last executing test programs: 6m7.446571786s ago: executing program 0 (id=61): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24040004) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001c0001fc28bd7000fcdbdf2507000000", @ANYRES32, @ANYBLOB="8000260b0a00020001"], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x20040010) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x26000411}, 0x800) 6m7.084702103s ago: executing program 4 (id=62): socket$kcm(0xa, 0x5, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) socket$inet_smc(0x2b, 0x1, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x34, 0x70, 0x9d, 0x40, 0x55f, 0xc230, 0xb6ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf2, 0xa7, 0xcc}}]}}]}}, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)) syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000), 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c00010429bd7000ffdbdf2507000000", @ANYRES32=r0, @ANYBLOB="e0ff8b0a0a0002"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001d"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0xc31fe084736598c) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x4000004) 6m6.996621337s ago: executing program 0 (id=64): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bf"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r2 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) readv(r1, &(0x7f0000000340)=[{&(0x7f0000000d00)=""/223, 0xdf}], 0x1) tkill(r2, 0xb) 6m6.543993786s ago: executing program 0 (id=66): socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, 0x7, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 6m5.120002906s ago: executing program 0 (id=69): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x13, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket(0x10, 0x80002, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000002d000100000000000000000004000080050011802f"], 0x1c}], 0x1}, 0x310) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a400000", @ANYRES32=r3, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c"], 0x48}}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240480d1}, 0x20008000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc, 0x10012, r5, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000380)=0x7ffd) 6m2.795258076s ago: executing program 4 (id=73): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {0x0}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 6m1.377857948s ago: executing program 4 (id=75): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0\x00'}) setsockopt$packet_int(r1, 0x107, 0x14, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x4a5, &(0x7f0000000bc0)="$eJzs3E1oHFUcAPD/bJJ+t4m1VltbjVax+JE06Yc9eFBR8KAg6KEeY7KttdtGkgi2BI0i9SgF7+JR8OjJmxdRDyJ4VfAohaJBaOopMl/pNtlNkzTpttnfDzb73szsvvefeW/zdt7OBNC2etM/ScS2iPg9Irrz7I0b9OZPM9OTw9emJ4eTmJ194+8k2+7q9ORwuWn5uq1F5mAlovJpEs8nC8sdP3/hzFCtVh0r8v0TZ9/rHz9/4ZnTZ4dOVU9Vzw0eP37k8MCzxwaPLjumzQ2WpXFd3fvh6L49r7x16bXhE5fe/umbtFq79+fr6+O4qWsNAmqgN91r/8xm5q97fMmF3R2216WTzhZWhGXpiIj0cHVl/b87OuL6weuOlz9paeWANZX+b9rYfPXULLCOJdHqGgCtUf6jT7//lo/bNPS4I1x5IWJDkZ6ZnhyemYu/MyrF8q41LL83Ik5M/fdl+ojlnocAAFiBbGzzdKPxXyV2Z8/5XMeOYg6lJyLuiYidEXFvROyKiPsism3vj4gH8hfPdi+x/N55+YXjn8rlhnVeJen477m6sd9MXfzFU09Hkduexd+VnDxdqx4q9snB6NqY5gcWKeP7l377vNm6+vFf+kjLL8eCRQUud+Yn6MphaowMTQyt1k648nHE3s5G8SdzMwFpC9gTEXuX99Y7ysTpJ7/e12yjm8e/iFWYZ5r9KuKJ/PhPxbz4S0mT+cm0jR8bPNq/KWrVQ/1lq1jo518vvt6s/FuKfxWkx3/Lje1/3hbd/yb5fG1X1GrVsfHll3Hxj8+afqdZRvufk7b/Dcmb2Zz1L+/kyz4YmpgYG4jYkLya5cvOki0fvP7aMl9un8Z/8EDj/r+zeE0a/4MRkTbi/RE7HoqIh4u6PxIRj0bEgUXi//HFx95dJP4kkmjp8R9p+Pk31/57kvr5+hUkOs788F2zGfOlHf8jMZV91uayz7+bWGoFb3H3AQAAwF2hEhHbIqn05enebVGp9PXlv+HfFVsqtdHxiadOjr5/biS/RqAnuirlma7uuvOhA8lU8Y55frA4V1yuP1ycN/6iY3OW7xserY20OHZod1tv7P9R9v/UXx2trh2w5prPoy1yaQCwLszv/5UW1QO4/ZbyOxrfBWB9atD/G91DA1iH3K8F2lej/v/RvPyC8b8RAqwLC/v/nw1uWQesR8b/0L70f2hf+j+0pVu5rn/lifJigZW/z6YlX+HfLonyjhdrWdbmuL4kKi0Pee0TEfHtHVCN6ljaY25voXU3HAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiL/R8AAP//bDTlOQ==") mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000200)={{}, 0x0, 0x8000000, 0x401, {0x0, 0x3}, 0x1, 0x800}) 5m58.70775936s ago: executing program 4 (id=77): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmsg$unix(r2, &(0x7f00000030c0)={&(0x7f0000002e80), 0x6e, 0x0}, 0x101) recvmmsg(r4, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x7, 0x0, 0x0) 5m58.308127426s ago: executing program 0 (id=79): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) close(0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) syz_clone3(&(0x7f00000004c0)={0x80, 0x0, 0x0, 0x0, {0x3f}, 0x0, 0x0, 0x0, 0x0}, 0x58) 5m56.579859399s ago: executing program 0 (id=81): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000006c0)={0x2c, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 5m55.628870096s ago: executing program 4 (id=83): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000006c0)={0x2c, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 5m51.448588475s ago: executing program 4 (id=91): mkdir(0x0, 0x0) chdir(0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, 0x0, 0x4040800) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@deltaction={0x14, 0x18, 0x1, 0x70bd29, 0x25dfdbfe, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, 0x0, 0x0) r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$update(0x2, r3, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@verity_on}]}) r4 = socket(0x11, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r4, &(0x7f0000000180)={0x11, 0x0, r6}, 0x14) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4) sendmsg$netlink(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000480)=ANY=[@ANYRESOCT=r6], 0xdd12}], 0x1, 0x0, 0x0, 0x40101}, 0x40004) syz_open_dev$tty1(0xc, 0x4, 0x1) 5m40.948109734s ago: executing program 32 (id=81): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000006c0)={0x2c, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 5m35.62399022s ago: executing program 33 (id=91): mkdir(0x0, 0x0) chdir(0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, 0x0, 0x4040800) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@deltaction={0x14, 0x18, 0x1, 0x70bd29, 0x25dfdbfe, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, 0x0, 0x0) r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$update(0x2, r3, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@verity_on}]}) r4 = socket(0x11, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r4, &(0x7f0000000180)={0x11, 0x0, r6}, 0x14) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4) sendmsg$netlink(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000480)=ANY=[@ANYRESOCT=r6], 0xdd12}], 0x1, 0x0, 0x0, 0x40101}, 0x40004) syz_open_dev$tty1(0xc, 0x4, 0x1) 23.909383713s ago: executing program 1 (id=807): getpgrp(0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0xd, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000002dc0)=@multiplanar_userptr={0x0, 0x1, 0x4, 0x0, 0x7, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, "488dc807"}, 0x1004, 0x2, {0x0}, 0x10000003}) 22.219575996s ago: executing program 7 (id=810): setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000080)={0x12, 0x3c25, {0x55, 0x4, 0x6, {0xfffb, 0x7}, {0x2, 0x3ff}, @ramp={0x5, 0x6, {0x9, 0x4, 0x7ff, 0x5}}}, {0x53, 0x3, 0x4, {0xfffa, 0x3}, {0x1ff, 0x1}, @ramp={0x8, 0x0, {0x1, 0xbd3, 0x4, 0x5}}}}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r1, &(0x7f00000001c0)="5cba", 0x2) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x89a0, &(0x7f0000002280)={'ip6tnl0\x00'}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', 0x0}) bind$packet(r5, &(0x7f0000000080)={0x11, 0x1a, r6, 0x1, 0x8, 0x6, @broadcast}, 0x14) r7 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x2}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r7, 0x48e9, 0x0, 0x2, 0x0, 0x0) splice(r3, 0x0, r4, 0x0, 0x39000, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)=0x2) 20.596783996s ago: executing program 1 (id=812): ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084524, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000010000)=ANY=[@ANYBLOB="00f4230b000001f7e5c78d08d24504d64e8655799ed95c10ec4574a2a4c2c85f462a0db0ca33eaeb165fb22a13b3d684d2bc2a408da947abf3a0cb5b001e3fbed6a38eea6a1762ae"], 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x16, &(0x7f00000101c0)="ad8e8f15dbad2ac28d63adf5dabf1381ec6e5ce5d1af"}], 0x1}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) 19.303783834s ago: executing program 6 (id=817): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = fsopen(&(0x7f0000000100)='bpf\x00', 0x1) fsmount(r1, 0x0, 0x8f) 18.835016264s ago: executing program 7 (id=820): getpgrp(0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) 18.523674806s ago: executing program 6 (id=822): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000b40)={0x51, 0x1, 0x7, {0x0, 0x1}, {0x69, 0x2}, @period={0x59, 0x0, 0x0, 0x3, 0x80, {0x4, 0x8001, 0xf, 0xfffe}, 0x0, 0x0}}) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) r1 = socket(0x2b, 0x1, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000480)={0x0, 0xfad6, 0x400, 0x2}, &(0x7f0000000240)=0x0, &(0x7f0000000100)) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'dummy0\x00', 0x0}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}}, 0x4000080) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r7, r7, 0x8f5, 0x100000000000000) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000000)={0xfeffffff, r1, 0x23, {0x3b4, 0x6d3}, 0x6}, 0x1) 15.796689171s ago: executing program 5 (id=825): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0), 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)=0x2) 15.530277196s ago: executing program 1 (id=826): setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000080)={0x12, 0x3c25, {0x55, 0x4, 0x6, {0xfffb, 0x7}, {0x2, 0x3ff}, @ramp={0x5, 0x6, {0x9, 0x4, 0x7ff, 0x5}}}, {0x53, 0x3, 0x4, {0xfffa, 0x3}, {0x1ff, 0x1}, @ramp={0x8, 0x0, {0x1, 0xbd3, 0x4, 0x5}}}}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r1, &(0x7f00000001c0)="5cba", 0x2) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x89a0, &(0x7f0000002280)={'ip6tnl0\x00'}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', 0x0}) bind$packet(r5, &(0x7f0000000080)={0x11, 0x1a, r6, 0x1, 0x8, 0x6, @broadcast}, 0x14) r7 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x2}, &(0x7f0000002000), &(0x7f0000000000)) io_uring_enter(r7, 0x48e9, 0x0, 0x2, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x39000, 0x0) read$FUSE(r3, &(0x7f0000000240)={0x2020}, 0x2020) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)=0x2) 15.295784747s ago: executing program 5 (id=827): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b0001006272696467650000400002800800050001000000060027000000000008000100150008000500"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) 15.054018512s ago: executing program 7 (id=828): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0x113c}, 0x1, 0x0, 0x0, 0x48000}, 0x400c004) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r5 = openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r5, 0x40085112, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x5}, {0xa, 0x0, 0x0, @loopback}}}, 0x48) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) syz_pidfd_open(r7, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000a00), 0x0, 0x0) sendfile(r6, r6, 0x0, 0x200020) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000000)=0x6, 0x4) 14.605067783s ago: executing program 3 (id=829): socket$inet6(0xa, 0x800000000000002, 0x0) fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) socket$inet_smc(0x2b, 0x1, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x34, 0x70, 0x9d, 0x40, 0x55f, 0xc230, 0xb6ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf2, 0xa7, 0xcc}}]}}]}}, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000), 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c00010429bd7000ffdbdf2507000000", @ANYRES32=r0, @ANYBLOB="e0ff8b0a0a0002"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x4000004) 14.430108614s ago: executing program 5 (id=830): setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000080)={0x12, 0x3c25, {0x55, 0x4, 0x6, {0xfffb, 0x7}, {0x2, 0x3ff}, @ramp={0x5, 0x6, {0x9, 0x4, 0x7ff, 0x5}}}, {0x53, 0x3, 0x4, {0xfffa, 0x3}, {0x1ff, 0x1}, @ramp={0x8, 0x0, {0x1, 0xbd3, 0x4, 0x5}}}}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r1, &(0x7f00000001c0)="5cba", 0x2) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x89a0, &(0x7f0000002280)={'ip6tnl0\x00'}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', 0x0}) bind$packet(r4, &(0x7f0000000080)={0x11, 0x1a, r5, 0x1, 0x8, 0x6, @broadcast}, 0x14) r6 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x2}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r6, 0x48e9, 0x0, 0x2, 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)=0x2) 14.253847983s ago: executing program 6 (id=831): socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x1f2) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff", @ANYRES8=r0, @ANYRES64=r1], 0x0) 13.623237525s ago: executing program 1 (id=832): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24f300ca2f8ef53773c5cbdf4a583f81fdc8719dbe967b0690a3ed3f314c3e2ceebb3e29d00c29b1ac1053d1e8b32d8a8be1bb9786746e0ee564306c80d7045747165005fa3528b5ac1e35e03b69cb54111dfcebc6d585aacdd57c351ef1aa8050274b122a21b47432f17a0cacfd9524d9cb09029e4daefaea47f8cd5a4f1dee71093ebc076363e14f78dd3b129b4b3ae5a7a085297416f05111e9cedf5e0f21f1a8aeefa517ed1705ec76469b8b469851cc56c6016d9067dac3de3818856014c98ce8f36dac4d8cdb1f25e3c5de754596e9a07c7718adf0cbdab78066d2418c12e0acde73c05fc80", 0x1bd}], 0x1}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000a00)="449f6aed247d197178d7f0a82e1deae14825b22ab6c0ec1ca0c27cd21d8a48637cb781581aac75a2f848f285c99133f0435497bf6ae25625", 0x38}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)="bae4e6c90e2c2528899c4dafaadec1", 0xf}, {&(0x7f0000000380)="863df713b27092133340e45590eac45df1f0a54f338c8d702066c10522ae87000000", 0x22}, {&(0x7f0000000900)="5e9a96da6c96c227926d725c264c8db1743e2a714194d97fd4a96b32f3a0cc57ff3d188ab8257403ab87aac73eb1db3cffb4c9b525154c45716736588985037d1390ae2dfd39d2", 0x47}, {&(0x7f0000001000)="5e48212599327704ccc5ca940f85ce93d081835a8f8ce527ba414eeb2fac35952374361fa3fe455eae90ef6636e089eeae608c4bb2a0cae5f3d8ebe5294f272023815eacab65c0a92cd792cae6645dcef01758183b1dab679fc8bccc9b2a7c95efda137f6f80e4159ff6295a35f2516454afb609ce2bc852ece0d2234e63a4cfcceb2f628f6425b0b5dd6ba4c20e250c72f658b059079271c6f206a758e87784fd6256d1ee6cd55ea723631572ba4729109fa114f7240bb6776054d1fa9b5c3114debca30e4196223e3f6fcbf715c61e62f3702e1a43c72c114587e1eb727a458aba50fe0da0523b0f243482e33c7af73d072374f04ec75bd199e7357d8d37a60c4b225c0ebb8e8fde86484871015eb8ccda35183959fccdbe3cc8f9f018c70c405d1847d8666a34f86d1f996b42f9ce536100b8d6080f472d2a87a277a0c45baca157f0d578b6ca0e8627819d4d8e5226494474ff573c36caf000e9c52f206013851f2702c83224a7ac58fef0a2f337174f79900af0899ad371ebc5759d1f48b01c962be95456341e280de8aa4e5b46f2ac3256254cdec803cbfe597bc771b49cb0806048a441f1ba825d92b59140afcf59c7d7c6359b5c729da3480946575f681243faefac01e76ccd447d6035744375fd08e491aa597b3fb77874b0f3818331a895375d7602eb1676f853d2b1e058d5519c146310857b3783e33b27c9e6d269fbc75161a1840d4c5a6a22951afce45232ec10e9ddb9265a9370a4d89602f4f88ead4af3fd8f7533438e52eb529d6f3ea27dc2b921b96b3e72cc06baf4e6f92b56c86e737932a38c6f798d458047d45294c4e27d8e026ad1c7229987b573ec9b486fdda6775c08fb9484106f93c3f0e197dfaeb3e7f0ed65f69788ab253716ab4e6e1c8f4f4f382ac3d822a5ff8ccea83d6748cbb439490d0a0e3737d26e7ec85058debce6f60b9f9596e5bed99662ccf4c8bc7ef30ce1ba764ff8bc31262f89e3d83657aa4b3b529cf8d83a5babab0f1f1b1225b8ffedc83ff193e10404412ea55f9849b65b0f58ab5b3a83d500f37a8a59ef3fefe8c8dd1d1d513b4a36debb2c228a80386e2c9f9a9855f66ff3f6710b0fbf766c58fb6da12b65bef14c11c30ed5fb517ffff765c95f67b99eb565e768bcc8", 0x334}], 0x4}}], 0x3, 0x4004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 13.156612207s ago: executing program 1 (id=833): getpgrp(0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) 12.926893605s ago: executing program 5 (id=834): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = fsopen(&(0x7f0000000100)='bpf\x00', 0x1) fsmount(r1, 0x0, 0x8f) 12.897908492s ago: executing program 3 (id=835): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_route(0x10, 0x3, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x4) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fsopen(&(0x7f0000000000)='cgroup\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8b, 0x35}, [@call={0x85, 0x0, 0x0, 0xa4}]}, 0x0, 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 10.359277564s ago: executing program 1 (id=836): capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x6}) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0x4c831, 0xffffffffffffffff, 0xfd1bd000) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 10.138070908s ago: executing program 3 (id=837): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x0, 0x1}) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) getpgrp(0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000180)={r4}) 9.869111672s ago: executing program 6 (id=839): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$kcm(0x2, 0x3, 0x2) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$can_raw(0x1d, 0x3, 0x1) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0xec, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xaeb, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) write$nci(r0, 0x0, 0x4) 9.58513196s ago: executing program 5 (id=840): syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, 0x0, 0x0) getsockname$unix(r3, &(0x7f00000001c0)=@abs, &(0x7f0000000040)=0x6e) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x7fffffff, 0x0, 0x2}, {0xfffffffffffffffe, 0xffffffffffffffff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in6=@private1, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x4000}]}]}, 0xfc}}, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000380)={0x2, 0x0, @remote}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x810) 9.206266839s ago: executing program 2 (id=841): write$proc_mixer(0xffffffffffffffff, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_usb_connect$uac1(0x2, 0xa2, &(0x7f0000000040)=ANY=[@ANYBLOB="12011001000000406b1d01014000010203010902900003010380000904000000010100000a24010f00030201020c2402060602040c0032a304090401000001020000090401010101020000072401200404000c2402010201400f0a3b4725090501090000f7090607250183020c0009040200000103"], 0x0) 9.140193354s ago: executing program 3 (id=842): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b0001006272696467650000400002800800050001000000060027000000000008000100150008000500"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) 8.180216145s ago: executing program 2 (id=843): syz_open_dev$ptys(0xc, 0x3, 0x0) r0 = openat$cachefiles(0xffffff9c, 0x0, 0x90200, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, 