __lock_acquire+0x6b5/0x2d10 [ 508.897161][ T8972] ? __lock_acquire+0x6b5/0x2d10 [ 508.897180][ T8972] ? rt_spin_lock+0x31c/0x400 [ 508.897192][ T8972] report_bug+0x16a/0x220 [ 508.897208][ T8972] ? rt_spin_lock+0x31c/0x400 [ 508.897219][ T8972] ? rt_spin_lock+0x31e/0x400 [ 508.897231][ T8972] handle_bug+0x9c/0x200 [ 508.897249][ T8972] exc_invalid_op+0x1a/0x50 [ 508.897268][ T8972] asm_exc_invalid_op+0x1a/0x20 [ 508.897280][ T8972] RIP: 0010:rt_spin_lock+0x31c/0x400 [ 508.897293][ T8972] Code: 48 3b 44 24 60 0f 85 98 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d0 71 01 00 cc e8 5a 22 0a f6 e9 ac fe ff ff 90 <0f> 0b 90 e9 f6 fd ff ff 90 0f 0b 90 e9 3f ff ff ff e8 3e 22 0a f6 [ 508.897308][ T8972] RSP: 0018:ffffc90004897580 EFLAGS: 00010282 [ 508.897318][ T8972] RAX: 1ffff11006e5b167 RBX: 1ffff92000912eb4 RCX: 0000000000000046 [ 508.897327][ T8972] RDX: 0000000000000000 RSI: ffffffff8d88124b RDI: ffffffff8ba85de0 [ 508.897336][ T8972] RBP: ffffc90004897630 R08: ffffffff82239c54 R09: ffff88813fe33758 [ 508.897344][ T8972] R10: dffffc0000000000 R11: fffffbfff1f14dff R12: ffff8880372d8b38 [ 508.897353][ T8972] R13: dffffc0000000000 R14: ffff88813fe33700 R15: ffffc900048975c0 [ 508.897374][ T8972] ? get_from_partial_node+0x54/0x480 [ 508.897395][ T8972] ? __pfx_rt_spin_lock+0x10/0x10 [ 508.897409][ T8972] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 508.897426][ T8972] ? lockdep_hardirqs_on+0x7a/0x110 [ 508.897442][ T8972] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 508.897461][ T8972] get_from_partial_node+0x54/0x480 [ 508.897476][ T8972] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 508.897495][ T8972] ___slab_alloc+0xc2/0x920 [ 508.897507][ T8972] ? __migrate_enable+0x58/0xa0 [ 508.897526][ T8972] ? fill_pool+0x156/0x580 [ 508.897542][ T8972] kmem_cache_alloc_noprof+0xea/0x680 [ 508.897557][ T8972] ? fill_pool+0x156/0x580 [ 508.897571][ T8972] fill_pool+0x156/0x580 [ 508.897583][ T8972] ? debug_objects_fill_pool+0x6f/0xd0 [ 508.897597][ T8972] ? debug_objects_fill_pool+0x6f/0xd0 [ 508.897609][ T8972] ? __pfx_fill_pool+0x10/0x10 [ 508.897624][ T8972] ? debug_objects_fill_pool+0x6f/0xd0 [ 508.897636][ T8972] ? debug_objects_fill_pool+0x6f/0xd0 [ 508.897649][ T8972] debug_objects_fill_pool+0x97/0xd0 [ 508.897661][ T8972] debug_object_assert_init+0x65/0x300 [ 508.897680][ T8972] hrtimer_start_range_ns+0x3f/0xef0 [ 508.897699][ T8972] ? _raw_spin_unlock_irq+0x23/0x50 [ 508.897717][ T8972] futex_lock_pi+0x8df/0xb10 [ 508.897738][ T8972] ? __pfx_futex_lock_pi+0x10/0x10 [ 508.897756][ T8972] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 508.897771][ T8972] ? __lock_acquire+0x6b5/0x2d10 [ 508.897800][ T8972] ? __pfx_futex_wake_mark+0x10/0x10 [ 508.897834][ T8972] do_futex+0x292/0x420 [ 508.897850][ T8972] ? __pfx_do_futex+0x10/0x10 [ 508.897868][ T8972] __se_sys_futex+0x3a8/0x450 [ 508.897884][ T8972] ? __pfx___se_sys_futex+0x10/0x10 [ 508.897898][ T8972] ? __task_pid_nr_ns+0x28/0x470 [ 508.897919][ T8972] ? __x64_sys_futex+0x21/0xf0 [ 508.897932][ T8972] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.897945][ T8972] do_syscall_64+0x15f/0xf80 [ 508.897963][ T8972] ? clear_bhb_loop+0x40/0x90 [ 508.897978][ T8972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.897990][ T8972] RIP: 0033:0x7fae629dcdd9 [ 508.898001][ T8972] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 508.898011][ T8972] RSP: 002b:00007fae60c36028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 508.898023][ T8972] RAX: ffffffffffffffda RBX: 00007fae62c55fa0 RCX: 00007fae629dcdd9 [ 508.898031][ T8972] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000200 [ 508.898039][ T8972] RBP: 00007fae62a72d69 R08: 0000000000000000 R09: 0000000000000001 [ 508.898047][ T8972] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000 [ 508.898055][ T8972] R13: 00007fae62c56038 R14: 00007fae62c55fa0 R15: 00007fff9d3e2e08 [ 508.898073][ T8972] [ 508.898368][ T8972] Kernel Offset: disabled