0x0, 0x24000000) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x8, &(0x7f0000000240)) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') r2 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0x600, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x6}}, {0x0, 0x13}}}, 0xa0) sendfile(r2, r2, 0x0, 0x7f03) 7.969172028s ago: executing program 3 (id=844): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0x113c}, 0x1, 0x0, 0x0, 0x48000}, 0x400c004) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r5 = openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r5, 0x40085112, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x5}, {0xa, 0x0, 0x0, @loopback}}}, 0x48) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) syz_pidfd_open(r7, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000a00), 0x0, 0x0) sendfile(r6, r6, 0x0, 0x200020) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000000)=0x6, 0x4) 7.48913328s ago: executing program 2 (id=845): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24f300ca2f8ef53773c5cbdf4a583f81fdc8719dbe967b0690a3ed3f314c3e2ceebb3e29d00c29b1ac1053d1e8b32d8a8be1bb9786746e0ee564306c80d7045747165005fa3528b5ac1e35e03b69cb54111dfcebc6d585aacdd57c351ef1aa8050274b122a21b47432f17a0cacfd9524d9cb09029e4daefaea47f8cd5a4f1dee71093ebc076363e14f78dd3b129b4b3ae5a7a085297416f05111e9cedf5e0f21f1a8aeefa517ed1705ec76469b8b469851cc56c6016d9067dac3de3818856014c98ce8f36dac4d8cdb1f25e3c5de754596e9a07c7718adf0cbdab78066d2418c12e0acde73c05fc80", 0x1bd}], 0x1}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000a00)="449f6aed247d197178d7f0a82e1deae14825b22ab6c0ec1ca0c27cd21d8a48637cb781581aac75a2f848f285c99133f0435497bf6ae25625", 0x38}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)="bae4e6c90e2c2528899c4dafaadec1", 0xf}, {&(0x7f0000000380)="863df713b27092133340e45590eac45df1f0a54f338c8d702066c10522ae87000000", 0x22}, {&(0x7f0000000900)="5e9a96da6c96c227926d725c264c8db1743e2a714194d97fd4a96b32f3a0cc57ff3d188ab8257403ab87aac73eb1db3cffb4c9b525154c45716736588985037d1390ae2dfd39d2", 0x47}, {&(0x7f0000001000)="5e48212599327704ccc5ca940f85ce93d081835a8f8ce527ba414eeb2fac35952374361fa3fe455eae90ef6636e089eeae608c4bb2a0cae5f3d8ebe5294f272023815eacab65c0a92cd792cae6645dcef01758183b1dab679fc8bccc9b2a7c95efda137f6f80e4159ff6295a35f2516454afb609ce2bc852ece0d2234e63a4cfcceb2f628f6425b0b5dd6ba4c20e250c72f658b059079271c6f206a758e87784fd6256d1ee6cd55ea723631572ba4729109fa114f7240bb6776054d1fa9b5c3114debca30e4196223e3f6fcbf715c61e62f3702e1a43c72c114587e1eb727a458aba50fe0da0523b0f243482e33c7af73d072374f04ec75bd199e7357d8d37a60c4b225c0ebb8e8fde86484871015eb8ccda35183959fccdbe3cc8f9f018c70c405d1847d8666a34f86d1f996b42f9ce536100b8d6080f472d2a87a277a0c45baca157f0d578b6ca0e8627819d4d8e5226494474ff573c36caf000e9c52f206013851f2702c83224a7ac58fef0a2f337174f79900af0899ad371ebc5759d1f48b01c962be95456341e280de8aa4e5b46f2ac3256254cdec803cbfe597bc771b49cb0806048a441f1ba825d92b59140afcf59c7d7c6359b5c729da3480946575f681243faefac01e76ccd447d6035744375fd08e491aa597b3fb77874b0f3818331a895375d7602eb1676f853d2b1e058d5519c146310857b3783e33b27c9e6d269fbc75161a1840d4c5a6a22951afce45232ec10e9ddb9265a9370a4d89602f4f88ead4af3fd8f7533438e52eb529d6f3ea27dc2b921b96b3e72cc06baf4e6f92b56c86e737932a38c6f798d458047d45294c4e27d8e026ad1c7229987b573ec9b486fdda6775c08fb9484106f93c3f0e197dfaeb3e7f0ed65f69788ab253716ab4e6e1c8f4f4f382ac3d822a5ff8ccea83d6748cbb439490d0a0e3737d26e7ec85058debce6f60b9f9596e5bed99662ccf4c8bc7ef30ce1ba764ff8bc31262f89e3d83657aa4b3b529cf8d83a5babab0f1f1b1225b8ffedc83ff193e10404412ea55f9849b65b0f58ab5b3a83d500f37a8a59ef3fefe8c8dd1d1d513b4a36debb2c228a80386e2c9f9a9855f66ff3f6710b0fbf766c58fb6da12b65bef14c11c30ed5fb517ffff765c95f67b99eb565e768bcc8", 0x334}], 0x4}}], 0x3, 0x4004) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 7.040523643s ago: executing program 2 (id=846): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000b40)={0x51, 0x1, 0x7, {0x0, 0x1}, {0x69, 0x2}, @period={0x59, 0x0, 0x0, 0x3, 0x80, {0x4, 0x8001, 0xf, 0xfffe}, 0x0, 0x0}}) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r2 = socket(0x2b, 0x1, 0x0) r3 = syz_io_uring_setup(0x110, &(0x7f0000000480)={0x0, 0xfad6, 0x400, 0x2}, &(0x7f0000000240)=0x0, &(0x7f0000000100)=0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'dummy0\x00', 0x0}) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x44}}, 0x4000080) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r9, r9, 0x8f5, 0x100000000000000) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1}) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r3, 0x18, &(0x7f0000000000)={0xfeffffff, r2, 0x23, {0x3b4, 0x6d3}, 0x6}, 0x1) 5.971559879s ago: executing program 7 (id=847): openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_usb_connect$uac1(0x2, 0xa2, &(0x7f0000000040)=ANY=[@ANYBLOB="12011001000000406b1d01014000010203010902900003010380000904000000010100000a24010f00030201020c2402060602040c0032a304090401000001020000090401010101020000072401200404000c2402010201400f0a3b4725090501090000f7090607250183020c0009040200000103"], 0x0) 5.652169165s ago: executing program 2 (id=848): iopl(0x3) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x9c}}, 0x0) 5.308563347s ago: executing program 6 (id=849): iopl(0x3) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0xbc}}, 0x0) 839.313809ms ago: executing program 7 (id=850): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002211c0000001f000000060001000000000008000500", @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a0001"], 0x64}}, 0x4000000) 674.42057ms ago: executing program 2 (id=851): syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, 0x0, 0x0) getsockname$unix(r2, &(0x7f00000001c0)=@abs, &(0x7f0000000040)=0x6e) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000380)={0x2, 0x0, @remote}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='veth0_to_team\x00', 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x810) 376.401375ms ago: executing program 6 (id=852): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = fsopen(&(0x7f0000000100)='bpf\x00', 0x1) fsmount(r1, 0x0, 0x8f) 309.145296ms ago: executing program 5 (id=853): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c000180060001"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) 80.911973ms ago: executing program 7 (id=854): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x0, 0x1}) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) getpgrp(0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000180)={r4}) 0s ago: executing program 3 (id=855): mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000009, 0x100010, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f00000005c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf94d8000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r2, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e14", 0xfffffffffffffe4c, 0x20004811, 0x0, 0xffffffffffffffbd) kernel console output (not intermixed with test programs): te [ 111.318993][ T1030] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.326469][ T1030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.451517][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.534412][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.578293][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 111.589433][ T5147] Bluetooth: hci4: command tx timeout [ 111.589451][ T5847] Bluetooth: hci1: command tx timeout [ 111.623332][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.660676][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.667478][ T5147] Bluetooth: hci0: command tx timeout [ 111.667518][ T5147] Bluetooth: hci3: command tx timeout [ 111.667558][ T5147] Bluetooth: hci2: command tx timeout [ 111.676536][ T5147] Bluetooth: hci5: command tx timeout [ 111.739759][ T1030] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.746991][ T1030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.800841][ T1030] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.808073][ T1030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.840604][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.848326][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.890011][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.897225][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.982330][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.117986][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.226941][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.278471][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.350681][ T5835] veth0_vlan: entered promiscuous mode [ 112.443454][ T5835] veth1_vlan: entered promiscuous mode [ 112.570273][ T5831] veth0_vlan: entered promiscuous mode [ 112.618650][ T5835] veth0_macvtap: entered promiscuous mode [ 112.639410][ T5831] veth1_vlan: entered promiscuous mode [ 112.669781][ T5835] veth1_macvtap: entered promiscuous mode [ 112.821518][ T5831] veth0_macvtap: entered promiscuous mode [ 112.832848][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.860701][ T5831] veth1_macvtap: entered promiscuous mode [ 112.888140][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.937550][ T1030] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.958762][ T1030] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.978938][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.993672][ T1030] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.006686][ T1030] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.045750][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.062365][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 113.078563][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 113.146793][ T3456] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.158255][ T3456] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.175867][ T3456] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.203704][ T3456] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.218226][ T5850] veth0_vlan: entered promiscuous mode [ 113.283696][ T5850] veth1_vlan: entered promiscuous mode [ 113.293768][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.314435][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.368198][ T5841] veth0_vlan: entered promiscuous mode [ 113.424430][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.437240][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.458921][ T5841] veth1_vlan: entered promiscuous mode [ 113.471384][ T5842] veth0_vlan: entered promiscuous mode [ 113.483259][ T5836] veth0_vlan: entered promiscuous mode [ 113.502324][ T5842] veth1_vlan: entered promiscuous mode [ 113.523166][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.536648][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.553542][ T5850] veth0_macvtap: entered promiscuous mode [ 113.570588][ T5836] veth1_vlan: entered promiscuous mode [ 113.586169][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 113.617043][ T3456] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.624911][ T3456] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.634107][ T5850] veth1_macvtap: entered promiscuous mode [ 113.665233][ T5147] Bluetooth: hci1: command tx timeout [ 113.676595][ T5147] Bluetooth: hci4: command tx timeout [ 113.746011][ T5147] Bluetooth: hci5: command tx timeout [ 113.746056][ T5854] Bluetooth: hci3: command tx timeout [ 113.751448][ T5838] Bluetooth: hci0: command tx timeout [ 113.757143][ T5847] Bluetooth: hci2: command tx timeout [ 113.782062][ T5841] veth0_macvtap: entered promiscuous mode [ 113.793175][ T5841] veth1_macvtap: entered promiscuous mode [ 113.821230][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 113.837839][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 113.894450][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 113.959970][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.034826][ T5842] veth0_macvtap: entered promiscuous mode [ 114.088226][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.160334][ T5975] loop0: detected capacity change from 0 to 32768 [ 114.187288][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.197234][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.219223][ T5842] veth1_macvtap: entered promiscuous mode [ 114.252419][ T5836] veth0_macvtap: entered promiscuous mode [ 114.263920][ T5836] veth1_macvtap: entered promiscuous mode [ 114.288988][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.303486][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.332826][ T5975] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 114.342000][ T5975] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 114.361757][ T5975] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 114.371497][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.377577][ T774] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 114.544686][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.784404][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.932395][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.004566][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.049309][ T774] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 115.054971][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.106386][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.136194][ T774] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 86ms [ 115.142009][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.144729][ T774] gfs2: fsid=syz:syz.0: jid=0: Done [ 115.159612][ T5975] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 115.183311][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.260372][ T60] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.284597][ T5975] gfs2: fsid=syz:syz.0: found 1 quota changes [ 115.341935][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.453758][ T60] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.775337][ T60] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.814108][ T60] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.901345][ T5975] syz.0.1: attempt to access beyond end of device [ 115.901345][ T5975] loop0: rw=8400896, sector=6755399441055880, nr_sectors = 8 limit=32768 [ 115.918067][ T5989] syz.0.1: attempt to access beyond end of device [ 115.918067][ T5989] loop0: rw=8400896, sector=6755399441055880, nr_sectors = 8 limit=32768 [ 115.964135][ T60] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.075591][ T3456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.083469][ T3456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.172018][ T5975] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 11 2339, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 402 [ 116.188503][ T5975] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:aqonN t:EX d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 116.198513][ T5975] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5975 [syz.0.1] gfs2_quota_sync+0x359/0x460 [ 116.208885][ T5975] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 116.217160][ T5975] CPU: 0 UID: 0 PID: 5975 Comm: syz.0.1 Not tainted syzkaller #0 PREEMPT(full) [ 116.217189][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 116.217209][ T5975] Call Trace: [ 116.217222][ T5975] [ 116.217237][ T5975] dump_stack_lvl+0x189/0x250 [ 116.217280][ T5975] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.217320][ T5975] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.217360][ T5975] gfs2_withdraw+0xc3/0x1b0 [ 116.217387][ T5975] inode_go_instantiate+0xdd0/0x1210 [ 116.217424][ T5975] ? __pfx_bit_wait+0x10/0x10 [ 116.217450][ T5975] ? __pfx_bit_wait+0x10/0x10 [ 116.217481][ T5975] ? __pfx_inode_go_instantiate+0x10/0x10 [ 116.217521][ T5975] ? __pfx_wake_bit_function+0x10/0x10 [ 116.217574][ T5975] gfs2_instantiate+0x168/0x220 [ 116.217598][ T5975] gfs2_glock_wait+0x1d4/0x2a0 [ 116.217624][ T5975] do_sync+0x46f/0xc60 [ 116.217650][ T5975] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.217674][ T5975] ? _raw_spin_unlock+0x28/0x50 [ 116.217704][ T5975] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.217727][ T5975] ? gfs2_quota_sync+0x359/0x460 [ 116.217765][ T5975] ? __pfx_do_sync+0x10/0x10 [ 116.217802][ T5975] ? gfs2_quota_sync+0x359/0x460 [ 116.217834][ T5975] ? do_raw_spin_unlock+0x122/0x240 [ 116.217869][ T5975] gfs2_quota_sync+0x359/0x460 [ 116.217925][ T5975] gfs2_sync_fs+0x4c/0xb0 [ 116.217952][ T5975] sync_filesystem+0xee/0x230 [ 116.217993][ T5975] gfs2_reconfigure+0xbb/0xb20 [ 116.218027][ T5975] reconfigure_super+0x227/0x880 [ 116.218070][ T5975] path_mount+0xd29/0xff0 [ 116.218094][ T5975] ? kmem_cache_free+0x197/0x620 [ 116.218128][ T5975] __se_sys_mount+0x313/0x410 [ 116.218161][ T5975] ? __pfx___se_sys_mount+0x10/0x10 [ 116.218193][ T5975] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.218216][ T5975] ? __x64_sys_mount+0x20/0xc0 [ 116.218245][ T5975] do_syscall_64+0xfa/0xf80 [ 116.218269][ T5975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.218289][ T5975] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.218312][ T5975] ? exc_page_fault+0xab/0x100 [ 116.218336][ T5975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.218356][ T5975] RIP: 0033:0x7f71b6390eea [ 116.218382][ T5975] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.218402][ T5975] RSP: 002b:00007f71b71cce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 116.218428][ T5975] RAX: ffffffffffffffda RBX: 00007f71b71ccef0 RCX: 00007f71b6390eea [ 116.218447][ T5975] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000 [ 116.218461][ T5975] RBP: 0000200000000f40 R08: 00007f71b71ccef0 R09: 0000000001a4a438 [ 116.218475][ T5975] R10: 0000000001a4a438 R11: 0000000000000246 R12: 0000200000000f00 [ 116.218488][ T5975] R13: 00007f71b71cceb0 R14: 0000000000000000 R15: 0000200000000f80 [ 116.218521][ T5975] [ 116.218538][ T5975] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 116.509522][ T3456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.527581][ T3456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.527787][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.553756][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.566739][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 116.643693][ T3456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.678812][ T3456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.755708][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.785665][ T10] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 116.818971][ T10] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 116.837668][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.867735][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.878831][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.891150][ T10] usb 4-1: Product: syz [ 116.907564][ T10] usb 4-1: Manufacturer: syz [ 116.927222][ T10] usb 4-1: SerialNumber: syz [ 116.952235][ T10] usb 4-1: config 0 descriptor?? [ 116.956822][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.987080][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.058574][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.082655][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.229985][ T4547] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.269062][ T4547] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.426710][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 117.643914][ T6006] loop2: detected capacity change from 0 to 512 [ 117.835562][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 117.836676][ T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!! [ 118.265860][ T6006] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 118.295635][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.295990][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.315783][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.344333][ T6006] System zones: 0-2, 18-18, 34-35 [ 118.410096][ T6006] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.425561][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.486353][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.495547][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.504312][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.529144][ T6006] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 119.785164][ T5922] usb 4-1: USB disconnect, device number 2 [ 119.850586][ T6026] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11'. [ 119.896588][ T10] libceph: connect (1)[c::]:6789 error -101 [ 119.902975][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 119.957842][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.256585][ T5839] libceph: connect (1)[c::]:6789 error -101 [ 120.262670][ T5839] libceph: mon0 (1)[c::]:6789 connect error [ 120.720292][ T6023] ceph: No mds server is up or the cluster is laggy [ 121.068094][ T6034] mmap: syz.2.14 (6034) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 122.062328][ T5954] gfs2: fsid=syz:syz.0: file system withdrawn [ 123.029806][ T6062] netlink: 28 bytes leftover after parsing attributes in process `syz.3.20'. [ 123.038729][ T6062] netlink: 72 bytes leftover after parsing attributes in process `syz.3.20'. [ 123.080558][ T6056] netlink: 88 bytes leftover after parsing attributes in process `syz.3.20'. [ 123.724369][ T5936] libceph: connect (1)[c::]:6789 error -101 [ 123.742288][ T5936] libceph: mon0 (1)[c::]:6789 connect error [ 123.858096][ T6068] ceph: No mds server is up or the cluster is laggy [ 123.894319][ T6062] Zero length message leads to an empty skb [ 125.744614][ T6087] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input5 [ 126.302047][ T6101] netlink: 12 bytes leftover after parsing attributes in process `syz.3.29'. [ 126.894248][ T5995] libceph: connect (1)[c::]:6789 error -101 [ 126.907318][ T5995] libceph: mon0 (1)[c::]:6789 connect error [ 127.117693][ T6103] ceph: No mds server is up or the cluster is laggy [ 127.177595][ T5995] libceph: connect (1)[c::]:6789 error -101 [ 127.183879][ T5995] libceph: mon0 (1)[c::]:6789 connect error [ 128.208654][ T6125] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 128.212056][ T6126] netlink: 4 bytes leftover after parsing attributes in process `syz.3.36'. [ 130.854642][ T5922] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 131.205219][ T5922] usb 4-1: device descriptor read/64, error -71 [ 131.613480][ T5922] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 132.499711][ T5922] usb 4-1: device descriptor read/64, error -71 [ 132.645751][ T5922] usb usb4-port1: attempt power cycle [ 132.867677][ T5902] libceph: connect (1)[c::]:6789 error -101 [ 132.873729][ T5902] libceph: mon0 (1)[c::]:6789 connect error [ 133.131870][ T6174] loop2: detected capacity change from 0 to 32768 [ 133.161609][ T6174] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.50 (6174) [ 133.195545][ T6174] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 133.205950][ T6174] BTRFS info (device loop2): using blake2b (blake2b-256-lib) checksum algorithm [ 133.220436][ T6174] workqueue: max_active 262152 requested for btrfs-worker is out of range, clamping between 1 and 2048 [ 133.240815][ T5922] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 133.251033][ T6163] ceph: No mds server is up or the cluster is laggy [ 133.259213][ T6174] workqueue: max_active 262152 requested for btrfs-delalloc is out of range, clamping between 1 and 2048 [ 133.285967][ T5922] usb 4-1: device descriptor read/8, error -71 [ 133.333472][ T6174] workqueue: max_active 262152 requested for btrfs-endio is out of range, clamping between 1 and 2048 [ 133.354123][ T6174] workqueue: max_active 262152 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048 [ 133.403839][ T6174] workqueue: max_active 262152 requested for btrfs-rmw is out of range, clamping between 1 and 2048 [ 133.431462][ T6174] workqueue: max_active 262152 requested for btrfs-endio-write is out of range, clamping between 1 and 2048 [ 133.526725][ T5902] libceph: connect (1)[c::]:6789 error -101 [ 133.535280][ T5922] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 133.555551][ T5902] libceph: mon0 (1)[c::]:6789 connect error [ 133.600921][ T5922] usb 4-1: device descriptor read/8, error -71 [ 133.725478][ T6174] BTRFS info (device loop2): enabling ssd optimizations [ 133.732478][ T6174] BTRFS info (device loop2): turning on async discard [ 133.739337][ T6174] BTRFS info (device loop2): enabling free space tree [ 133.767473][ T5922] usb usb4-port1: unable to enumerate USB device [ 134.296965][ T6174] loop2: detected capacity change from 32768 to 64 [ 134.353543][ T6196] syz.2.50: attempt to access beyond end of device [ 134.353543][ T6196] loop2: rw=6145, sector=10440, nr_sectors = 8 limit=64 [ 134.426633][ T6196] BTRFS error (device loop2): bdev /dev/loop2 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0 [ 134.828837][ T6044] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 135.317906][ T6196] BTRFS error (device loop2 state A): Transaction aborted (error -5) [ 135.365264][ T6044] usb 4-1: Using ep0 maxpacket: 8 [ 135.376429][ T6196] BTRFS: error (device loop2 state A) in process_one_buffer:445: errno=-5 IO failure [ 135.399777][ T6044] usb 4-1: config index 0 descriptor too short (expected 12369, got 18) [ 135.475586][ T6196] BTRFS info (device loop2 state EA): forced readonly [ 135.475802][ T6044] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 135.527819][ T6044] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.554997][ T6044] usb 4-1: Product: syz [ 135.579526][ T6044] usb 4-1: Manufacturer: syz [ 135.599757][ T6044] usb 4-1: SerialNumber: syz [ 135.627834][ T6196] BTRFS: error (device loop2 state EA) in free_log_tree:3661: errno=-5 IO failure [ 135.628842][ T6044] usb 4-1: config 0 descriptor?? [ 135.731506][ T6196] BTRFS warning (device loop2 state EA): Skipping commit of aborted transaction. [ 135.863498][ T6196] BTRFS: error (device loop2 state EA) in cleanup_transaction:2036: errno=-5 IO failure [ 136.024484][ T6044] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 136.038701][ T5841] BTRFS info (device loop2 state EA): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 136.224058][ T6044] gspca_sunplus: reg_w_riv err -71 [ 136.230602][ T6044] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 136.256371][ T6044] usb 4-1: USB disconnect, device number 7 [ 138.525056][ T6215] loop1: detected capacity change from 0 to 512 [ 139.389718][ T6215] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.57: inode has both inline data and extents flags [ 139.412225][ T6215] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.57: couldn't read orphan inode 15 (err -117) [ 139.550582][ T6215] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.198149][ T6050] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 141.282254][ T5836] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.365302][ T6050] usb 4-1: device descriptor read/64, error -71 [ 141.411259][ T9] libceph: connect (1)[c::]:6789 error -101 [ 141.467363][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 141.510410][ T6229] ceph: No mds server is up or the cluster is laggy [ 141.596303][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 141.603021][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 141.625232][ T6050] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 142.757378][ T6050] usb 4-1: device descriptor read/64, error -71 [ 142.859629][ T6238] loop1: detected capacity change from 0 to 65536 [ 142.877125][ T6050] usb usb4-port1: attempt power cycle [ 142.926884][ T6238] ======================================================= [ 142.926884][ T6238] WARNING: The mand mount option has been deprecated and [ 142.926884][ T6238] and is ignored by this kernel. Remove the mand [ 142.926884][ T6238] option from the mount to silence this warning. [ 142.926884][ T6238] ======================================================= [ 143.099040][ T6238] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 143.163373][ T6238] XFS (loop1): Ending clean mount [ 143.167565][ T6238] XFS (loop1): Quotacheck needed: Please wait. [ 143.299654][ T6238] XFS (loop1): Quotacheck: Done. [ 143.456579][ T6264] netlink: 20 bytes leftover after parsing attributes in process `syz.0.69'. [ 143.535289][ T31] audit: type=1326 audit(1765985360.696:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.0.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b638f749 code=0x7ffc0000 [ 143.629684][ T6264] netlink: 20 bytes leftover after parsing attributes in process `syz.0.69'. [ 143.638590][ T5902] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 143.726054][ T6044] libceph: connect (1)[c::]:6789 error -101 [ 143.732144][ T6044] libceph: mon0 (1)[c::]:6789 connect error [ 143.959063][ T31] audit: type=1326 audit(1765985360.696:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.0.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b638f749 code=0x7ffc0000 [ 143.989810][ T31] audit: type=1326 audit(1765985360.696:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.0.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f71b638f749 code=0x7ffc0000 [ 144.347471][ T31] audit: type=1326 audit(1765985360.696:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.0.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b638f749 code=0x7ffc0000 [ 144.372187][ T31] audit: type=1326 audit(1765985360.696:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.0.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b638f749 code=0x7ffc0000 [ 144.600632][ T6260] ceph: No mds server is up or the cluster is laggy [ 144.758119][ T31] audit: type=1326 audit(1765985360.696:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.0.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f71b638f749 code=0x7ffc0000 [ 144.835421][ T31] audit: type=1326 audit(1765985360.696:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.0.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b638f749 code=0x7ffc0000 [ 144.865763][ T6044] libceph: connect (1)[c::]:6789 error -101 [ 144.874089][ T6044] libceph: mon0 (1)[c::]:6789 connect error [ 144.881031][ T31] audit: type=1326 audit(1765985360.696:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.0.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f71b638f749 code=0x7ffc0000 [ 145.060880][ T31] audit: type=1326 audit(1765985360.696:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.0.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b638f749 code=0x7ffc0000 [ 145.233675][ T5902] usb 5-1: device descriptor read/all, error -71 [ 145.253576][ T31] audit: type=1326 audit(1765985360.696:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.0.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f71b638f749 code=0x7ffc0000 [ 145.756155][ T5836] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 148.442259][ T6288] loop4: detected capacity change from 0 to 512 [ 148.579864][ T6288] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.75: inode has both inline data and extents flags [ 148.593609][ T6288] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.75: couldn't read orphan inode 15 (err -117) [ 148.607566][ T6288] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.794797][ T5850] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.996544][ T6297] ALSA: mixer_oss: invalid OSS volume '' [ 153.426331][ T5976] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 154.380049][ T5976] usb 5-1: device descriptor read/64, error -71 [ 154.675230][ T5976] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 154.845299][ T5976] usb 5-1: device descriptor read/64, error -71 [ 155.909102][ T5976] usb usb5-port1: attempt power cycle [ 155.922248][ T6331] loop1: detected capacity change from 0 to 128 [ 157.826341][ T6338] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 158.560341][ T6354] loop2: detected capacity change from 0 to 128 [ 159.211620][ T6353] ALSA: mixer_oss: invalid OSS volume '' [ 160.322892][ T6351] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 160.332238][ T6351] vlan2: entered promiscuous mode [ 161.674789][ T6369] loop3: detected capacity change from 0 to 128 [ 162.507814][ T6377] netlink: 28 bytes leftover after parsing attributes in process `syz.3.98'. [ 162.516806][ T6377] netlink: 72 bytes leftover after parsing attributes in process `syz.3.98'. [ 162.565289][ T6378] netlink: 88 bytes leftover after parsing attributes in process `syz.3.98'. [ 163.985361][ T6359] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 164.486122][ T6390] loop3: detected capacity change from 0 to 128 [ 167.905631][ T6407] loop1: detected capacity change from 0 to 128 [ 169.568783][ T6416] loop3: detected capacity change from 0 to 128 [ 170.740449][ T5847] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 170.754061][ T5847] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 170.762160][ T5847] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 170.783637][ T5847] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 171.277998][ T5847] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 172.650550][ T6443] netlink: 28 bytes leftover after parsing attributes in process `syz.1.113'. [ 172.659489][ T6443] netlink: 72 bytes leftover after parsing attributes in process `syz.1.113'. [ 172.707865][ T6444] netlink: 88 bytes leftover after parsing attributes in process `syz.1.113'. [ 173.016738][ T6450] ALSA: mixer_oss: invalid OSS volume '' [ 173.345332][ T5847] Bluetooth: hci6: command tx timeout [ 174.431917][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 174.441367][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 174.469575][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 174.483647][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 174.491511][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 175.775064][ T5854] Bluetooth: hci6: command tx timeout [ 176.058521][ T6465] loop3: detected capacity change from 0 to 128 [ 176.672462][ T5854] Bluetooth: hci1: command tx timeout [ 177.059903][ T6418] chnl_net:caif_netlink_parms(): no params data found [ 177.508554][ T6469] loop3: detected capacity change from 0 to 40427 [ 177.545565][ T6469] F2FS-fs (loop3): build fault injection rate: 14 [ 177.549485][ T1782] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.552476][ T6469] F2FS-fs (loop3): build fault injection type: 0x3bfe8c [ 177.578049][ T6469] F2FS-fs (loop3): invalid crc value [ 177.607259][ T6468] netlink: 4 bytes leftover after parsing attributes in process `syz.1.120'. [ 177.649196][ C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60 [ 177.674908][ C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60 [ 177.743018][ T6469] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 177.752480][ T6469] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0 [ 177.825534][ T5854] Bluetooth: hci6: command tx timeout [ 177.837184][ T6469] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 178.713501][ T5854] Bluetooth: hci1: command tx timeout [ 179.567764][ C0] F2FS-fs (loop3): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60 [ 179.578545][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) [ 179.578568][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 179.578580][ C0] Call Trace: [ 179.578588][ C0] [ 179.578597][ C0] dump_stack_lvl+0x189/0x250 [ 179.578624][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 179.578649][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.578669][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 179.578691][ C0] ? __pfx_queue_work_on+0x10/0x10 [ 179.578713][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 179.578733][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 179.578766][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 179.578795][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 179.578815][ C0] ? f2fs_hw_is_readonly+0x39b/0x470 [ 179.578840][ C0] f2fs_handle_critical_error+0x37c/0x540 [ 179.578865][ C0] f2fs_write_end_io+0x886/0xb60 [ 179.578902][ C0] blk_update_request+0x57e/0xe60 [ 179.578934][ C0] blk_mq_end_request+0x3e/0x70 [ 179.578954][ C0] blk_flush_complete_seq+0x678/0xcc0 [ 179.578990][ C0] flush_end_io+0xbaf/0xe60 [ 179.579022][ C0] __blk_mq_end_request+0x46a/0x630 [ 179.579046][ C0] blk_done_softirq+0x10a/0x160 [ 179.579066][ C0] handle_softirqs+0x27d/0x850 [ 179.579096][ C0] ? run_ksoftirqd+0x9b/0x100 [ 179.579122][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 179.579145][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 179.579164][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 179.579187][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 179.579207][ C0] run_ksoftirqd+0x9b/0x100 [ 179.579229][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 179.579257][ C0] smpboot_thread_fn+0x542/0xa60 [ 179.579279][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 179.579307][ C0] kthread+0x711/0x8a0 [ 179.579334][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 179.579355][ C0] ? __pfx_kthread+0x10/0x10 [ 179.579376][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 179.579400][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 179.579429][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 179.579449][ C0] ? lockdep_hardirqs_on+0x98/0x140 [ 179.579467][ C0] ? __pfx_kthread+0x10/0x10 [ 179.579491][ C0] ret_from_fork+0x599/0xb30 [ 179.579512][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 179.579538][ C0] ? __switch_to_asm+0x39/0x70 [ 179.579561][ C0] ? __switch_to_asm+0x33/0x70 [ 179.579584][ C0] ? __pfx_kthread+0x10/0x10 [ 179.579609][ C0] ret_from_fork_asm+0x1a/0x30 [ 179.579647][ C0] [ 179.579654][ C0] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 179.902893][ T5831] F2FS-fs (loop3): do_checkpoint failed err:-5, stop checkpoint [ 179.916182][ T5854] Bluetooth: hci6: command tx timeout [ 180.030596][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.125'. [ 180.349392][ T6487] netlink: 20 bytes leftover after parsing attributes in process `syz.5.123'. [ 180.364576][ T31] kauditd_printk_skb: 19 callbacks suppressed [ 180.364593][ T31] audit: type=1326 audit(1765985397.586:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.5.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 180.435564][ T31] audit: type=1326 audit(1765985397.586:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.5.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 180.625973][ T6488] netlink: 20 bytes leftover after parsing attributes in process `syz.5.123'. [ 180.647799][ T31] audit: type=1326 audit(1765985397.586:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.5.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 180.693737][ T31] audit: type=1326 audit(1765985397.596:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.5.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 180.732740][ T1782] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.795389][ T5854] Bluetooth: hci1: command tx timeout [ 180.825977][ T31] audit: type=1326 audit(1765985397.596:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.5.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 180.918521][ T31] audit: type=1326 audit(1765985397.596:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.5.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 181.364974][ T31] audit: type=1326 audit(1765985397.596:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.5.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 181.654544][ T31] audit: type=1326 audit(1765985397.596:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.5.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 181.827401][ T31] audit: type=1326 audit(1765985398.786:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.5.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 181.916115][ T31] audit: type=1326 audit(1765985398.786:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.5.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 182.335266][ T5976] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 182.460743][ T1782] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.608341][ T5976] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 182.658277][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.686810][ T5976] usb 2-1: Product: syz [ 182.696624][ T5976] usb 2-1: Manufacturer: syz [ 182.789590][ T5976] usb 2-1: SerialNumber: syz [ 182.810471][ T5976] usb 2-1: config 0 descriptor?? [ 182.838823][ T5976] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 182.887734][ T5854] Bluetooth: hci1: command tx timeout [ 183.007727][ T1782] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.114179][ T6418] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.194804][ T6418] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.217239][ T6418] bridge_slave_0: entered allmulticast mode [ 183.238501][ T6418] bridge_slave_0: entered promiscuous mode [ 183.448056][ T5976] gspca_sunplus: reg_r err -110 [ 183.453066][ T5976] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 183.598046][ T6511] netlink: 28 bytes leftover after parsing attributes in process `syz.3.129'. [ 183.607213][ T6511] netlink: 72 bytes leftover after parsing attributes in process `syz.3.129'. [ 183.655708][ T6512] netlink: 88 bytes leftover after parsing attributes in process `syz.3.129'. [ 184.522669][ T6418] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.562895][ T6418] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.614611][ T6418] bridge_slave_1: entered allmulticast mode [ 184.650746][ T6418] bridge_slave_1: entered promiscuous mode [ 184.729351][ T6503] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 185.204906][ T5902] usb 2-1: USB disconnect, device number 2 [ 185.764334][ T6418] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.789836][ T6528] loop3: detected capacity change from 0 to 4096 [ 187.532597][ T6418] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.944061][ T6544] fuse: Unknown parameter 'group_i00000000000000000000' [ 188.023982][ T6540] tipc: Started in network mode [ 188.029854][ T6540] tipc: Node identity 4, cluster identity 4711 [ 188.036075][ T6540] tipc: Node number set to 4 [ 188.239860][ T6418] team0: Port device team_slave_0 added [ 188.280175][ T6418] team0: Port device team_slave_1 added [ 188.755302][ T6418] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.762673][ T6418] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.790344][ T6418] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.961033][ T6561] netlink: 80 bytes leftover after parsing attributes in process `syz.5.145'. [ 190.001046][ T6456] chnl_net:caif_netlink_parms(): no params data found [ 190.049641][ T1782] bridge_slave_1: left allmulticast mode [ 190.078366][ T1782] bridge_slave_1: left promiscuous mode [ 190.085357][ T1782] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.322618][ T6565] fuse: Unknown parameter 'group_i00000000000000000000' [ 190.426439][ T1782] bridge_slave_0: left allmulticast mode [ 190.441975][ T1782] bridge_slave_0: left promiscuous mode [ 190.447961][ T1782] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.537831][ T6572] ALSA: mixer_oss: invalid OSS volume '' [ 191.148964][ T6580] loop1: detected capacity change from 0 to 128 [ 194.925733][ T30] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 195.865933][ T30] usb 4-1: Using ep0 maxpacket: 32 [ 195.893836][ T6604] fuse: Unknown parameter 'group_id00000000000000000000' [ 195.904639][ T30] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.925975][ T1782] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 195.935266][ T30] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 196.012845][ T1782] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 196.015328][ T30] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 196.074631][ T1782] bond0 (unregistering): Released all slaves [ 196.093319][ T30] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.136496][ T30] usb 4-1: Product: syz [ 196.140723][ T30] usb 4-1: Manufacturer: syz [ 196.148141][ T6418] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.165185][ T30] usb 4-1: SerialNumber: syz [ 196.169514][ T6418] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 196.206622][ T30] usb 4-1: config 0 descriptor?? [ 196.260929][ T6418] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.409068][ T6609] ALSA: mixer_oss: invalid OSS volume '' [ 196.658340][ T6611] overlayfs: failed to clone upperpath [ 196.760191][ T6615] netlink: 52 bytes leftover after parsing attributes in process `syz.2.163'. [ 197.134214][ T6615] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.142866][ T6615] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.314083][ T6418] hsr_slave_0: entered promiscuous mode [ 197.338350][ T6418] hsr_slave_1: entered promiscuous mode [ 197.347073][ T6418] debugfs: 'hsr0' already exists in 'hsr' [ 197.353163][ T6418] Cannot create hsr debugfs directory [ 197.455993][ T6631] netlink: 4 bytes leftover after parsing attributes in process `syz.5.167'. [ 197.505737][ T774] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 197.526394][ T6631] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.534126][ T6631] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.597035][ T6456] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.611515][ T6456] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.624141][ T6456] bridge_slave_0: entered allmulticast mode [ 197.650257][ T6456] bridge_slave_0: entered promiscuous mode [ 197.675243][ T774] usb 2-1: Using ep0 maxpacket: 8 [ 197.680518][ T5902] usb 4-1: USB disconnect, device number 11 [ 197.684161][ T774] usb 2-1: config index 0 descriptor too short (expected 12369, got 18) [ 197.720208][ T774] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 197.754181][ T774] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.831673][ T6456] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.841192][ T774] usb 2-1: Product: syz [ 197.884049][ T774] usb 2-1: Manufacturer: syz [ 197.895020][ T6456] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.905526][ T774] usb 2-1: SerialNumber: syz [ 197.928939][ T6456] bridge_slave_1: entered allmulticast mode [ 197.932355][ T5993] IPVS: starting estimator thread 0... [ 197.948930][ T6456] bridge_slave_1: entered promiscuous mode [ 197.971115][ T774] usb 2-1: config 0 descriptor?? [ 198.175487][ T6639] IPVS: using max 27 ests per chain, 64800 per kthread [ 199.385412][ T1782] hsr_slave_0: left promiscuous mode [ 199.449479][ T1782] hsr_slave_1: left promiscuous mode [ 199.484128][ T1782] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 199.513728][ T1782] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 199.779931][ T1782] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 199.791827][ T1782] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.827943][ T1782] veth1_macvtap: left promiscuous mode [ 200.859212][ T1782] veth0_macvtap: left promiscuous mode [ 200.874871][ T1782] veth1_vlan: left promiscuous mode [ 200.894781][ T1782] veth0_vlan: left promiscuous mode [ 202.073420][ T6659] loop3: detected capacity change from 0 to 512 [ 202.266585][ T6659] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 202.290050][ T6659] System zones: 0-2, 18-18, 34-35 [ 202.481432][ T6659] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.675507][ T6659] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.033709][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 203.040280][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 203.059974][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.194992][ T774] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 203.226022][ T774] gspca_sunplus: reg_w_riv err -32 [ 203.259263][ T774] sunplus 2-1:0.0: probe with driver sunplus failed with error -32 [ 203.896126][ T1782] team0 (unregistering): Port device team_slave_1 removed [ 203.961546][ T1782] team0 (unregistering): Port device team_slave_0 removed [ 204.626894][ T6685] loop2: detected capacity change from 0 to 4096 [ 205.072157][ T6689] netlink: 28 bytes leftover after parsing attributes in process `syz.5.180'. [ 205.081988][ T6689] netlink: 72 bytes leftover after parsing attributes in process `syz.5.180'. [ 205.123205][ T6691] netlink: 88 bytes leftover after parsing attributes in process `syz.5.180'. [ 205.346392][ T30] usb 2-1: USB disconnect, device number 3 [ 205.817816][ T6456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.380549][ T6705] loop1: detected capacity change from 0 to 128 [ 207.528047][ T6456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.159688][ T6717] loop3: detected capacity change from 0 to 128 [ 208.599573][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 208.944704][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 208.968206][ T9] usb 2-1: config 0 has an invalid interface number: 188 but max is 0 [ 208.989128][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 209.027073][ T9] usb 2-1: config 0 has no interface number 0 [ 209.029702][ T6456] team0: Port device team_slave_0 added [ 209.033220][ T9] usb 2-1: config 0 interface 188 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 209.181152][ T6456] team0: Port device team_slave_1 added [ 209.326484][ T6727] netlink: 20 bytes leftover after parsing attributes in process `syz.3.188'. [ 209.341077][ T31] audit: type=1326 audit(1765985426.566:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.3.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a58f749 code=0x7ffc0000 [ 209.367910][ T9] usb 2-1: config 0 interface 188 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 209.410733][ T6733] netlink: 20 bytes leftover after parsing attributes in process `syz.3.188'. [ 209.466396][ T9] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 209.479024][ T31] audit: type=1326 audit(1765985426.566:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.3.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a58f749 code=0x7ffc0000 [ 209.505455][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.529482][ T9] usb 2-1: Product: syz [ 209.533771][ T9] usb 2-1: Manufacturer: syz [ 209.552858][ T9] usb 2-1: SerialNumber: syz [ 209.600680][ T31] audit: type=1326 audit(1765985426.646:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.3.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f9e6a58f749 code=0x7ffc0000 [ 209.631844][ T31] audit: type=1326 audit(1765985426.656:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.3.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a58f749 code=0x7ffc0000 [ 209.662940][ T6456] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.675896][ T9] usb 2-1: config 0 descriptor?? [ 209.715363][ T6456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.755822][ T9] asix 2-1:0.188: probe with driver asix failed with error -22 [ 209.876488][ T6456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.914285][ T31] audit: type=1326 audit(1765985426.656:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.3.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a58f749 code=0x7ffc0000 [ 209.959020][ T6456] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.977955][ T6456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.984794][ T31] audit: type=1326 audit(1765985426.656:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.3.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9e6a58f749 code=0x7ffc0000 [ 210.049670][ T31] audit: type=1326 audit(1765985426.656:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.3.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a58f749 code=0x7ffc0000 [ 210.072886][ T31] audit: type=1326 audit(1765985426.656:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.3.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a58f749 code=0x7ffc0000 [ 210.215398][ T6456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.225216][ T31] audit: type=1326 audit(1765985426.656:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.3.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9e6a58f749 code=0x7ffc0000 [ 210.327288][ T31] audit: type=1326 audit(1765985426.756:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6723 comm="syz.3.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6a58f749 code=0x7ffc0000 [ 211.354785][ T867] usb 2-1: USB disconnect, device number 4 [ 211.461950][ T6748] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 211.469674][ T6748] vlan2: entered promiscuous mode [ 211.594159][ T6456] hsr_slave_0: entered promiscuous mode [ 211.862087][ T6753] loop1: detected capacity change from 0 to 40427 [ 211.878317][ T6753] F2FS-fs (loop1): build fault injection rate: 14 [ 211.884782][ T6753] F2FS-fs (loop1): build fault injection type: 0x3bfe8c [ 211.893798][ T6753] F2FS-fs (loop1): invalid crc value [ 211.916572][ T6456] hsr_slave_1: entered promiscuous mode [ 211.923000][ T6456] debugfs: 'hsr0' already exists in 'hsr' [ 211.939098][ C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60 [ 211.959846][ C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60 [ 212.016901][ T6753] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 212.021769][ T6456] Cannot create hsr debugfs directory [ 212.026131][ T6753] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0 [ 212.059029][ T6753] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 212.115738][ T6418] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 212.177791][ T6753] F2FS-fs (loop1): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x18b/0xa40 [ 212.193255][ T6753] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40 [ 212.205649][ T6753] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0xab4/0x1cf0 [ 212.217722][ T6753] F2FS-fs (loop1): inconsistent node block, node_type:3, nid:15, node_footer[nid:15,ino:3,ofs:191623,cpver:0,blkaddr:0] [ 212.261674][ T6418] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 212.330617][ T6753] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of __vfs_getxattr+0x3f4/0x430 [ 212.342321][ T6753] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of f2fs_write_begin+0xb38/0x2630 [ 212.355268][ T6753] F2FS-fs (loop1): inconsistent node block, node_type:1, nid:12, node_footer[nid:12,ino:12,ofs:0,cpver:10241045589465957861,blkaddr:4104] [ 212.378879][ C1] F2FS-fs (loop1): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60 [ 212.389422][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) [ 212.389445][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 212.389456][ C1] Call Trace: [ 212.389464][ C1] [ 212.389471][ C1] dump_stack_lvl+0x189/0x250 [ 212.389499][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.389523][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.389543][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.389564][ C1] ? __pfx_queue_work_on+0x10/0x10 [ 212.389586][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.389606][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 212.389636][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 212.389665][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.389685][ C1] ? f2fs_hw_is_readonly+0x39b/0x470 [ 212.389709][ C1] f2fs_handle_critical_error+0x37c/0x540 [ 212.389734][ C1] f2fs_write_end_io+0x886/0xb60 [ 212.389771][ C1] blk_update_request+0x57e/0xe60 [ 212.389803][ C1] blk_mq_end_request+0x3e/0x70 [ 212.389823][ C1] blk_flush_complete_seq+0x678/0xcc0 [ 212.389851][ C1] flush_end_io+0xbaf/0xe60 [ 212.389882][ C1] __blk_mq_end_request+0x46a/0x630 [ 212.389906][ C1] blk_done_softirq+0x10a/0x160 [ 212.389926][ C1] handle_softirqs+0x27d/0x850 [ 212.389949][ C1] ? run_ksoftirqd+0x9b/0x100 [ 212.389976][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 212.389998][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 212.390018][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.390041][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 212.390060][ C1] run_ksoftirqd+0x9b/0x100 [ 212.390082][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 212.390110][ C1] smpboot_thread_fn+0x542/0xa60 [ 212.390132][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 212.390160][ C1] kthread+0x711/0x8a0 [ 212.390187][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 212.390207][ C1] ? __pfx_kthread+0x10/0x10 [ 212.390229][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.390264][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 212.390291][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.390311][ C1] ? lockdep_hardirqs_on+0x98/0x140 [ 212.390328][ C1] ? __pfx_kthread+0x10/0x10 [ 212.390352][ C1] ret_from_fork+0x599/0xb30 [ 212.390372][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 212.390398][ C1] ? __switch_to_asm+0x39/0x70 [ 212.390421][ C1] ? __switch_to_asm+0x33/0x70 [ 212.390444][ C1] ? __pfx_kthread+0x10/0x10 [ 212.390478][ C1] ret_from_fork_asm+0x1a/0x30 [ 212.390516][ C1] [ 212.390524][ C1] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 212.395280][ T6753] F2FS-fs (loop1): do_checkpoint failed err:-5, stop checkpoint [ 212.681783][ T6418] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 213.736457][ T6418] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 214.270629][ T6284] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.554184][ T6773] fuse: Bad value for 'fd' [ 214.561324][ T6774] netlink: 28 bytes leftover after parsing attributes in process `syz.3.196'. [ 214.570395][ T6774] netlink: 72 bytes leftover after parsing attributes in process `syz.3.196'. [ 214.611663][ T6771] netlink: 88 bytes leftover after parsing attributes in process `syz.3.196'. [ 214.858463][ T6284] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.201968][ T6284] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.255997][ T31] kauditd_printk_skb: 2 callbacks suppressed [ 215.256015][ T31] audit: type=1326 audit(1765985432.506:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8fbf8f749 code=0x7ffc0000 [ 215.323708][ T6789] netlink: 20 bytes leftover after parsing attributes in process `syz.2.198'. [ 215.391348][ T31] audit: type=1326 audit(1765985432.526:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fe8fbf8f749 code=0x7ffc0000 [ 215.447509][ T6793] netlink: 20 bytes leftover after parsing attributes in process `syz.2.198'. [ 215.475471][ T867] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 215.515589][ T31] audit: type=1326 audit(1765985432.526:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8fbf8f749 code=0x7ffc0000 [ 216.438207][ T31] audit: type=1326 audit(1765985432.536:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8fbf8f749 code=0x7ffc0000 [ 216.465714][ T31] audit: type=1326 audit(1765985432.536:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe8fbf8f749 code=0x7ffc0000 [ 216.595019][ T31] audit: type=1326 audit(1765985432.536:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8fbf8f749 code=0x7ffc0000 [ 216.625597][ T867] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 216.642677][ T867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.656461][ T31] audit: type=1326 audit(1765985432.546:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe8fbf8f749 code=0x7ffc0000 [ 216.681017][ T867] usb 2-1: config 0 descriptor?? [ 216.686786][ T31] audit: type=1326 audit(1765985432.546:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8fbf8f749 code=0x7ffc0000 [ 216.878268][ T31] audit: type=1326 audit(1765985432.566:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe8fbf8f749 code=0x7ffc0000 [ 216.900736][ T31] audit: type=1326 audit(1765985432.736:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8fbf8f749 code=0x7ffc0000 [ 216.953463][ T867] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 217.145862][ T6802] loop3: detected capacity change from 0 to 128 [ 217.834535][ T6797] netlink: 4 bytes leftover after parsing attributes in process `syz.5.201'. [ 217.860854][ T867] [drm:udl_init] *ERROR* Selecting channel failed [ 217.923790][ T867] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 217.924352][ T6284] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.030219][ T867] [drm] Initialized udl on minor 2 [ 218.094178][ T867] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 218.146239][ T867] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 218.174653][ T5922] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 218.233244][ T867] usb 2-1: USB disconnect, device number 5 [ 218.243077][ T5922] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 218.883480][ T6810] loop3: detected capacity change from 0 to 128 [ 219.624193][ T6456] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 219.813201][ T6456] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 220.006075][ T6456] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 220.484574][ T6456] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 220.596105][ T6284] bridge_slave_1: left allmulticast mode [ 220.601788][ T6284] bridge_slave_1: left promiscuous mode [ 220.638342][ T6284] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.697864][ T6284] bridge_slave_0: left allmulticast mode [ 220.721843][ T6284] bridge_slave_0: left promiscuous mode [ 220.748988][ T6284] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.003452][ T6829] fuse: Bad value for 'fd' [ 221.621890][ T6842] netlink: 28 bytes leftover after parsing attributes in process `syz.2.210'. [ 221.631060][ T6842] netlink: 72 bytes leftover after parsing attributes in process `syz.2.210'. [ 221.684562][ T6844] netlink: 88 bytes leftover after parsing attributes in process `syz.2.210'. [ 222.299346][ T6284] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 222.330879][ T6284] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 222.349934][ T6284] bond0 (unregistering): Released all slaves [ 222.591450][ T6817] loop1: detected capacity change from 0 to 65536 [ 222.725559][ T6817] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 222.748089][ T6817] workqueue: Failed to create a rescuer kthread for wq "xfs-log/loop1": -EINTR [ 222.748551][ T6817] XFS (loop1): log mount failed [ 222.990427][ T6860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.212'. [ 224.195069][ T6871] vlan2: entered promiscuous mode [ 224.448413][ T6879] fuse: Bad value for 'fd' [ 224.514341][ T6418] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.071601][ T6284] hsr_slave_0: left promiscuous mode [ 225.096411][ T6284] hsr_slave_1: left promiscuous mode [ 225.121420][ T6284] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 225.168821][ T6284] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 225.196659][ T6284] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.204076][ T6284] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 225.307204][ T6284] veth1_macvtap: left promiscuous mode [ 225.332343][ T6284] veth0_macvtap: left promiscuous mode [ 225.361410][ T6284] veth1_vlan: left promiscuous mode [ 225.385747][ T6284] veth0_vlan: left promiscuous mode [ 226.133654][ T6909] netlink: 4 bytes leftover after parsing attributes in process `syz.2.225'. [ 228.398609][ T6284] team0 (unregistering): Port device team_slave_1 removed [ 228.619526][ T5847] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 228.637008][ T5847] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 228.644670][ T5847] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 228.653747][ T6284] team0 (unregistering): Port device team_slave_0 removed [ 228.661886][ T5847] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 228.670614][ T5847] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 229.645232][ T6344] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 229.830307][ T6344] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 229.853149][ T6344] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.881580][ T6344] usb 2-1: config 0 descriptor?? [ 230.139994][ T6344] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 230.357949][ T6344] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 230.386602][ T6344] [drm] Initialized udl on minor 2 [ 230.542115][ T6344] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 230.567040][ T6344] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 230.580449][ T867] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 230.592548][ T6344] usb 2-1: USB disconnect, device number 6 [ 230.605623][ T867] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 230.705294][ T5854] Bluetooth: hci5: command tx timeout [ 230.705786][ T5847] Bluetooth: hci4: command 0x0406 tx timeout [ 230.711966][ T5834] Bluetooth: hci3: command 0x0406 tx timeout [ 230.723111][ T5838] Bluetooth: hci2: command 0x0406 tx timeout [ 231.015008][ T6940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.231'. [ 231.595086][ T6940] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.602649][ T6940] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.894038][ T6456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.905635][ T5852] Bluetooth: hci5: command tx timeout [ 234.286437][ T6974] netlink: 24 bytes leftover after parsing attributes in process `syz.3.241'. [ 234.381754][ T6927] chnl_net:caif_netlink_parms(): no params data found [ 235.032812][ T5852] Bluetooth: hci5: command tx timeout [ 235.450247][ T5147] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 235.459084][ T5147] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 235.467101][ T5147] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 235.476484][ T5147] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 235.484126][ T5147] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 237.105296][ T5147] Bluetooth: hci5: command tx timeout [ 237.378619][ T6927] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.405421][ T6927] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.412743][ T6927] bridge_slave_0: entered allmulticast mode [ 237.427291][ T7010] fuse: Unknown parameter '00000000000000000000' [ 237.449094][ T6927] bridge_slave_0: entered promiscuous mode [ 237.515777][ T5147] Bluetooth: hci7: command tx timeout [ 237.569989][ T6927] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.779772][ T6927] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.795515][ T6927] bridge_slave_1: entered allmulticast mode [ 237.850160][ T6927] bridge_slave_1: entered promiscuous mode [ 238.994590][ T6927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.141184][ T6927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 239.150941][ T7035] netlink: 24 bytes leftover after parsing attributes in process `syz.2.253'. [ 239.605178][ T5147] Bluetooth: hci7: command tx timeout [ 240.600285][ T6927] team0: Port device team_slave_0 added [ 240.624380][ T6927] team0: Port device team_slave_1 added [ 241.665515][ T5147] Bluetooth: hci7: command tx timeout [ 242.107072][ T6927] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 242.289604][ T6927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 242.316360][ T6927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 243.297372][ T6927] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 243.304354][ T6927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 243.319105][ T7058] fuse: Unknown parameter 'user00000000000000000000' [ 243.431002][ T7060] netlink: 20 bytes leftover after parsing attributes in process `syz.5.259'. [ 243.447408][ T31] kauditd_printk_skb: 9 callbacks suppressed [ 243.447425][ T31] audit: type=1326 audit(1765985460.676:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.5.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 243.712407][ T6927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 243.745769][ T31] audit: type=1326 audit(1765985460.676:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.5.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 243.768992][ T31] audit: type=1326 audit(1765985460.676:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.5.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 243.775740][ T5147] Bluetooth: hci7: command tx timeout [ 243.815337][ T7063] netlink: 20 bytes leftover after parsing attributes in process `syz.5.259'. [ 243.925764][ T31] audit: type=1326 audit(1765985460.676:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.5.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 243.983326][ T31] audit: type=1326 audit(1765985460.676:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.5.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 244.030998][ T31] audit: type=1326 audit(1765985460.676:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.5.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 244.136758][ T31] audit: type=1326 audit(1765985460.676:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.5.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 244.249606][ T31] audit: type=1326 audit(1765985460.676:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.5.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa00ef8f749 code=0x7ffc0000 [ 244.744768][ T7080] netlink: 28 bytes leftover after parsing attributes in process `syz.2.264'. [ 244.754053][ T7080] netlink: 72 bytes leftover after parsing attributes in process `syz.2.264'. [ 244.802272][ T7083] netlink: 88 bytes leftover after parsing attributes in process `syz.2.264'. [ 244.966574][ T6927] hsr_slave_0: entered promiscuous mode [ 245.012028][ T6927] hsr_slave_1: entered promiscuous mode [ 245.260509][ T6982] chnl_net:caif_netlink_parms(): no params data found [ 245.396538][ T7094] fuse: Unknown parameter '00000000000000000000' [ 248.848164][ T6982] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.875693][ T6982] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.907822][ T6982] bridge_slave_0: entered allmulticast mode [ 248.975364][ T6982] bridge_slave_0: entered promiscuous mode [ 249.268355][ T6982] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.309613][ T6982] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.666014][ T6982] bridge_slave_1: entered allmulticast mode [ 250.685638][ T6982] bridge_slave_1: entered promiscuous mode [ 251.146820][ T7149] tipc: Started in network mode [ 251.151733][ T7149] tipc: Node identity 4, cluster identity 4711 [ 251.196423][ T7149] tipc: Node number set to 4 [ 251.226056][ T6982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 251.279516][ T6982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.797540][ T7158] loop1: detected capacity change from 0 to 128 [ 252.567771][ T6982] team0: Port device team_slave_0 added [ 252.633141][ T6982] team0: Port device team_slave_1 added [ 252.850523][ T6982] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 252.878865][ T6982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 252.945652][ T6982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 252.977684][ T6982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 252.984653][ T6982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 253.055198][ T6982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 253.095911][ T6284] bridge_slave_1: left allmulticast mode [ 253.101666][ T6284] bridge_slave_1: left promiscuous mode [ 253.112457][ T6284] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.137502][ T6284] bridge_slave_0: left allmulticast mode [ 253.163648][ T6284] bridge_slave_0: left promiscuous mode [ 253.169577][ T6284] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.275051][ T6284] bridge_slave_1: left allmulticast mode [ 253.295453][ T6284] bridge_slave_1: left promiscuous mode [ 253.301252][ T6284] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.364051][ T6284] bridge_slave_0: left allmulticast mode [ 253.447083][ T6284] bridge_slave_0: left promiscuous mode [ 253.466472][ T6284] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.053777][ T5902] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 254.216250][ T5902] usb 2-1: Using ep0 maxpacket: 8 [ 254.260927][ T5902] usb 2-1: config index 0 descriptor too short (expected 12369, got 18) [ 254.281085][ T5902] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 254.841218][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.001510][ T5902] usb 2-1: Product: syz [ 255.031742][ T5995] libceph: connect (1)[c::]:6789 error -101 [ 255.054003][ T5995] libceph: mon0 (1)[c::]:6789 connect error [ 255.099402][ T7173] ceph: No mds server is up or the cluster is laggy [ 255.110026][ T5902] usb 2-1: Manufacturer: syz [ 255.177986][ T5902] usb 2-1: SerialNumber: syz [ 255.192517][ T5902] usb 2-1: config 0 descriptor?? [ 255.261070][ T5995] libceph: connect (1)[c::]:6789 error -101 [ 255.274786][ T5995] libceph: mon0 (1)[c::]:6789 connect error [ 255.301337][ T7177] ceph: No mds server is up or the cluster is laggy [ 256.144081][ T6284] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 256.160880][ T6284] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 256.174006][ T6284] bond0 (unregistering): Released all slaves [ 256.978487][ T6284] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 257.345337][ T6284] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 257.361290][ T6284] bond0 (unregistering): Released all slaves [ 257.529976][ T5902] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 257.682504][ T5902] gspca_sunplus: reg_w_riv err -71 [ 257.700196][ T5902] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 257.778004][ T5902] usb 2-1: USB disconnect, device number 7 [ 258.014194][ T6284] hsr_slave_0: left promiscuous mode [ 258.058679][ T6284] hsr_slave_1: left promiscuous mode [ 258.089405][ T6284] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 258.112598][ T6284] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 258.219934][ T6284] hsr_slave_0: left promiscuous mode [ 258.233089][ T6284] hsr_slave_1: left promiscuous mode [ 258.247426][ T7192] process 'syz.5.292' launched './file0' with NULL argv: empty string added [ 258.271635][ T6284] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 258.281163][ T6284] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 259.074335][ T7214] fuse: Bad value for 'fd' [ 259.214974][ T6284] team0 (unregistering): Port device team_slave_1 removed [ 259.368060][ T6284] team0 (unregistering): Port device team_slave_0 removed [ 261.873475][ T6284] team0 (unregistering): Port device team_slave_1 removed [ 261.935164][ T6284] team0 (unregistering): Port device team_slave_0 removed [ 262.604409][ T6982] hsr_slave_0: entered promiscuous mode [ 262.637060][ T6982] hsr_slave_1: entered promiscuous mode [ 262.662219][ T6982] debugfs: 'hsr0' already exists in 'hsr' [ 262.675259][ T6982] Cannot create hsr debugfs directory [ 262.775492][ T7235] netlink: 12 bytes leftover after parsing attributes in process `syz.2.305'. [ 262.910799][ T7235] netlink: 20 bytes leftover after parsing attributes in process `syz.2.305'. [ 263.135385][ T5995] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 263.341608][ T5995] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 263.375221][ T5995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.395161][ T5995] usb 2-1: config 0 descriptor?? [ 263.554370][ T6927] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 263.590698][ T6927] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 263.639728][ T5995] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 263.664538][ T6927] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 263.736461][ T6927] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 264.361207][ T5995] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 264.403205][ T5995] [drm] Initialized udl on minor 2 [ 264.418305][ T5995] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 264.454562][ T5995] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 264.478866][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 264.485643][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 264.512032][ T5976] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 264.533623][ T5995] usb 2-1: USB disconnect, device number 8 [ 264.619678][ T5976] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 264.931374][ T6927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.992900][ T6927] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.224588][ T1159] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.231962][ T1159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.859717][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.867072][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.902620][ T6927] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 265.975562][ T6927] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 266.760480][ T6982] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 267.423245][ T6982] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 267.454673][ T6982] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 268.429299][ T6982] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 269.243202][ T7318] Bluetooth: MGMT ver 1.23 [ 269.266588][ T7318] Bluetooth: hci0: invalid length 0, exp 2 for type 18 [ 269.553159][ T7332] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 270.483423][ T5976] libceph: connect (1)[c::]:6789 error -101 [ 270.501687][ T5976] libceph: mon0 (1)[c::]:6789 connect error [ 270.595075][ T7339] ceph: No mds server is up or the cluster is laggy [ 270.803696][ T6982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.832747][ T6927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 272.568081][ T6982] 8021q: adding VLAN 0 to HW filter on device team0 [ 272.717629][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.724783][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.838427][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.845827][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.266256][ T6927] veth0_vlan: entered promiscuous mode [ 275.417622][ T6927] veth1_vlan: entered promiscuous mode [ 275.537186][ T6982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.821904][ T6927] veth0_macvtap: entered promiscuous mode [ 275.908327][ T6927] veth1_macvtap: entered promiscuous mode [ 276.029388][ T6927] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 276.072591][ T6927] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 276.099902][ T6082] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.127556][ T6082] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.727107][ T6082] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.742334][ T6082] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.729792][ T7431] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 278.829717][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.019706][ T6982] veth0_vlan: entered promiscuous mode [ 279.774115][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.930501][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.936448][ T6982] veth1_vlan: entered promiscuous mode [ 279.960775][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.959531][ T7444] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 281.413445][ T6982] veth0_macvtap: entered promiscuous mode [ 281.527734][ T6982] veth1_macvtap: entered promiscuous mode [ 281.671627][ T6982] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 281.783793][ T6982] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 281.853862][ T1159] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 282.839996][ T1159] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.060875][ T6370] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.105101][ T7474] netlink: 24 bytes leftover after parsing attributes in process `syz.6.354'. [ 283.190688][ T6370] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.285300][ T5922] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 283.493476][ T6370] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.495299][ T5922] usb 2-1: Using ep0 maxpacket: 8 [ 283.535601][ T6370] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.579395][ T5922] usb 2-1: config index 0 descriptor too short (expected 12369, got 18) [ 283.601056][ T5922] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 283.613888][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.633839][ T5922] usb 2-1: Product: syz [ 283.643680][ T5922] usb 2-1: Manufacturer: syz [ 283.653801][ T5922] usb 2-1: SerialNumber: syz [ 283.680925][ T5922] usb 2-1: config 0 descriptor?? [ 283.687106][ T6370] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.706020][ T5995] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 283.715696][ T6370] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 284.061690][ T5995] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 284.866007][ T5995] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 284.880421][ T5995] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 284.889856][ T5995] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 285.009470][ T5995] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 285.107165][ T5995] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 285.141465][ T5995] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 285.168027][ T7491] netlink: 8 bytes leftover after parsing attributes in process `syz.2.358'. [ 285.760790][ T5995] usb 7-1: Product: syz [ 285.765009][ T5995] usb 7-1: Manufacturer: syz [ 285.817478][ T5922] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 285.828655][ T774] libceph: connect (1)[c::]:6789 error -101 [ 285.840562][ T5995] cdc_wdm 7-1:1.0: skipping garbage [ 285.860301][ T774] libceph: mon0 (1)[c::]:6789 connect error [ 285.886344][ T5995] cdc_wdm 7-1:1.0: skipping garbage [ 285.887202][ T5922] gspca_sunplus: reg_w_riv err -71 [ 285.921549][ T5922] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 285.958014][ T5995] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 285.988350][ T5995] cdc_wdm 7-1:1.0: Unknown control protocol [ 286.001961][ T7497] ceph: No mds server is up or the cluster is laggy [ 286.041919][ T5922] usb 2-1: USB disconnect, device number 9 [ 286.517960][ T5976] usb 7-1: USB disconnect, device number 2 [ 288.590214][ T7528] loop1: detected capacity change from 0 to 128 [ 290.385627][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 290.413287][ T7535] block device autoloading is deprecated and will be removed. [ 290.767605][ T9] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 290.785905][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.813006][ T9] usb 2-1: Product: syz [ 290.823161][ T9] usb 2-1: Manufacturer: syz [ 290.843511][ T9] usb 2-1: SerialNumber: syz [ 290.867375][ T9] usb 2-1: config 0 descriptor?? [ 290.887709][ T9] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 290.975292][ T6044] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 291.171509][ T7530] bridge: RTM_NEWNEIGH with invalid ether address [ 291.826496][ T9] gspca_sunplus: reg_r err -71 [ 291.831554][ T9] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 291.893823][ T6044] usb 8-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 291.906096][ T9] usb 2-1: USB disconnect, device number 10 [ 291.912561][ T6044] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.978196][ T6044] usb 8-1: config 0 descriptor?? [ 292.105420][ T7561] netlink: 8 bytes leftover after parsing attributes in process `syz.6.373'. [ 292.216665][ T6044] udl 8-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 292.644452][ T6044] [drm] Initialized udl 0.0.1 for 8-1:0.0 on minor 2 [ 292.651236][ T6044] [drm] Initialized udl on minor 2 [ 292.685230][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 293.125518][ T5995] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 293.199892][ T6044] udl 8-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 293.317290][ T6044] udl 8-1:0.0: [drm] Cannot find any crtc or sizes [ 293.350953][ T9] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 293.360468][ T5976] udl 8-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 293.386127][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.394862][ T6044] usb 8-1: USB disconnect, device number 2 [ 293.409287][ T5976] udl 8-1:0.0: [drm] Cannot find any crtc or sizes [ 293.456612][ T5995] usb 7-1: Using ep0 maxpacket: 16 [ 293.494252][ T5995] usb 7-1: config 0 has an invalid interface number: 180 but max is 0 [ 293.503495][ T9] usb 2-1: config 0 descriptor?? [ 293.517260][ T5995] usb 7-1: config 0 has no interface number 0 [ 293.561941][ T5995] usb 7-1: New USB device found, idVendor=0421, idProduct=0114, bcdDevice=11.72 [ 293.581671][ T5995] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.608701][ T5995] usb 7-1: Product: syz [ 293.613214][ T5995] usb 7-1: Manufacturer: syz [ 293.632219][ T5995] usb 7-1: SerialNumber: syz [ 293.653482][ T5995] usb 7-1: config 0 descriptor?? [ 293.670160][ T5995] usb 7-1: bad CDC descriptors [ 293.753467][ T9] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 293.770625][ T9] [drm:udl_init] *ERROR* Selecting channel failed [ 293.799253][ T9] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 3 [ 293.814062][ T9] [drm] Initialized udl on minor 3 [ 293.826606][ T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 293.855351][ T9] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 293.876391][ T6044] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 293.884446][ T6044] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 293.902745][ T9] usb 2-1: USB disconnect, device number 11 [ 294.149370][ T6044] usb 7-1: USB disconnect, device number 3 [ 296.672767][ T7612] netlink: 8 bytes leftover after parsing attributes in process `syz.7.389'. [ 297.278063][ T7619] loop6: detected capacity change from 0 to 128 [ 298.325306][ T6344] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 298.754053][ T7636] bond1: entered promiscuous mode [ 298.763649][ T7636] 8021q: adding VLAN 0 to HW filter on device bond1 [ 298.802249][ T6344] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 298.904925][ T6344] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 299.045864][ T6344] usb 8-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00 [ 299.054941][ T6344] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.193094][ T6344] usb 8-1: config 0 descriptor?? [ 299.472614][ T6344] usbhid 8-1:0.0: can't add hid device: -71 [ 299.510795][ T6344] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 299.551205][ T6344] usb 8-1: USB disconnect, device number 3 [ 302.712557][ T7675] netlink: 8 bytes leftover after parsing attributes in process `syz.7.404'. [ 304.603796][ T7693] ceph: No mds server is up or the cluster is laggy [ 304.657584][ T5976] libceph: connect (1)[c::]:6789 error -101 [ 304.663679][ T5976] libceph: mon0 (1)[c::]:6789 connect error [ 304.813563][ T7698] loop1: detected capacity change from 0 to 128 [ 305.851028][ T7708] Bluetooth: hci0: invalid length 0, exp 2 for type 18 [ 305.935265][ T5902] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 306.028405][ T6344] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 306.167599][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.185719][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 306.197580][ T6344] usb 8-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 306.219577][ T6344] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.234920][ T5902] usb 2-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00 [ 306.294602][ T6344] usb 8-1: config 0 descriptor?? [ 306.303075][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.859995][ T7720] bond2: entered promiscuous mode [ 306.870589][ T7720] 8021q: adding VLAN 0 to HW filter on device bond2 [ 306.929251][ T5902] usb 2-1: config 0 descriptor?? [ 307.200920][ T6344] udl 8-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 307.435661][ T5902] usbhid 2-1:0.0: can't add hid device: -71 [ 307.473179][ T5902] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 307.654467][ T6344] [drm] Initialized udl 0.0.1 for 8-1:0.0 on minor 2 [ 307.661951][ T6344] [drm] Initialized udl on minor 2 [ 307.670177][ T5902] usb 2-1: USB disconnect, device number 12 [ 307.677438][ T6344] udl 8-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 307.700208][ T6344] udl 8-1:0.0: [drm] Cannot find any crtc or sizes [ 307.740800][ T6021] udl 8-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 308.397724][ T6021] udl 8-1:0.0: [drm] Cannot find any crtc or sizes [ 308.566379][ T6344] usb 8-1: USB disconnect, device number 4 [ 311.859320][ T7770] loop7: detected capacity change from 0 to 128 [ 312.790647][ T7773] Bluetooth: hci0: invalid length 0, exp 2 for type 18 [ 313.521588][ T7780] loop7: detected capacity change from 0 to 128 [ 316.291666][ T7801] loop6: detected capacity change from 0 to 128 [ 317.025339][ T6344] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 317.235425][ T6344] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 317.286409][ T6344] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 317.345579][ T6344] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 317.398396][ T6344] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 317.416939][ T7789] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 317.425302][ T6344] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 317.450369][ T6344] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 317.486219][ T6344] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 317.525221][ T6344] usb 2-1: Product: syz [ 317.531834][ T6344] usb 2-1: Manufacturer: syz [ 317.569773][ T6344] cdc_wdm 2-1:1.0: skipping garbage [ 317.592930][ T6344] cdc_wdm 2-1:1.0: skipping garbage [ 317.613690][ T6344] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 317.623575][ T6344] cdc_wdm 2-1:1.0: Unknown control protocol [ 317.798190][ T7789] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 317.807055][ T7789] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 317.823352][ T7789] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 317.847370][ T7789] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 317.912651][ T7789] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 317.980500][ T7789] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 318.030090][ T7789] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 318.061618][ T7789] usb 7-1: Product: syz [ 318.080262][ T7789] usb 7-1: Manufacturer: syz [ 318.131806][ T7789] cdc_wdm 7-1:1.0: skipping garbage [ 318.256210][ T7789] cdc_wdm 7-1:1.0: skipping garbage [ 318.264698][ T7789] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device [ 318.286675][ T7789] cdc_wdm 7-1:1.0: Unknown control protocol [ 318.554028][ T7789] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 318.613280][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -EPIPE [ 318.624153][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 318.630886][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 318.637285][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 318.643880][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 318.652636][ T10] usb 7-1: USB disconnect, device number 4 [ 318.674764][ T5902] usb 2-1: USB disconnect, device number 13 [ 319.111790][ T7789] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 319.145092][ T7789] usb 8-1: config 0 has no interfaces? [ 319.189130][ T7789] usb 8-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 319.244838][ T7789] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.289763][ T7789] usb 8-1: config 0 descriptor?? [ 321.542795][ T7845] bond1: entered promiscuous mode [ 321.589819][ T7845] 8021q: adding VLAN 0 to HW filter on device bond1 [ 322.050544][ T7841] loop6: detected capacity change from 0 to 32768 [ 322.081168][ T7841] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.442 (7841) [ 322.138933][ T5922] usb 8-1: USB disconnect, device number 5 [ 322.257718][ T7841] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 322.298920][ T7841] BTRFS info (device loop6): using blake2b (blake2b-256-lib) checksum algorithm [ 323.342633][ T7789] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 323.566125][ T7789] usb 8-1: Using ep0 maxpacket: 8 [ 323.584248][ T7789] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 323.634373][ T7789] usb 8-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 323.677067][ T7789] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.687919][ T7841] BTRFS error (device loop6): open_ctree failed: -4 [ 323.712485][ T7789] usb 8-1: config 0 descriptor?? [ 323.803673][ T7789] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 324.081534][ T7886] bond1: entered promiscuous mode [ 324.094476][ T7886] 8021q: adding VLAN 0 to HW filter on device bond1 [ 324.230348][ T7789] gspca_vc032x: reg_r err -32 [ 324.271936][ T7789] vc032x 8-1:0.0: probe with driver vc032x failed with error -32 [ 325.081637][ T7896] loop6: detected capacity change from 0 to 128 [ 325.884002][ T5922] usb 8-1: USB disconnect, device number 6 [ 325.918086][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 325.924653][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 329.167476][ T7929] loop1: detected capacity change from 0 to 128 [ 333.765421][ T30] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 334.247059][ T30] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 334.322564][ T30] usb 8-1: config 0 has no interfaces? [ 334.363723][ T30] usb 8-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 334.449300][ T30] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.540562][ T30] usb 8-1: config 0 descriptor?? [ 334.797274][ T5995] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 335.056743][ T5995] usb 2-1: Using ep0 maxpacket: 8 [ 335.087899][ T5995] usb 2-1: config 0 has no interfaces? [ 335.153286][ T5995] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 335.194455][ T5995] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.232912][ T5995] usb 2-1: Product: syz [ 335.248491][ T5995] usb 2-1: Manufacturer: syz [ 335.253144][ T5995] usb 2-1: SerialNumber: syz [ 335.306424][ T5995] usb 2-1: config 0 descriptor?? [ 336.861314][ T6344] usb 2-1: USB disconnect, device number 14 [ 338.176632][ T7991] loop6: detected capacity change from 0 to 128 [ 339.752876][ T30] usb 8-1: can't set config #0, error -110 [ 340.506507][ T8011] loop6: detected capacity change from 0 to 128 [ 341.245679][ T5902] usb 8-1: USB disconnect, device number 7 [ 341.848194][ T8018] netlink: 8 bytes leftover after parsing attributes in process `syz.6.475'. [ 342.195218][ T5995] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 342.605599][ T5995] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 342.771546][ T5995] usb 2-1: config 0 has no interfaces? [ 342.928680][ T5995] usb 2-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 343.087594][ T5995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.495034][ T5995] usb 2-1: config 0 descriptor?? [ 345.409654][ T8039] netlink: 20 bytes leftover after parsing attributes in process `syz.5.481'. [ 346.948112][ T5995] usb 2-1: can't set config #0, error -71 [ 346.972894][ T5995] usb 2-1: USB disconnect, device number 15 [ 347.514636][ T8061] bond1: entered promiscuous mode [ 347.524499][ T8061] 8021q: adding VLAN 0 to HW filter on device bond1 [ 347.615316][ T5995] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 347.759484][ T7789] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 347.975287][ T5995] usb 2-1: Using ep0 maxpacket: 8 [ 348.093295][ T5995] usb 2-1: config 0 has no interfaces? [ 348.805300][ T7789] usb 7-1: Using ep0 maxpacket: 8 [ 348.812477][ T7789] usb 7-1: config 0 has no interfaces? [ 348.967536][ T5995] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 348.989069][ T7789] usb 7-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 349.001743][ T5995] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.020230][ T7789] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.030009][ T5995] usb 2-1: Product: syz [ 349.034175][ T5995] usb 2-1: Manufacturer: syz [ 349.038853][ T7789] usb 7-1: Product: syz [ 349.043848][ T7789] usb 7-1: Manufacturer: syz [ 349.066056][ T5995] usb 2-1: SerialNumber: syz [ 349.072537][ T7789] usb 7-1: SerialNumber: syz [ 349.085892][ T5995] usb 2-1: config 0 descriptor?? [ 349.101954][ T7789] usb 7-1: config 0 descriptor?? [ 350.372641][ T6344] usb 7-1: USB disconnect, device number 5 [ 350.936779][ T7789] usb 2-1: USB disconnect, device number 16 [ 353.905511][ T5147] Bluetooth: hci5: command 0x0406 tx timeout [ 356.566633][ T5936] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 357.894958][ T5936] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 357.957229][ T5936] usb 2-1: config 0 has no interfaces? [ 357.986792][ T5936] usb 2-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 358.020856][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.106764][ T5936] usb 2-1: config 0 descriptor?? [ 358.707791][ T5852] Bluetooth: hci7: command 0x0406 tx timeout [ 359.095377][ T5995] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 360.195375][ T5995] usb 8-1: Using ep0 maxpacket: 8 [ 360.239118][ T5995] usb 8-1: config 0 has no interfaces? [ 360.315253][ T5995] usb 8-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 360.524153][ T5995] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.569509][ T5995] usb 8-1: Product: syz [ 360.605503][ T5995] usb 8-1: Manufacturer: syz [ 360.613281][ T5995] usb 8-1: SerialNumber: syz [ 360.633540][ T5995] usb 8-1: config 0 descriptor?? [ 361.905755][ T6131] usb 8-1: USB disconnect, device number 8 [ 362.489705][ T6131] usb 2-1: USB disconnect, device number 17 [ 362.975693][ T8177] overlayfs: failed to resolve './file0': -2 [ 363.344114][ T8187] netlink: 40 bytes leftover after parsing attributes in process `syz.7.531'. [ 363.384754][ T8188] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 366.137543][ T8212] overlayfs: failed to clone upperpath [ 366.176514][ T8210] Bluetooth: hci0: invalid length 0, exp 2 for type 18 [ 368.133738][ T8231] overlayfs: failed to resolve './file0': -2 [ 368.390322][ T5995] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 368.745276][ T5995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 369.008845][ T5995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 369.824298][ T5995] usb 2-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00 [ 369.891208][ T5995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.987095][ T5995] usb 2-1: config 0 descriptor?? [ 370.030755][ T5995] usb 2-1: can't set config #0, error -71 [ 370.147258][ T8246] overlayfs: failed to resolve './file1': -2 [ 370.350780][ T5995] usb 2-1: USB disconnect, device number 18 [ 371.169781][ T8255] netlink: 36 bytes leftover after parsing attributes in process `syz.2.553'. [ 372.875388][ T8272] overlayfs: failed to clone upperpath [ 375.869396][ T31] audit: type=1800 audit(1765985593.116:80): pid=8288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.564" name="bus" dev="overlay" ino=549 res=0 errno=0 [ 376.969236][ T8293] overlayfs: failed to clone upperpath [ 379.227329][ T8308] overlayfs: failed to clone upperpath [ 382.101283][ T8323] overlayfs: failed to clone upperpath [ 383.617525][ T31] audit: type=1800 audit(1765985600.866:81): pid=8336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.576" name="bus" dev="overlay" ino=210 res=0 errno=0 [ 386.785232][ T774] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 386.836344][ T8364] overlayfs: failed to clone upperpath [ 387.386673][ T774] usb 7-1: device descriptor read/all, error -71 [ 387.405865][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 387.412175][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 394.197912][ T8434] overlayfs: failed to clone upperpath [ 394.332264][ T31] audit: type=1800 audit(1765985611.576:82): pid=8432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.601" name="bus" dev="overlay" ino=237 res=0 errno=0 [ 395.600181][ T8440] overlayfs: failed to resolve './file1': -2 [ 398.362301][ T8459] overlayfs: failed to resolve './file1': -2 [ 398.399967][ T8462] overlayfs: failed to resolve './file0': -2 [ 399.611634][ T31] audit: type=1800 audit(1765985616.856:83): pid=8490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.624" name="bus" dev="overlay" ino=267 res=0 errno=0 [ 400.472716][ T8483] overlayfs: failed to clone upperpath [ 402.634715][ T9] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 403.180137][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 404.000891][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 404.047404][ T9] usb 7-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00 [ 404.066191][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.088128][ T9] usb 7-1: config 0 descriptor?? [ 404.188066][ T9] usb 7-1: can't set config #0, error -71 [ 404.274366][ T9] usb 7-1: USB disconnect, device number 8 [ 406.568838][ T31] audit: type=1800 audit(1765985623.816:84): pid=8529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.631" name="bus" dev="overlay" ino=261 res=0 errno=0 [ 415.555260][ T9] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 415.719468][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 415.737532][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 415.761504][ T9] usb 7-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00 [ 415.795187][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.824848][ T9] usb 7-1: config 0 descriptor?? [ 415.966228][ T8588] overlayfs: failed to clone upperpath [ 416.073999][ T9] usbhid 7-1:0.0: can't add hid device: -71 [ 416.121938][ T9] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 416.327110][ T9] usb 7-1: USB disconnect, device number 9 [ 416.406050][ T8592] overlayfs: failed to clone upperpath [ 418.186746][ T31] audit: type=1800 audit(1765985635.406:85): pid=8604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.655" name="bus" dev="overlay" ino=290 res=0 errno=0 [ 419.398297][ T8622] overlayfs: failed to clone upperpath [ 419.666892][ T8625] overlayfs: failed to clone upperpath [ 422.347418][ T31] audit: type=1800 audit(1765985638.586:86): pid=8642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.668" name="bus" dev="overlay" ino=309 res=0 errno=0 [ 429.628155][ T8691] overlayfs: failed to clone upperpath [ 431.365301][ T111] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 432.176816][ T111] usb 8-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 432.212022][ T111] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 432.342040][ T111] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 432.395647][ T111] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 432.449428][ T111] usb 8-1: SerialNumber: syz [ 433.310046][ T111] usb 8-1: 0:2 : does not exist [ 433.398229][ T111] usb 8-1: unit 255 not found! [ 435.169724][ T111] usb 8-1: USB disconnect, device number 9 [ 442.100124][ T8705] udevd[8705]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 449.056501][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 449.062950][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 451.736912][ T8780] loop1: detected capacity change from 0 to 4096 [ 452.135307][ T10] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 452.417351][ T10] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 452.435339][ T10] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 452.446169][ T10] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 452.455415][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 452.475685][ T10] usb 8-1: SerialNumber: syz [ 452.802233][ T10] usb 8-1: 0:2 : does not exist [ 452.922925][ T10] usb 8-1: USB disconnect, device number 10 [ 453.087415][ T8705] udevd[8705]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 455.175253][ T10] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 455.367837][ T10] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 455.418889][ T8817] loop6: detected capacity change from 0 to 32768 [ 455.440672][ T8817] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.710 (8817) [ 455.497470][ T10] usb 8-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config [ 455.517544][ T8817] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 455.527818][ T8817] BTRFS info (device loop6): using blake2b (blake2b-256-lib) checksum algorithm [ 455.538454][ T8817] workqueue: max_active 262152 requested for btrfs-worker is out of range, clamping between 1 and 2048 [ 455.571428][ T8817] workqueue: max_active 262152 requested for btrfs-delalloc is out of range, clamping between 1 and 2048 [ 455.585313][ T10] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 455.614848][ T10] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87 [ 455.636720][ T10] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 52, changing to 7 [ 455.688849][ T8817] workqueue: max_active 262152 requested for btrfs-endio is out of range, clamping between 1 and 2048 [ 455.715847][ T8817] workqueue: max_active 262152 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048 [ 455.745697][ T8817] workqueue: max_active 262152 requested for btrfs-rmw is out of range, clamping between 1 and 2048 [ 455.757651][ T10] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 9272, setting to 1024 [ 455.760616][ T10] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 455.779701][ T10] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 455.785701][ T8817] workqueue: max_active 262152 requested for btrfs-endio-write is out of range, clamping between 1 and 2048 [ 455.788091][ T10] usb 8-1: Product: syz [ 455.805247][ T10] usb 8-1: Manufacturer: syz [ 455.836941][ T10] cdc_wdm 8-1:1.0: skipping garbage [ 455.842420][ T10] cdc_wdm 8-1:1.0: skipping garbage [ 455.855386][ T10] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 455.882205][ T8817] BTRFS info (device loop6): enabling ssd optimizations [ 455.889417][ T8817] BTRFS info (device loop6): turning on async discard [ 455.896279][ T8817] BTRFS info (device loop6): enabling free space tree [ 456.216360][ T8817] loop6: detected capacity change from 32768 to 64 [ 456.597449][ T8089] kworker/u8:29: attempt to access beyond end of device [ 456.597449][ T8089] loop6: rw=67112961, sector=10440, nr_sectors = 8 limit=64 [ 456.795344][ T8089] BTRFS error (device loop6): bdev /dev/loop6 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0 [ 456.808922][ T8089] kworker/u8:29: attempt to access beyond end of device [ 456.808922][ T8089] loop6: rw=67112961, sector=10448, nr_sectors = 8 limit=64 [ 457.012823][ T8089] BTRFS error (device loop6): bdev /dev/loop6 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0 [ 457.154060][ T8089] kworker/u8:29: attempt to access beyond end of device [ 457.154060][ T8089] loop6: rw=67112961, sector=13448, nr_sectors = 8 limit=64 [ 457.226492][ T8089] BTRFS error (device loop6): bdev /dev/loop6 errs: wr 3, rd 0, flush 0, corrupt 0, gen 0 [ 457.291940][ T6927] BTRFS error (device loop6 state A): Transaction aborted (error -5) [ 457.322618][ T6927] BTRFS: error (device loop6 state A) in __btrfs_free_extent:3235: errno=-5 IO failure [ 457.539063][ T6927] BTRFS info (device loop6 state EA): forced readonly [ 457.563763][ T6927] BTRFS error (device loop6 state EA): failed to run delayed ref for logical 5296128 num_bytes 12288 type 178 action 2 ref_mod 1: -5 [ 457.619922][ T6927] BTRFS: error (device loop6 state EA) in btrfs_run_delayed_refs:2162: errno=-5 IO failure [ 457.675376][ T6927] BTRFS info (device loop6 state EA): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 457.896377][ T111] usb 8-1: USB disconnect, device number 11 [ 458.299175][ T31] audit: type=1800 audit(1765985675.546:87): pid=8859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.730" name="bus" dev="overlay" ino=343 res=0 errno=0 [ 460.699969][ T10] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 460.869544][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 461.684457][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 461.697751][ T10] usb 8-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00 [ 461.707096][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.897643][ T10] usb 8-1: config 0 descriptor?? [ 462.139484][ T8892] overlayfs: missing 'workdir' [ 462.721457][ T10] usbhid 8-1:0.0: can't add hid device: -71 [ 463.006581][ T10] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 463.017860][ T10] usb 8-1: USB disconnect, device number 12 [ 466.576719][ T31] audit: type=1800 audit(1765985683.826:88): pid=8910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.743" name="bus" dev="overlay" ino=389 res=0 errno=0 [ 469.185778][ T8924] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 470.273908][ T8946] overlayfs: failed to resolve './file0': -2 [ 472.218281][ T8959] netlink: 12 bytes leftover after parsing attributes in process `syz.5.756'. [ 473.925427][ T6015] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 474.097627][ T6015] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 474.120302][ T6015] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 474.160602][ T6015] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 474.215533][ T6015] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 474.240008][ T6015] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 474.299527][ T6015] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 474.319617][ T6015] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 474.355207][ T6015] usb 2-1: Product: syz [ 474.365444][ T6015] usb 2-1: Manufacturer: syz [ 474.408129][ T6015] cdc_wdm 2-1:1.0: skipping garbage [ 474.485241][ T6015] cdc_wdm 2-1:1.0: skipping garbage [ 474.521853][ T6015] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 474.577613][ T6015] cdc_wdm 2-1:1.0: Unknown control protocol [ 474.745617][ T8996] netlink: 32 bytes leftover after parsing attributes in process `syz.5.769'. [ 476.137381][ T9009] netlink: 12 bytes leftover after parsing attributes in process `syz.5.773'. [ 476.350382][ T9014] overlayfs: failed to resolve './file0': -2 [ 477.275298][ T5976] usb 2-1: USB disconnect, device number 19 [ 478.882664][ T6015] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 479.875216][ T6015] usb 8-1: Using ep0 maxpacket: 16 [ 479.988341][ T6015] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 480.035353][ T6015] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 480.070536][ T6015] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 480.085185][ T6015] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.124754][ T6015] usb 8-1: Product: syz [ 480.139491][ T6015] usb 8-1: Manufacturer: syz [ 480.155182][ T6015] usb 8-1: SerialNumber: syz [ 480.235606][ T9037] netlink: 52 bytes leftover after parsing attributes in process `syz.2.783'. [ 480.386962][ T6015] usb 8-1: 0:2 : does not exist [ 480.414950][ T6015] usb 8-1: 5:0: failed to get current value for ch 0 (-22) [ 480.425549][ T5976] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 480.511046][ T6015] usb 8-1: USB disconnect, device number 13 [ 480.595287][ T5976] usb 7-1: Using ep0 maxpacket: 8 [ 480.595720][ T24] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 480.623357][ T5976] usb 7-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 480.641791][ T5976] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.677448][ T5976] usb 7-1: Product: syz [ 480.692567][ T8705] udevd[8705]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 480.717665][ T5976] usb 7-1: Manufacturer: syz [ 480.726867][ T5976] usb 7-1: SerialNumber: syz [ 480.748017][ T5976] usb 7-1: config 0 descriptor?? [ 480.780746][ T5976] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 480.836319][ T24] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 480.877003][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.922401][ T24] usb 2-1: Product: syz [ 480.942640][ T24] usb 2-1: Manufacturer: syz [ 480.972253][ T24] usb 2-1: SerialNumber: syz [ 481.058908][ T24] usb 2-1: config 0 descriptor?? [ 481.113413][ T24] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 481.386400][ T24] gspca_sunplus: reg_r err -71 [ 481.396298][ T24] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 481.452119][ T24] usb 2-1: USB disconnect, device number 20 [ 481.845223][ T6015] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 482.145512][ T6015] usb 8-1: device descriptor read/64, error -71 [ 482.261488][ T9081] overlayfs: failed to resolve './file1': -2 [ 482.487541][ T6015] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 482.539373][ T9088] netlink: 52 bytes leftover after parsing attributes in process `syz.3.799'. [ 482.655719][ T6015] usb 8-1: device descriptor read/64, error -71 [ 482.896131][ T6015] usb usb8-port1: attempt power cycle [ 483.774137][ T5839] usb 7-1: USB disconnect, device number 10 [ 484.086863][ T6015] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 484.136210][ T6015] usb 8-1: device descriptor read/8, error -71 [ 484.142900][ T9115] overlayfs: missing 'lowerdir' [ 484.642537][ T6015] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 485.621162][ T6015] usb 8-1: device descriptor read/8, error -71 [ 485.855841][ T6015] usb usb8-port1: unable to enumerate USB device [ 487.285244][ T30] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 487.479916][ T30] usb 7-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 487.511739][ T30] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.550914][ T30] usb 7-1: Product: syz [ 487.562430][ T30] usb 7-1: Manufacturer: syz [ 487.585204][ T30] usb 7-1: SerialNumber: syz [ 487.607730][ T30] usb 7-1: config 0 descriptor?? [ 487.656574][ T30] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 488.204948][ T9152] netlink: 52 bytes leftover after parsing attributes in process `syz.2.813'. [ 488.227021][ T30] gspca_sunplus: reg_r err -71 [ 488.300338][ T30] sunplus 7-1:0.0: probe with driver sunplus failed with error -71 [ 488.350435][ T30] usb 7-1: USB disconnect, device number 11 [ 488.365232][ T5976] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 488.604457][ T5976] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 488.645853][ T5976] usb 2-1: config 0 has no interface number 0 [ 488.695824][ T5976] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 488.736209][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.744292][ T5976] usb 2-1: Product: syz [ 488.785278][ T5976] usb 2-1: Manufacturer: syz [ 488.795326][ T5976] usb 2-1: SerialNumber: syz [ 488.828200][ T5976] usb 2-1: config 0 descriptor?? [ 489.092177][ T5976] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 489.154385][ T5976] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 489.165789][ T5976] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 489.174089][ T5976] usb 2-1: media controller created [ 489.238526][ T5976] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 490.765940][ T5976] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 491.358778][ T5976] usb 2-1: USB disconnect, device number 21 [ 492.505831][ T9178] dummy0: entered promiscuous mode [ 492.716162][ T9178] macsec1: entered allmulticast mode [ 492.761227][ T9178] dummy0: entered allmulticast mode [ 493.035937][ T9178] dummy0: left allmulticast mode [ 493.086831][ T9185] netlink: 28 bytes leftover after parsing attributes in process `syz.5.827'. [ 493.135474][ T9178] dummy0: left promiscuous mode [ 495.114839][ T5994] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 495.386797][ T5994] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 495.420099][ T5994] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 497.824524][ T5994] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 497.901982][ T5994] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 497.931823][ T5994] usb 7-1: SerialNumber: syz [ 498.258762][ T5994] usb 7-1: can't set config #1, error -71 [ 498.315537][ T5994] usb 7-1: USB disconnect, device number 12 [ 498.698671][ T9228] overlayfs: failed to clone upperpath [ 499.969360][ T9246] netlink: 28 bytes leftover after parsing attributes in process `syz.3.842'. [ 500.125245][ T111] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 500.396847][ T111] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 500.455310][ T111] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 500.456619][ T9248] overlayfs: failed to clone upperpath [ 500.542194][ T111] usb 7-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00 [ 500.575253][ T111] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.658361][ T111] usb 7-1: config 0 descriptor?? [ 501.699560][ T9258] dummy0: entered promiscuous mode [ 501.729113][ T9258] macsec1: entered allmulticast mode [ 501.807640][ T9258] dummy0: entered allmulticast mode [ 502.062936][ T9258] dummy0: left allmulticast mode [ 502.081603][ T9258] dummy0: left promiscuous mode [ 502.198540][ T9234] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 502.645963][ T111] usbhid 7-1:0.0: can't add hid device: -71 [ 502.715927][ T111] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 502.750072][ T111] usb 7-1: USB disconnect, device number 13 [ 504.375282][ T111] usb 8-1: new full-speed USB device number 18 using dummy_hcd [ 504.687297][ T111] usb 8-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 505.091561][ T111] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 505.166425][ T111] usb 8-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 505.205294][ T111] usb 8-1: config 1 has no interface number 1 [ 505.255308][ T111] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 506.294654][ T111] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 506.799374][ T111] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.807633][ T111] usb 8-1: Product: syz [ 506.811893][ T111] usb 8-1: Manufacturer: syz [ 506.816551][ T111] usb 8-1: SerialNumber: syz [ 507.214013][ T111] usb 8-1: can't set config #1, error -71 [ 507.276297][ T111] usb 8-1: USB disconnect, device number 18 [ 507.798790][ T9273] netlink: 20 bytes leftover after parsing attributes in process `syz.7.850'. [ 508.364963][ T9276] netlink: 8 bytes leftover after parsing attributes in process `syz.5.853'. [ 508.422335][ T9276] netlink: 8 bytes leftover after parsing attributes in process `syz.5.853'. [ 509.282792][ T9282] ================================================================== [ 509.291002][ T9282] BUG: KASAN: slab-use-after-free in __list_lru_walk_one+0xfb/0x420 [ 509.299351][ T9282] Read of size 8 at addr ffff888078e51078 by task syz.1.836/9282 [ 509.307073][ T9282] [ 509.309404][ T9282] CPU: 1 UID: 0 PID: 9282 Comm: syz.1.836 Tainted: G L syzkaller #0 PREEMPT(full) [ 509.309441][ T9282] Tainted: [L]=SOFTLOCKUP [ 509.309451][ T9282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 509.309467][ T9282] Call Trace: [ 509.309478][ T9282] [ 509.309488][ T9282] dump_stack_lvl+0x189/0x250 [ 509.309524][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.309560][ T9282] ? __kasan_check_byte+0x12/0x40 [ 509.309590][ T9282] ? __pfx_dump_stack_lvl+0x10/0x10 [ 509.309618][ T9282] ? rcu_is_watching+0x15/0xb0 [ 509.309650][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.309678][ T9282] ? lock_release+0x4b/0x3b0 [ 509.309706][ T9282] ? __virt_addr_valid+0x1c8/0x5c0 [ 509.309741][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.309769][ T9282] ? __virt_addr_valid+0x4a5/0x5c0 [ 509.309804][ T9282] print_report+0xca/0x240 [ 509.309830][ T9282] ? __list_lru_walk_one+0xfb/0x420 [ 509.309857][ T9282] kasan_report+0x118/0x150 [ 509.309888][ T9282] ? __list_lru_walk_one+0xfb/0x420 [ 509.309920][ T9282] __list_lru_walk_one+0xfb/0x420 [ 509.309951][ T9282] ? __pfx_gfs2_qd_isolate+0x10/0x10 [ 509.309991][ T9282] ? __pfx_gfs2_qd_isolate+0x10/0x10 [ 509.310024][ T9282] list_lru_walk_one+0x3c/0x50 [ 509.310053][ T9282] gfs2_qd_shrink_scan+0x155/0x330 [ 509.310086][ T9282] ? list_lru_count_one+0x27/0x2c0 [ 509.310113][ T9282] ? __pfx_gfs2_qd_shrink_scan+0x10/0x10 [ 509.310143][ T9282] ? list_lru_count_one+0x27/0x2c0 [ 509.310170][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.310201][ T9282] do_shrink_slab+0x6df/0x10d0 [ 509.310245][ T9282] ? shrink_slab+0x129/0x10d0 [ 509.310273][ T9282] shrink_slab+0xd74/0x10d0 [ 509.310301][ T9282] ? shrink_slab+0x129/0x10d0 [ 509.310333][ T9282] ? __pfx_shrink_slab+0x10/0x10 [ 509.310360][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.310390][ T9282] ? mem_cgroup_iter+0x3b/0x460 [ 509.310427][ T9282] ? mem_cgroup_iter+0x3e7/0x460 [ 509.310461][ T9282] ? mem_cgroup_iter+0x3b/0x460 [ 509.310497][ T9282] drop_slab+0x14b/0x290 [ 509.310527][ T9282] drop_caches_sysctl_handler+0xc7/0x170 [ 509.310567][ T9282] proc_sys_call_handler+0x4cb/0x700 [ 509.310603][ T9282] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 509.310633][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.310678][ T9282] do_iter_readv_writev+0x623/0x8c0 [ 509.310704][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.310743][ T9282] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 509.310768][ T9282] ? rcu_read_lock_any_held+0xb3/0x120 [ 509.310806][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.310838][ T9282] vfs_writev+0x31a/0x960 [ 509.310875][ T9282] ? __pfx_vfs_writev+0x10/0x10 [ 509.310915][ T9282] ? __fget_files+0x2a/0x420 [ 509.310949][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.310977][ T9282] ? __fget_files+0x3a0/0x420 [ 509.311007][ T9282] ? __fget_files+0x2a/0x420 [ 509.311040][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.311071][ T9282] do_writev+0x14d/0x2d0 [ 509.311103][ T9282] ? __pfx_do_writev+0x10/0x10 [ 509.311136][ T9282] ? do_syscall_64+0xbe/0xf80 [ 509.311167][ T9282] do_syscall_64+0xfa/0xf80 [ 509.311193][ T9282] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.311217][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 509.311251][ T9282] ? exc_page_fault+0xab/0x100 [ 509.311277][ T9282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.311302][ T9282] RIP: 0033:0x7f2dd758f749 [ 509.311324][ T9282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 509.311346][ T9282] RSP: 002b:00007f2dd846c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 509.311372][ T9282] RAX: ffffffffffffffda RBX: 00007f2dd77e5fa0 RCX: 00007f2dd758f749 [ 509.311391][ T9282] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 509.311407][ T9282] RBP: 00007f2dd7613f91 R08: 0000000000000000 R09: 0000000000000000 [ 509.311424][ T9282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 509.311439][ T9282] R13: 00007f2dd77e6038 R14: 00007f2dd77e5fa0 R15: 00007ffd9e324508 [ 509.311468][ T9282] [ 509.311477][ T9282] [ 509.711400][ T9282] Allocated by task 5975: [ 509.715796][ T9282] kasan_save_track+0x3e/0x80 [ 509.720478][ T9282] __kasan_slab_alloc+0x6c/0x80 [ 509.725342][ T9282] kmem_cache_alloc_noprof+0x37d/0x710 [ 509.730814][ T9282] qd_alloc+0x50/0x250 [ 509.734891][ T9282] gfs2_quota_init+0x762/0x1200 [ 509.739781][ T9282] gfs2_make_fs_rw+0x143/0x220 [ 509.744537][ T9282] gfs2_fill_super+0x1b6a/0x21b0 [ 509.749488][ T9282] get_tree_bdev_flags+0x40e/0x4d0 [ 509.754583][ T9282] gfs2_get_tree+0x51/0x1e0 [ 509.759066][ T9282] vfs_get_tree+0x92/0x2a0 [ 509.763909][ T9282] do_new_mount+0x302/0xa10 [ 509.768406][ T9282] __se_sys_mount+0x313/0x410 [ 509.773070][ T9282] do_syscall_64+0xfa/0xf80 [ 509.777557][ T9282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.783429][ T9282] [ 509.785739][ T9282] Freed by task 867: [ 509.789612][ T9282] kasan_save_track+0x3e/0x80 [ 509.794272][ T9282] kasan_save_free_info+0x46/0x50 [ 509.799295][ T9282] __kasan_slab_free+0x5c/0x80 [ 509.804069][ T9282] kmem_cache_free+0x197/0x620 [ 509.808827][ T9282] gfs2_qd_dealloc+0x70/0xe0 [ 509.813438][ T9282] rcu_core+0xd70/0x1870 [ 509.817666][ T9282] handle_softirqs+0x27d/0x850 [ 509.822424][ T9282] do_softirq+0xec/0x180 [ 509.826674][ T9282] __local_bh_enable_ip+0x17d/0x1c0 [ 509.831873][ T9282] __alloc_skb+0x224/0x430 [ 509.836363][ T9282] mld_newpack+0x13c/0xc40 [ 509.840783][ T9282] add_grhead+0x5a/0x2a0 [ 509.845020][ T9282] add_grec+0x1452/0x1740 [ 509.849370][ T9282] mld_ifc_work+0x6ed/0xd60 [ 509.853949][ T9282] process_scheduled_works+0xad1/0x1770 [ 509.859478][ T9282] worker_thread+0x8a0/0xda0 [ 509.864065][ T9282] kthread+0x711/0x8a0 [ 509.868117][ T9282] ret_from_fork+0x599/0xb30 [ 509.872773][ T9282] ret_from_fork_asm+0x1a/0x30 [ 509.877526][ T9282] [ 509.879848][ T9282] Last potentially related work creation: [ 509.885543][ T9282] kasan_save_stack+0x3e/0x60 [ 509.890213][ T9282] kasan_record_aux_stack+0xbd/0xd0 [ 509.895416][ T9282] call_rcu+0x157/0x9c0 [ 509.899576][ T9282] gfs2_quota_sync+0x30c/0x460 [ 509.904357][ T9282] gfs2_sync_fs+0x4c/0xb0 [ 509.908670][ T9282] sync_filesystem+0xee/0x230 [ 509.913361][ T9282] generic_shutdown_super+0x6f/0x2c0 [ 509.918635][ T9282] kill_block_super+0x44/0x90 [ 509.923292][ T9282] deactivate_locked_super+0xbc/0x130 [ 509.928651][ T9282] cleanup_mnt+0x425/0x4c0 [ 509.933059][ T9282] task_work_run+0x1d4/0x260 [ 509.937638][ T9282] exit_to_user_mode_loop+0xff/0x4f0 [ 509.943171][ T9282] do_syscall_64+0x2d0/0xf80 [ 509.947742][ T9282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.953617][ T9282] [ 509.955927][ T9282] The buggy address belongs to the object at ffff888078e51000 [ 509.955927][ T9282] which belongs to the cache gfs2_quotad of size 272 [ 509.970083][ T9282] The buggy address is located 120 bytes inside of [ 509.970083][ T9282] freed 272-byte region [ffff888078e51000, ffff888078e51110) [ 509.983869][ T9282] [ 509.986182][ T9282] The buggy address belongs to the physical page: [ 509.992598][ T9282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078e51000 pfn:0x78e51 [ 510.002653][ T9282] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 510.009753][ T9282] page_type: f5(slab) [ 510.013735][ T9282] raw: 00fff00000000000 ffff8881412d6640 dead000000000122 0000000000000000 [ 510.022324][ T9282] raw: ffff888078e51000 00000000800c000b 00000000f5000000 0000000000000000 [ 510.030925][ T9282] page dumped because: kasan: bad access detected [ 510.037430][ T9282] page_owner tracks the page as allocated [ 510.043129][ T9282] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x52c50(GFP_NOFS|__GFP_RECLAIMABLE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5975, tgid 5974 (syz.0.1), ts 115272355874, free_ts 40746985513 [ 510.063881][ T9282] post_alloc_hook+0x234/0x290 [ 510.068667][ T9282] get_page_from_freelist+0x2365/0x2440 [ 510.074399][ T9282] __alloc_frozen_pages_noprof+0x181/0x370 [ 510.080201][ T9282] alloc_pages_mpol+0x232/0x4a0 [ 510.085039][ T9282] allocate_slab+0x86/0x3b0 [ 510.089528][ T9282] ___slab_alloc+0xf2b/0x1960 [ 510.094191][ T9282] __slab_alloc+0x65/0x100 [ 510.098678][ T9282] kmem_cache_alloc_noprof+0x40f/0x710 [ 510.104131][ T9282] qd_alloc+0x50/0x250 [ 510.108190][ T9282] gfs2_quota_init+0x762/0x1200 [ 510.113033][ T9282] gfs2_make_fs_rw+0x143/0x220 [ 510.117776][ T9282] gfs2_fill_super+0x1b6a/0x21b0 [ 510.122796][ T9282] get_tree_bdev_flags+0x40e/0x4d0 [ 510.128238][ T9282] gfs2_get_tree+0x51/0x1e0 [ 510.132725][ T9282] vfs_get_tree+0x92/0x2a0 [ 510.137134][ T9282] do_new_mount+0x302/0xa10 [ 510.141666][ T9282] page last free pid 1 tgid 1 stack trace: [ 510.147457][ T9282] __free_frozen_pages+0xbc8/0xd30 [ 510.152575][ T9282] free_contig_range+0x1bd/0x490 [ 510.157590][ T9282] destroy_args+0x69/0x660 [ 510.162058][ T9282] debug_vm_pgtable+0x38f/0x3a0 [ 510.166927][ T9282] do_one_initcall+0x1fb/0x820 [ 510.171682][ T9282] do_initcall_level+0x104/0x190 [ 510.176603][ T9282] do_initcalls+0x59/0xa0 [ 510.180912][ T9282] kernel_init_freeable+0x334/0x4b0 [ 510.186087][ T9282] kernel_init+0x1d/0x1d0 [ 510.190431][ T9282] ret_from_fork+0x599/0xb30 [ 510.195003][ T9282] ret_from_fork_asm+0x1a/0x30 [ 510.199757][ T9282] [ 510.202056][ T9282] Memory state around the buggy address: [ 510.207671][ T9282] ffff888078e50f00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 510.215825][ T9282] ffff888078e50f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 510.223892][ T9282] >ffff888078e51000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 510.232283][ T9282] ^ [ 510.240270][ T9282] ffff888078e51080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 510.248330][ T9282] ffff888078e51100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 510.256506][ T9282] ================================================================== [ 510.266586][ T9282] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 510.273815][ T9282] CPU: 1 UID: 0 PID: 9282 Comm: syz.1.836 Tainted: G L syzkaller #0 PREEMPT(full) [ 510.284559][ T9282] Tainted: [L]=SOFTLOCKUP [ 510.288861][ T9282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 510.298895][ T9282] Call Trace: [ 510.302162][ T9282] [ 510.305083][ T9282] dump_stack_lvl+0x99/0x250 [ 510.309767][ T9282] ? __asan_memcpy+0x40/0x70 [ 510.314436][ T9282] ? __pfx_dump_stack_lvl+0x10/0x10 [ 510.319624][ T9282] ? __pfx__printk+0x10/0x10 [ 510.324223][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 510.329844][ T9282] vpanic+0x237/0x6d0 [ 510.333822][ T9282] ? __pfx_vpanic+0x10/0x10 [ 510.338362][ T9282] panic+0xb9/0xc0 [ 510.342074][ T9282] ? __pfx_panic+0x10/0x10 [ 510.346477][ T9282] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 510.352365][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 510.357983][ T9282] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 510.363891][ T9282] ? __list_lru_walk_one+0xfb/0x420 [ 510.369080][ T9282] check_panic_on_warn+0x89/0xb0 [ 510.374290][ T9282] ? __list_lru_walk_one+0xfb/0x420 [ 510.379472][ T9282] end_report+0x6f/0x140 [ 510.383791][ T9282] kasan_report+0x129/0x150 [ 510.388282][ T9282] ? __list_lru_walk_one+0xfb/0x420 [ 510.393473][ T9282] __list_lru_walk_one+0xfb/0x420 [ 510.398512][ T9282] ? __pfx_gfs2_qd_isolate+0x10/0x10 [ 510.403792][ T9282] ? __pfx_gfs2_qd_isolate+0x10/0x10 [ 510.409065][ T9282] list_lru_walk_one+0x3c/0x50 [ 510.413813][ T9282] gfs2_qd_shrink_scan+0x155/0x330 [ 510.418920][ T9282] ? list_lru_count_one+0x27/0x2c0 [ 510.424022][ T9282] ? __pfx_gfs2_qd_shrink_scan+0x10/0x10 [ 510.429643][ T9282] ? list_lru_count_one+0x27/0x2c0 [ 510.434742][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 510.440371][ T9282] do_shrink_slab+0x6df/0x10d0 [ 510.445251][ T9282] ? shrink_slab+0x129/0x10d0 [ 510.449920][ T9282] shrink_slab+0xd74/0x10d0 [ 510.454415][ T9282] ? shrink_slab+0x129/0x10d0 [ 510.459134][ T9282] ? __pfx_shrink_slab+0x10/0x10 [ 510.464087][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 510.469751][ T9282] ? mem_cgroup_iter+0x3b/0x460 [ 510.474777][ T9282] ? mem_cgroup_iter+0x3e7/0x460 [ 510.479739][ T9282] ? mem_cgroup_iter+0x3b/0x460 [ 510.484584][ T9282] drop_slab+0x14b/0x290 [ 510.488846][ T9282] drop_caches_sysctl_handler+0xc7/0x170 [ 510.494488][ T9282] proc_sys_call_handler+0x4cb/0x700 [ 510.499858][ T9282] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 510.505663][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 510.511290][ T9282] do_iter_readv_writev+0x623/0x8c0 [ 510.516479][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 510.522105][ T9282] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 510.527813][ T9282] ? rcu_read_lock_any_held+0xb3/0x120 [ 510.533273][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 510.539079][ T9282] vfs_writev+0x31a/0x960 [ 510.543424][ T9282] ? __pfx_vfs_writev+0x10/0x10 [ 510.548277][ T9282] ? __fget_files+0x2a/0x420 [ 510.552861][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 510.558494][ T9282] ? __fget_files+0x3a0/0x420 [ 510.563160][ T9282] ? __fget_files+0x2a/0x420 [ 510.567740][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 510.573379][ T9282] do_writev+0x14d/0x2d0 [ 510.577634][ T9282] ? __pfx_do_writev+0x10/0x10 [ 510.582406][ T9282] ? do_syscall_64+0xbe/0xf80 [ 510.587069][ T9282] do_syscall_64+0xfa/0xf80 [ 510.591560][ T9282] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.597605][ T9282] ? srso_alias_return_thunk+0x5/0xfbef5 [ 510.603240][ T9282] ? exc_page_fault+0xab/0x100 [ 510.607988][ T9282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.613868][ T9282] RIP: 0033:0x7f2dd758f749 [ 510.618293][ T9282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.637887][ T9282] RSP: 002b:00007f2dd846c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 510.646323][ T9282] RAX: ffffffffffffffda RBX: 00007f2dd77e5fa0 RCX: 00007f2dd758f749 [ 510.654281][ T9282] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 510.662232][ T9282] RBP: 00007f2dd7613f91 R08: 0000000000000000 R09: 0000000000000000 [ 510.670210][ T9282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 510.678179][ T9282] R13: 00007f2dd77e6038 R14: 00007f2dd77e5fa0 R15: 00007ffd9e324508 [ 510.686171][ T9282] [ 510.689680][ T9282] Kernel Offset: disabled [ 510.693999][ T9282] Rebooting in 86400 seconds..